· 6 years ago · Jul 09, 2019, 02:45 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.inoue-kujira.com ISP GMO Internet,Inc
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Tokyo Local time 09 Jul 2019 11:16 JST
8City Tokyo Postal Code 102-0082
9IP Address 157.7.107.254 Latitude 35.688
10 Longitude 139.753
11======================================================================================================================================
12#######################################################################################################################################
13> www.inoue-kujira.com
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: www.inoue-kujira.com
19Address: 157.7.107.254
20>
21#######################################################################################################################################
22 Domain Name: INOUE-KUJIRA.COM
23 Registry Domain ID: 1344116512_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.discount-domain.com
25 Registrar URL: http://gmo.jp
26 Updated Date: 2018-10-29T22:33:50Z
27 Creation Date: 2007-11-29T00:35:27Z
28 Registry Expiry Date: 2019-11-29T00:35:27Z
29 Registrar: GMO Internet, Inc. d/b/a Onamae.com
30 Registrar IANA ID: 49
31 Registrar Abuse Contact Email: abuse@gmo.jp
32 Registrar Abuse Contact Phone: +81.337709199
33 Domain Status: ok https://icann.org/epp#ok
34 Name Server: UNS01.LOLIPOP.JP
35 Name Server: UNS02.LOLIPOP.JP
36 DNSSEC: unsigned
37#######################################################################################################################################
38Domain Name: inoue-kujira.com
39Registry Domain ID: 1344116512_DOMAIN_COM-VRSN
40Registrar WHOIS Server: whois.discount-domain.com
41Registrar URL: http://www.onamae.com
42Updated Date: 2019-06-15T00:00:00Z
43Creation Date: 2007-11-29T00:00:00Z
44Registrar Registration Expiration Date: 2019-11-29T00:00:00Z
45Registrar: GMO INTERNET, INC.
46Registrar IANA ID: 49
47Registrar Abuse Contact Email: abuse@gmo.jp
48Registrar Abuse Contact Phone: +81.337709199
49Domain Status: ok https://icann.org/epp#ok
50Registry Registrant ID: Not Available From Registry
51Registrant Name: kazunori shimasaki
52Registrant Organization: link. corporation
53Registrant Street: 4-1 kouzenmachi
54Registrant Street: kouzenbiru7F
55Registrant City: nagasaki-shi
56Registrant State/Province: Nagasaki
57Registrant Postal Code: 850-0032
58Registrant Country: JP
59Registrant Phone: +81.958208344
60Registrant Phone Ext:
61Registrant Fax: +81.958208554
62Registrant Fax Ext:
63Registrant Email: info@link-co.jp
64Registry Admin ID: Not Available From Registry
65Admin Name: kazunori shimasaki
66Admin Organization: link. corporation
67Admin Street: 4-1 kouzenmachi
68Admin Street: kouzenbiru7F
69Admin City: nagasaki-shi
70Admin State/Province: Nagasaki
71Admin Postal Code: 850-0032
72Admin Country: JP
73Admin Phone: +81.958208344
74Admin Phone Ext:
75Admin Fax: +81.958208554
76Admin Fax Ext:
77Admin Email: pref@link-co.jp
78Registry Tech ID: Not Available From Registry
79Tech Name: kazunori shimasaki
80Tech Organization: link. corporation
81Tech Street: 4-1 kouzenmachi
82Tech Street: kouzenbiru7F
83Tech City: nagasaki-shi
84Tech State/Province: Nagasaki
85Tech Postal Code: 850-0032
86Tech Country: JP
87Tech Phone: +81.958208344
88Tech Phone Ext:
89Tech Fax: +81.958208554
90Tech Fax Ext:
91Tech Email: pref@link-co.jp
92Name Server: uns01.lolipop.jp
93Name Server: uns02.lolipop.jp
94DNSSEC: unsigned
95#######################################################################################################################################
96[+] Target : www.inoue-kujira.com
97
98[+] IP Address : 157.7.107.254
99
100[+] Headers :
101
102[+] Date : Tue, 09 Jul 2019 02:34:24 GMT
103[+] Content-Type : text/html
104[+] Content-Length : 2114
105[+] Connection : keep-alive
106[+] Last-Modified : Fri, 11 Jul 2008 00:24:49 GMT
107[+] Accept-Ranges : none
108[+] Vary : Range,Accept-Encoding
109[+] Content-Encoding : gzip
110[+] Server : Apache
111
112[+] SSL Certificate Information :
113
114[-] SSL is not Present on Target URL...Skipping...
115
116[+] Whois Lookup :
117
118[+] NIR : {'query': '157.7.107.254', 'raw': None, 'nets': [{'cidr': '157.7.106.0/23', 'name': 'GMO Pepabo, Inc.', 'handle': 'PB-HOSTING', 'range': '157.7.106.1 - 157.7.107.255', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': ['sv.madame.jp', 'dns2.lolipop.jp'], 'created': None, 'updated': '2015-02-18T01:26:04', 'contacts': {'admin': {'email': 'gmo-idc@ml.pepabo.com', 'organization': 'GMO Pepabo, Inc.', 'division': 'pepabo-hosting', 'phone': '092-713-7999', 'fax': '092-713-7944', 'updated': '2015-04-27T12:41:04'}, 'tech': {'email': 'gmo-idc@ml.pepabo.com', 'organization': 'GMO Pepabo, Inc.', 'division': 'pepabo-hosting', 'phone': '092-713-7999', 'fax': '092-713-7944', 'updated': '2015-04-27T12:41:04'}}}]}
119[+] ASN Registry : apnic
120[+] ASN : 7506
121[+] ASN CIDR : 157.7.64.0/18
122[+] ASN Country Code : JP
123[+] ASN Date : 1992-08-14
124[+] ASN Description : INTERQ GMO Internet,Inc, JP
125[+] cidr : 157.7.32.0/19, 157.7.64.0/18, 157.7.128.0/17
126[+] name : interQ
127[+] handle : JNIC1-AP
128[+] range : 157.7.32.0 - 157.7.255.255
129[+] description : GMO Internet, Inc.
130CERULEAN TOWER,26-1 Sakuragaoka-cho,Shibuya-ku,Tokyo 150-8512,Japan
131[+] country : JP
132[+] state : None
133[+] city : None
134[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
135Chiyoda-ku, Tokyo 101-0047, Japan
136[+] postal_code : None
137[+] emails : ['abuse@gmo.jp', 'hostmaster@nic.ad.jp']
138[+] created : None
139[+] updated : None
140
141[+] Crawling Target...
142
143[+] Looking for robots.txt........[ Not Found ]
144[+] Looking for sitemap.xml.......[ Not Found ]
145[+] Extracting CSS Links..........[ 1 ]
146[+] Extracting Javascript Links...[ 0 ]
147[+] Extracting Internal Links.....[ 0 ]
148[+] Extracting External Links.....[ 3 ]
149[+] Extracting Images.............[ 16 ]
150
151[+] Total Links Extracted : 20
152
153[+] Dumping Links in /opt/FinalRecon/dumps/www.inoue-kujira.com.dump
154[+] Completed!
155#######################################################################################################################################
156[+] Starting At 2019-07-08 22:34:56.089089
157[+] Collecting Information On: inoue-kujira.com
158[#] Status: 200
159--------------------------------------------------
160[#] Web Server Detected: Apache
161[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
162- Date: Tue, 09 Jul 2019 02:34:58 GMT
163- Content-Type: text/html
164- Content-Length: 2114
165- Connection: keep-alive
166- Last-Modified: Fri, 11 Jul 2008 00:24:49 GMT
167- Accept-Ranges: none
168- Vary: Range,Accept-Encoding
169- Content-Encoding: gzip
170- Server: Apache
171--------------------------------------------------
172[#] Finding Location..!
173[#] as: AS7506 GMO Internet,Inc
174[#] city: Shibuya
175[#] country: Japan
176[#] countryCode: JP
177[#] isp: GMO Internet, Inc
178[#] lat: 35.6565
179[#] lon: 139.701
180[#] org: GMO Internet, Inc.
181[#] query: 157.7.107.254
182[#] region: 13
183[#] regionName: Tokyo
184[#] status: success
185[#] timezone: Asia/Tokyo
186[#] zip: 150-0031
187--------------------------------------------------
188[x] Didn't Detect WAF Presence on: http://inoue-kujira.com/
189--------------------------------------------------
190[#] Starting Reverse DNS
191[!] Found 1 any Domain
192- inoue-kujira.com
193--------------------------------------------------
194[!] Scanning Open Port
195[#] 80/tcp open http
196[#] 443/tcp open https
197--------------------------------------------------
198[+] Collecting Information Disclosure!
199#######################################################################################################################################
200[i] Scanning Site: http://www.inoue-kujira.com
201
202
203
204B A S I C I N F O
205====================
206
207
208[+] Site Title: ������̔��̈�㏤�X
209[+] IP address: 157.7.107.254
210[+] Web Server: Apache
211[+] CMS: Could Not Detect
212[+] Cloudflare: Not Detected
213[+] Robots File: Could NOT Find robots.txt!
214#######################################################################################################################################
215
216
217
218W H O I S L O O K U P
219========================
220
221 Domain Name: INOUE-KUJIRA.COM
222 Registry Domain ID: 1344116512_DOMAIN_COM-VRSN
223 Registrar WHOIS Server: whois.discount-domain.com
224 Registrar URL: http://gmo.jp
225 Updated Date: 2018-10-29T22:33:50Z
226 Creation Date: 2007-11-29T00:35:27Z
227 Registry Expiry Date: 2019-11-29T00:35:27Z
228 Registrar: GMO Internet, Inc. d/b/a Onamae.com
229 Registrar IANA ID: 49
230 Registrar Abuse Contact Email: abuse@gmo.jp
231 Registrar Abuse Contact Phone: +81.337709199
232 Domain Status: ok https://icann.org/epp#ok
233 Name Server: UNS01.LOLIPOP.JP
234 Name Server: UNS02.LOLIPOP.JP
235 DNSSEC: unsigned
236#######################################################################################################################################
237
238
239G E O I P L O O K U P
240=========================
241
242[i] IP Address: 157.7.107.254
243[i] Country: Japan
244[i] State: Tokyo
245[i] City: Tokyo
246[i] Latitude: 35.6882
247[i] Longitude: 139.7532
248#######################################################################################################################################
249
250
251
252H T T P H E A D E R S
253=======================
254
255
256[i] HTTP/1.1 200 OK
257[i] Date: Tue, 09 Jul 2019 02:34:26 GMT
258[i] Content-Type: text/html
259[i] Content-Length: 6091
260[i] Connection: close
261[i] Last-Modified: Fri, 11 Jul 2008 00:24:49 GMT
262[i] Accept-Ranges: none
263[i] Vary: Range,Accept-Encoding
264[i] Server: Apache
265#######################################################################################################################################
266
267
268
269D N S L O O K U P
270===================
271
272inoue-kujira.com. 599 IN A 157.7.107.254
273inoue-kujira.com. 21599 IN NS uns02.lolipop.jp.
274inoue-kujira.com. 599 IN MX 10 mx01.lolipop.jp.
275inoue-kujira.com. 21599 IN NS uns01.lolipop.jp.
276inoue-kujira.com. 21599 IN SOA uns01.lolipop.jp. admin.madame.jp. 2007112926 60 3600 1209600 86400
277#######################################################################################################################################
278
279
280
281S U B N E T C A L C U L A T I O N
282====================================
283
284Address = 157.7.107.254
285Network = 157.7.107.254 / 32
286Netmask = 255.255.255.255
287Broadcast = not needed on Point-to-Point links
288Wildcard Mask = 0.0.0.0
289Hosts Bits = 0
290Max. Hosts = 1 (2^0 - 0)
291Host Range = { 157.7.107.254 - 157.7.107.254 }
292#######################################################################################################################################
293
294
295N M A P P O R T S C A N
296============================
297
298Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 02:34 UTC
299Nmap scan report for inoue-kujira.com (157.7.107.254)
300Host is up (0.16s latency).
301rDNS record for 157.7.107.254: 157-7-107-254.virt.lolipop.jp
302
303PORT STATE SERVICE
30421/tcp filtered ftp
30522/tcp filtered ssh
30623/tcp filtered telnet
30780/tcp open http
308110/tcp filtered pop3
309143/tcp filtered imap
310443/tcp open https
3113389/tcp filtered ms-wbt-server
312
313Nmap done: 1 IP address (1 host up) scanned in 2.54 seconds
314#######################################################################################################################################
315
316
317S U B - D O M A I N F I N D E R
318==================================
319
320
321[i] Total Subdomains Found : 1
322
323[+] Subdomain: www.inoue-kujira.com
324[-] IP: 157.7.107.254
325#######################################################################################################################################
326Enter Address Website = inoue-kujira.com
327
328
329
330Reversing IP With HackTarget 'inoue-kujira.com'
331--------------------------------------------------
332
333[+] 000khz.com
334[+] 1a-honyaku.com
335[+] 1kke.net
336[+] 1step.blue
337[+] 1st-stroke.com
338[+] 1-chu.com
339[+] 1-maru.com
340[+] 2nd-option.com
341[+] 3mast.jp
342[+] 3r-kanto.com
343[+] 5dan-farm.com
344[+] 5kita.com
345[+] 5w-1h.com
346[+] 5-16-102hairdesignhare.com
347[+] 7a.m-takumi.net
348[+] 7b.m-takumi.net
349[+] 7cry.xyz
350[+] 7c.m-takumi.net
351[+] 8meets.com
352[+] 9aria.com
353[+] 010-1.com
354[+] 10-2.net
355[+] 10-24.net
356[+] 12win.jp
357[+] 15ya.in
358[+] 18k.jp
359[+] 18-k.net
360[+] 30dai40dai.com
361[+] 38.henhao.org
362[+] 52bros.com
363[+] 53-73.com
364[+] 55surf.com
365[+] 00072.com
366[+] 94biki.com
367[+] 99league.net
368[+] 108.chu.jp
369[+] 119.55surf.com
370[+] 141picture.com
371[+] 157-7-107-254.virt.lolipop.jp
372[+] 0293.7236.info
373[+] 310.enirvana.biz
374[+] 356.biz
375[+] 419speed.net
376[+] 428km.com
377[+] 510ysk.com
378[+] 518bz.net
379[+] 708bamboo.net
380[+] 777.velvet.jp
381[+] 1480.xyz
382[+] 2001mediagroup.com
383[+] 2013bestinvestguide.com
384[+] 2434.love
385[+] 3839.henhao.org
386[+] 7236.info
387[+] 8004tennis.com
388[+] 9877m.com
389[+] 89314.jp
390[+] 713857.com
391[+] 2243992.com
392[+] 22350051ee532d93.lolipop.jp
393[+] 900000009.net
394[+] aaa-mall.com
395[+] aanoya.com
396[+] aa-co.net
397[+] abcsalon.jp
398[+] abendvideo.com
399[+] abri2012.com
400[+] achievingsuccessfromhome.com
401[+] acid-lactic-bacteria.com
402[+] actnetwork.info
403[+] actstep.com
404[+] acty.mobi
405[+] acup-exp.com
406[+] acuto.biz
407[+] ac-tech.net
408[+] add-ss.com
409[+] adi.ac.jp
410[+] adl.sc
411[+] adoeisen.com
412[+] adsense-v1-rental.com
413[+] adultexpo.jp
414[+] advertisenow.info
415[+] adym1.com
416[+] ad-affiliate.jp
417[+] ad-smtp.com
418[+] ad-venture.jp
419[+] affiliate.ara.black
420[+] affili-infosaru.com
421[+] afinet.red
422[+] after-days.net
423[+] agata-gakuen.com
424[+] ageha.vip
425[+] aguni.org
426[+] ag-ex.com
427[+] ahalan-sahalan.info
428[+] aha.7236.info
429[+] ahodesigns.com
430[+] ah-craft.com
431[+] aiauto.jp
432[+] aidai-keiei.com
433[+] aikij.com
434[+] airconfukuoka.com
435[+] air-craft-carrier.com
436[+] aiscc.org
437[+] aise-deux.net
438[+] ajroom.com
439[+] akakatsuyu.net
440[+] akanechan.umedatakumi.com
441[+] akihitoohnami.com
442[+] akimurayuki.com
443[+] akirakashima.com
444[+] akiramusic2.com
445[+] akitadansei.com
446[+] akitsuya.com
447[+] aki-works.info
448[+] ak-artsmanagement.com
449[+] ak-iam.com
450[+] ak-musicacademy.com
451[+] ak-musicacademy-kids.com
452[+] algas.jp
453[+] alldenka-jkt.com
454[+] alls-net.com
455[+] alnico-ls.com
456[+] aloha-k.com
457[+] alps-souzoku.com
458[+] alrescha.jp
459[+] alter-energy.net
460[+] altrendy.com
461[+] am330.com
462[+] ama.afinet.red
463[+] amanoemi.com
464[+] amarojik.com
465[+] amasakeyamaru.com
466[+] amayachi.com
467[+] amberpearl-jewel.com
468[+] amemiyan.com
469[+] amenity-ire.com
470[+] americanboyfriend.com
471[+] ametobi.com
472[+] amizo.net
473[+] am-c.org
474[+] am-japan.com
475[+] anabukishokai.com
476[+] anan-iroha.com
477[+] andgreen.net
478[+] angelbell.co.uk
479[+] angelbell.net
480[+] angelic-space.com
481[+] angels-h.info
482[+] angel-no-kai.com
483[+] anikam.net
484[+] animal-club.link
485[+] anloop.com
486[+] antiaging-bbs.com
487[+] antony-nose.net
488[+] anyato-do.com
489[+] aoitori-aroma.info
490[+] aoiumi.tokyo
491[+] aoi-15days.com
492[+] aokidc.com
493[+] aomori.top
494[+] aomoripetreien.com
495[+] aosans.com
496[+] aotaten-kaitori.com
497[+] aoyamagakku.lolipop.jp
498[+] aphrodita-tokyo.com
499[+] apied-kyoto.com
500[+] apt-planning.info
501[+] aqsakana.com
502[+] aquaservice-t.net
503[+] aqua.hitsuji-design.jp
504[+] ara.black
505[+] arahiro.info
506[+] araimika.com
507[+] araka.org
508[+] arakata.net
509[+] araside.net
510[+] archess88.com
511[+] archixxx.jp
512[+] arc-tv.com
513[+] argle-as.com
514[+] aribai-focus.com
515[+] arinco-works.com
516[+] arizona-highway.net
517[+] arnev.jp
518[+] aroma-plant.com
519[+] aroma-switch.main.jp
520[+] arosetea4two.com
521[+] aroundbeautyclub.com
522[+] arpege-blog.ginger-works.com
523[+] arpege-pr.ginger-works.com
524[+] arrowyet.com
525[+] artaio-shop.com
526[+] arteasakusa.com
527[+] arteline.net
528[+] artfile-s.com
529[+] artmediate.net
530[+] artpaintfreedom.com
531[+] artric.net
532[+] arukun.net
533[+] arutobenri.com
534[+] asahikawa.org
535[+] asahi-kawasumi.com
536[+] asakagu.com
537[+] asakusa-sakura.com
538[+] asamura-ichigo.com
539[+] ashigarutai.com
540[+] ashiyahama.com
541[+] asianplasticparty.com
542[+] asianrj.com
543[+] asia-komichi.aikij.com
544[+] asiwadahotel.co.jp
545[+] asloudaspossible.org
546[+] aso-inoue.com
547[+] aspa-osaka.com
548[+] assistoa.com
549[+] assist-jp.info
550[+] associatedfactoring.com
551[+] assortment.jp
552[+] astel.me
553[+] asuka.northvillage.jp
554[+] asukasasamoto.com
555[+] asuka-home.net
556[+] asuka-koubai.com
557[+] as-exceed.com
558[+] as-nr.com
559[+] atelierdecale.net
560[+] atelieria.jp
561[+] atelierk-y.com
562[+] atelier-brightrose.com
563[+] atelier-haco.com
564[+] atelier-m-design.com
565[+] atelier-ryo.com
566[+] atelo-cosmetic.com
567[+] atmos-dining.com
568[+] atopi.info
569[+] atoriehimawari.com
570[+] atorie-sou.jp
571[+] atro.jp
572[+] ats0606.com
573[+] atsukoikuta.com
574[+] atsushiyagi.com
575[+] attocosme.net
576[+] attombri.com
577[+] atuy-un-to.com
578[+] atziluth.net
579[+] at-home101.net
580[+] at-mosphere.net
581[+] at-penguin.com
582[+] auf.co.jp
583[+] aunil.com
584[+] aura-p.com
585[+] austrianculture.jp
586[+] auto2000.cc
587[+] avenir-bar.com
588[+] averyrow.jp
589[+] avvent.club
590[+] av-navi.co.jp
591[+] awaben.info
592[+] awaichiba.com
593[+] axis-net.jp
594[+] axiz-host.com
595[+] ay2.biz
596[+] ayakaze-madoito.com
597[+] ayamijuku.com
598[+] aya-yoga.info
599[+] ayshas-eye.com
600[+] ayurayus.com
601[+] azamiagent.com
602[+] azamidental.com
603[+] azami-dc.com
604[+] azumino.mt-museum.jp
605[+] a-9.com
606[+] a-ai.info
607[+] a-clump.com
608[+] a-d-factory.com
609[+] a-k-k-a.com
610[+] a-ma-facon.com
611[+] a-nakayoshi.net
612[+] a-republic.com
613[+] a-shinyu.com
614[+] a-tsumeru.com
615[+] a-works.jp
616[+] b96.jp
617[+] baba-dc.jp
618[+] baby.henhao.org
619[+] babychou.jp
620[+] babyfinder.org
621[+] babytriplover.com
622[+] bace.camp
623[+] bace.work
624[+] baigetudou.com
625[+] bali-surfersparadise.com
626[+] ballet-w.info
627[+] ballss.net
628[+] bambi100.com
629[+] ban796.com
630[+] bankeigama.com
631[+] banyu.info
632[+] bar-granreserva.com
633[+] bassasasaki.com
634[+] ba-ne.net
635[+] bbbby.net
636[+] bbportal.brands-bank.com
637[+] bcporter.com
638[+] beadedflower.com
639[+] beat-system.net
640[+] beat-system.upper.jp
641[+] beautifulfeather.com
642[+] beauty-bon.com
643[+] beauty-busan.net
644[+] beauty-seoul.net
645[+] bellabellabella13.com
646[+] bellino.tokyo
647[+] bello-3.com
648[+] bene-ltd.com
649[+] bengal-bay-club.com
650[+] benri.co.uk
651[+] benri.tobenko.com
652[+] benridanyan.tokyo
653[+] benridawan.tokyo
654[+] benriyatomo.com
655[+] benri-access.com
656[+] bersinar-medewi.com
657[+] bestwine.tokyo.jp
658[+] best-effort.biz
659[+] beyondedge.net
660[+] be-hair.net
661[+] bhm-as.com
662[+] biba-minami.com
663[+] biguest.com
664[+] bihadasuteki.com
665[+] bike.ikuranet.com
666[+] bike-cowcow.com
667[+] biocoal.jp
668[+] biomarco.com
669[+] biora.jp
670[+] biowl.com
671[+] biscuitmusic.com
672[+] bisyamonten-shibuya.com
673[+] bitcoin-ask.com
674[+] biz.fournetclub.com
675[+] bizen-ike.biz
676[+] bizs.jp
677[+] bi-qi.net
678[+] blackwatersmetal.net
679[+] blanca.co.jp
680[+] blanche0.net
681[+] blog.happyhouse.school
682[+] blog.nurufuwa.com
683[+] blog.sumoken.com
684[+] blog.tobenko.com
685[+] blog2.bankeigama.com
686[+] blog.10-24.net
687[+] blog.518bz.net
688[+] blog.hitsuji-design.jp
689[+] blog.n-apc.com
690[+] blog.oyster-aoyama.com
691[+] bloom.miaul.net
692[+] blueheat.jp
693[+] bluesalon.net
694[+] bluesring.digitalfruits.com
695[+] bluetas.net
696[+] blue-factory.jp
697[+] blue-garden.net
698[+] bodhyinc.com
699[+] bon-mari.com
700[+] boocreation.com
701[+] bookcoverten.com
702[+] bookkaba.lolipop.jp
703[+] bookofdays.jp
704[+] book-akiba.com
705[+] bossa-a-beca.com
706[+] bowwowcare.com
707[+] bpbody.com
708[+] brands-bank.com
709[+] brb-gr.com
710[+] breakcats.com
711[+] brian-brew.com
712[+] bridol.net
713[+] bring-luck.com
714[+] brossurf.com
715[+] bsconsul.b96.jp
716[+] bsum.tourismethics.org
717[+] bs-1.jp
718[+] btg101.com
719[+] busevipsalon.com
720[+] businessplan.jp
721[+] busyworks.net
722[+] bus-ibaraki.jp
723[+] byxx.shop
724[+] b-atami.com
725[+] b-field.info
726[+] b-fla.net
727[+] b-gene.com
728[+] b-loop.com
729[+] b-m-rokkou.com
730[+] b-wedge.com
731[+] cafeboosan.com
732[+] cafecible.com
733[+] cafe-naturellement.com
734[+] cafe-ryupeco-com.jp
735[+] cafe-suzuki.totoumi.com
736[+] cagiu.com
737[+] calasur.info
738[+] calvin.org
739[+] campbase.jp
740[+] canary69.com
741[+] candystore-rock.net
742[+] canful-megane.com
743[+] cankun.biz
744[+] cantaman.com
745[+] canvasofdreams.com
746[+] capital-union.com
747[+] capsule-1.com
748[+] cap-kobe.com
749[+] cap.7236.info
750[+] car.svalue.net
751[+] caragentmutsumi.com
752[+] carlife-topic.net
753[+] carneya.net
754[+] carrotjuice.jp
755[+] cartrust.jp
756[+] car.m-takumi.net
757[+] cashing.2001mediagroup.com
758[+] cashmoa.m-takumi.net
759[+] cashmob.m-takumi.net
760[+] cashmoc.m-takumi.net
761[+] cashmod.m-takumi.net
762[+] cashmog.m-takumi.net
763[+] cashmo.m-takumi.net
764[+] cassiopeiatherapy.com
765[+] casual-hunt.com
766[+] catcountry999.com
767[+] cbfkk.com
768[+] ccforum.jp
769[+] ccjurist-rikon.com
770[+] cc-megumi.com
771[+] ceco.co.jp
772[+] cellphone.svalue.net
773[+] central-noise-voice.school
774[+] ceylanika.com
775[+] chaddsfordpa.net
776[+] chai-hana.net
777[+] change.ara.black
778[+] channelcinema.com
779[+] character.ifmediaoffice.com
780[+] charliehalpern.com
781[+] chawanya-k.com
782[+] cheap-canadagoose.com
783[+] chelsea-ny.com
784[+] chiakimiyagawa.com
785[+] chibashi.chorishikai.com
786[+] chiba-hs-volleyball.com
787[+] chiesmonet.com
788[+] china-ip.biz
789[+] chinese-nihao.com
790[+] chintai.bene-ltd.com
791[+] chiro-office.com
792[+] chirpieapp.com
793[+] chocoblossom.jp
794[+] chocottomarket.xyz
795[+] chokorin.com
796[+] chorishikai.com
797[+] choseikan.com
798[+] chouette.jp
799[+] chousei-yu.com
800[+] choya-web.com
801[+] cho-zen.jp
802[+] christopherallandiadora.com
803[+] chukai.net
804[+] chulala-box.net
805[+] churayado.com
806[+] cinq-etoiles.net
807[+] circle-ken.com
808[+] clark-shop.info
809[+] classedelafleur.com
810[+] classic-midi.com
811[+] cleanel.com
812[+] clickmemagazine.com
813[+] climbing-park.com
814[+] cloudfarm.tokyo
815[+] clover-kids.jp
816[+] clownbee.com
817[+] club.svalue.net
818[+] club-deep.net
819[+] clvs.info
820[+] cm.suvaru.com
821[+] cmv-sons.com
822[+] coaching-mam.com
823[+] coccoland.jp
824[+] cococi-jp.com
825[+] coconut-cups.com
826[+] cocoro888.com
827[+] cocorogenki.net
828[+] codomo.info
829[+] coffeebeans-cafe.com
830[+] coffeeyu-a.com
831[+] coiru.com
832[+] cokawano.com
833[+] collection.puptap.net
834[+] colombo.jp
835[+] colorshome.net
836[+] colors-fuk.com
837[+] color-cher.com
838[+] color-concept.net
839[+] communications.jp
840[+] communitymedia.jp
841[+] companyslave.jp
842[+] comprarcialis-es.net
843[+] concre.jp
844[+] contact04.m-takumi.net
845[+] contact07.m-takumi.net
846[+] contact09.m-takumi.net
847[+] contact15.m-takumi.net
848[+] contact19.m-takumi.net
849[+] contact21.m-takumi.net
850[+] contact24.m-takumi.net
851[+] contact25.m-takumi.net
852[+] contact26.m-takumi.net
853[+] contact27.m-takumi.net
854[+] contact28.m-takumi.net
855[+] contact29.m-takumi.net
856[+] contact.m-takumi.net
857[+] contec-b.com
858[+] contrastee.com
859[+] cookhome21.com
860[+] coolheart.co.jp
861[+] core-tuning.com
862[+] cosmos.henhao.org
863[+] cosmos-kodomo.com
864[+] cosmo-salon.com
865[+] cosy.jp
866[+] cos-love.net
867[+] cos-ns01.m-takumi.net
868[+] cos-ns02.m-takumi.net
869[+] cos-ns04.m-takumi.net
870[+] cos-ns06.m-takumi.net
871[+] cos-ns08.m-takumi.net
872[+] cos-ns09.m-takumi.net
873[+] cos-ns10.m-takumi.net
874[+] cos-ns13.m-takumi.net
875[+] cos-ns14.m-takumi.net
876[+] cos-ns15.m-takumi.net
877[+] cos-ns16.m-takumi.net
878[+] cos-ns17.m-takumi.net
879[+] cos-ns18.m-takumi.net
880[+] cos-ns20.m-takumi.net
881[+] cos-ns23.m-takumi.net
882[+] cos-ns24.m-takumi.net
883[+] cos-ns25.m-takumi.net
884[+] cos-ns30.m-takumi.net
885[+] cos-ns31.m-takumi.net
886[+] cos-ns34.m-takumi.net
887[+] cos-ns35.m-takumi.net
888[+] cos-ns.m-takumi.net
889[+] coto5.info
890[+] counselingroom-u.com
891[+] country-terrace.jp
892[+] coxae.ikuranet.com
893[+] cpj-co.com
894[+] crafts-and-around.org
895[+] crane-nishi.com
896[+] crane-nishi.lolipop.jp
897[+] creator-tokai.net
898[+] crecla-tenri.jp
899[+] crisia-service.com
900[+] crowntownhandmade.com
901[+] crypto-air.net
902[+] crypto-air.site
903[+] crypto-air.tk
904[+] crypto-air.xyz
905[+] cr-chromium.info
906[+] csf-yamamoto.com
907[+] csy-aota.com
908[+] cts-car.net
909[+] cts-kumamoto.com
910[+] cube.ara.black
911[+] cuchica.com
912[+] cucrfc.com
913[+] currymaha.com
914[+] customize-mode.com
915[+] custom-project.jp
916[+] cute.ciao.jp
917[+] cutty23.com
918[+] cvs.main.jp
919[+] cyclefix.jp
920[+] cycleshop-fun.com
921[+] cytokines2012.org
922[+] c-kurinoki.com
923[+] c-material.com
924[+] c-mjc.com
925[+] c-real.jp
926[+] d.momokuma.com
927[+] dadaflora.com
928[+] dadaflora.lolipop.jp
929[+] dai8shinkei.org
930[+] daihei.jp
931[+] daihokukotsuzai.com
932[+] daiho-oil.com
933[+] daiichi-shokai.com
934[+] daijo.net
935[+] daiki-sekimizu.com
936[+] daikokubashira.com
937[+] daikokuya-home.com
938[+] daikon-ts.com
939[+] daiku.yuukuuhome.com
940[+] daily37.com
941[+] daimonjiya.com
942[+] dainanakikaku.jp
943[+] daisuki.biz
944[+] daitosystem.com
945[+] daitoukai.jp
946[+] daito-kengyo.com
947[+] dalhan.com
948[+] danbou.info
949[+] dance-lawyers.com
950[+] danchi-rose.info
951[+] dartagnan696.com
952[+] datejun16.net
953[+] daus.jp
954[+] day-clover.com
955[+] day-habataki.com
956[+] dchanto.com
957[+] de.germancouncil.co.jp
958[+] dear-c.jp
959[+] decoycell.biz
960[+] deep-impact.jp
961[+] dee-plus.com
962[+] dekasegihoshou.net
963[+] delica-top1.com
964[+] demo.funneloflife.com
965[+] densuke.com
966[+] desaki.com
967[+] designgallery.info
968[+] designoffice-interstate.com
969[+] design-unltd.com
970[+] dev.joshua-es.com
971[+] de-ee.jp
972[+] diamondshiga.com
973[+] diary.tobenko.com
974[+] dicks.jp
975[+] diet.ara.black
976[+] diet.fournetclub.com
977[+] diet.svalue.net
978[+] diet-hotyoga.org
979[+] diet-mb.m-takumi.net
980[+] diet-mg.m-takumi.net
981[+] diet-mi.m-takumi.net
982[+] diet-mm.m-takumi.net
983[+] diet-mo.m-takumi.net
984[+] diet-m.m-takumi.net
985[+] diet.m-takumi.net
986[+] diff-v.com
987[+] digitalfruits.com
988[+] digiyas.com
989[+] dingdong-bell.com
990[+] dining-waka.com
991[+] dinnershows.biz
992[+] disq.santaro3.com
993[+] divebase-paradise.com
994[+] dl.kawac.net
995[+] dless-hair.com
996[+] dobrojutro.net
997[+] doctorsuzuki.net
998[+] dogfood.co.jp
999[+] dogyoga-wan.com
1000[+] dohkenkyo.net
1001[+] doikaori.com
1002[+] doizaki.jp
1003[+] dolcezza-mn.com
1004[+] dorapro.com
1005[+] dorasute.net
1006[+] doro-kanagawa.org
1007[+] double-veil.net
1008[+] dp01152722.lolipop.jp
1009[+] dp06195108.lolipop.jp
1010[+] dp11086327.lolipop.jp
1011[+] dp47191191.lolipop.jp
1012[+] dp48035381.lolipop.jp
1013[+] dp49238861.lolipop.jp
1014[+] dp59048423.lolipop.jp
1015[+] dp-yc.com
1016[+] dr.eternite.biz
1017[+] dragonfx.site
1018[+] dragontalk.com
1019[+] dreamdrive.jp
1020[+] dreamersclub.net
1021[+] dreamscometours.com
1022[+] dream-face.com
1023[+] dream-face.mods.jp
1024[+] dream-piece.com
1025[+] drylab.info
1026[+] dr-three.com
1027[+] dtable-singlehouse.net
1028[+] dtaiwan.northvillage.jp
1029[+] dtm-creator.com
1030[+] duffyjp.com
1031[+] dukeswesthollywood.com
1032[+] duke-smile.com
1033[+] d-color.com
1034[+] d-labo-consulting.com
1035[+] d-lop.jp
1036[+] e.hghs.jp
1037[+] e10c.com
1038[+] eac-h.jp
1039[+] earthspace.jp
1040[+] ebinatokyo.com
1041[+] ebs.suvaru.com
1042[+] echiichi.org
1043[+] eclo.biz
1044[+] ecoecomirai.com
1045[+] econavito.org
1046[+] ecopro-nagoya.com
1047[+] ecorreo.org
1048[+] ecosfactory.jp
1049[+] eco-onken.com
1050[+] edokomon-daimatsu.com
1051[+] education.kyoto-runlab.com
1052[+] ed-ing-post.com
1053[+] eec-study.com
1054[+] eheart.co.jp
1055[+] elcetra.com
1056[+] elegirl.net
1057[+] eli7e.com
1058[+] elise.in
1059[+] eluda-counseling.net
1060[+] el-koyo.com
1061[+] emblemania.jp
1062[+] embryo-miyazaki.com
1063[+] emeraldsphere.net
1064[+] emo-pro.co.jp
1065[+] empire-ensemble.net
1066[+] ems-ad.biz
1067[+] ems-japan.com
1068[+] em-family.com
1069[+] endoharikyu.com
1070[+] eneport.com
1071[+] english.jee.jp
1072[+] englishnavi.net
1073[+] enirvana.biz
1074[+] enjoy-fx.club
1075[+] enkaisenka.com
1076[+] enkai-annai.com
1077[+] enlair.net
1078[+] enshu-jomin.org
1079[+] enzymedrink.net
1080[+] enzymefacewash.com
1081[+] en-carre.com
1082[+] eos-fan.com
1083[+] epoch-21.com
1084[+] ep-supply.com
1085[+] equal-store.com
1086[+] eririn.com
1087[+] ernet.jp
1088[+] er-coco.com
1089[+] er-home.net
1090[+] esaka-kuboclinic.com
1091[+] espe-ranza.com
1092[+] espoir.red
1093[+] esprit-design.net
1094[+] estate-sakamoto.com
1095[+] esthe-felice.jp
1096[+] esthe-ilya.com
1097[+] eternite.biz
1098[+] etincelle-ballet.com
1099[+] etoilefilante.pink
1100[+] etoile-cheese.com
1101[+] eureka-akerue.com
1102[+] every-k.com
1103[+] evodevodesign.com
1104[+] excel.ara.black
1105[+] ex-ternal.com
1106[+] eyeinstitute.net
1107[+] e-chiryosearch.com
1108[+] e-hinemos.com
1109[+] e-iina.com
1110[+] e-kamakura.com
1111[+] e-max-kobe.com
1112[+] e-nioi.jp
1113[+] e-njointuk.com
1114[+] e-rion.net
1115[+] e-saitama.org
1116[+] e-satuma.com
1117[+] e-seed.info
1118[+] e-sumi.net
1119[+] e-wayamasina.com
1120[+] e-yamakita.com
1121[+] e-yaneya.com
1122[+] f.hghs.jp
1123[+] fablabsendai-flat.com
1124[+] face2fake.jp
1125[+] faceline-labo.com
1126[+] faceline-labo.net
1127[+] fafa-tenohira.com
1128[+] fairtrade-navi.com
1129[+] fairyfairy.net
1130[+] fakefield.com
1131[+] fakestar.jp
1132[+] fanvalleycoffee.com
1133[+] farm-million.com
1134[+] faru-mori.com
1135[+] faveur-hair.com
1136[+] feelingroovy.space
1137[+] feline-groove.work
1138[+] feliz1414.com
1139[+] ferryyakusima2.com
1140[+] ffnpcs.com
1141[+] files.bluetas.net
1142[+] financial-service.jp
1143[+] fineza.jp
1144[+] fine-chiro.com
1145[+] fino-web.com
1146[+] fioretto.main.jp
1147[+] fire-emblem-heroes.site
1148[+] firot.com
1149[+] first-hand.jp
1150[+] fithood.co.jp
1151[+] fivedaysofwar.com
1152[+] fivex-golf.com
1153[+] five-star-woman.club
1154[+] fkg.jp
1155[+] flange-web.com
1156[+] flash-mob.central-noise-voice.school
1157[+] flat35.site
1158[+] flighttodenmark.com
1159[+] flrs.jp
1160[+] flyingsheep.net
1161[+] fmiyagi.com
1162[+] fneko.com
1163[+] fogmoon.net
1164[+] foiga.com
1165[+] food-sty.jp
1166[+] forest-town.jp
1167[+] forkids-sfa.com
1168[+] formed.jp
1169[+] fortythousand.com
1170[+] foryourweb.info
1171[+] fournetclub.com
1172[+] foursound.net
1173[+] fp-bestlife.com
1174[+] fp-choice.net
1175[+] fp-kouza.jp
1176[+] fp-niigata.com
1177[+] fp-writers.com
1178[+] fragmentas.jp
1179[+] freddie-ojsn.com
1180[+] freedomtrip.ikuranet.com
1181[+] freepalette.digitalfruits.com
1182[+] free-file-backup.com
1183[+] fremen.biz
1184[+] fromhere.tokyo
1185[+] frontierstrvl.com
1186[+] fruitsauce.net
1187[+] fs-lifeplan.com
1188[+] fs-planning.net
1189[+] ftc-trading.com
1190[+] fuefuki.org
1191[+] fuga-tornadomart.net
1192[+] fugushop.com
1193[+] fujimoto-fastener.com
1194[+] fujipet.com
1195[+] fujisakiyuu.biz
1196[+] fujisawa-rotary.com
1197[+] fujisawa-yeg.com
1198[+] fujishiro-k.com
1199[+] fujita16.com
1200[+] fujitapeanuts.com
1201[+] fukano-seitai.com
1202[+] fukuike-dental.jp
1203[+] fukuizyo.com
1204[+] fukuoka.lohas-people.com
1205[+] fukurokuju.net
1206[+] fukushiplaza.co.jp
1207[+] fukushi-center.com
1208[+] fukutokuji.com
1209[+] fukutomi-dental.com
1210[+] fumienne.com
1211[+] funabashi-dragon-gym.com
1212[+] funairi-gg.com
1213[+] funneloflife.com
1214[+] funtekowa.com
1215[+] furuyoshi.com
1216[+] fushigina.net
1217[+] fussa-rg.com
1218[+] futabaclub.com
1219[+] futakolife.com
1220[+] futamura-unsouten.com
1221[+] futcoin.org
1222[+] futsal-future.com
1223[+] fuyoprinting.com
1224[+] fuyouhin.jp
1225[+] fuzoku-service.info
1226[+] fu-eccm.net
1227[+] fu-tower.com
1228[+] fu-ty.com
1229[+] fwook.net
1230[+] fx.ara.black
1231[+] fx-abroad.com
1232[+] fycinci.net
1233[+] f-bf.com
1234[+] f-clione.com
1235[+] f-echino.com
1236[+] f-power.biz
1237[+] f-sakura-hs.jp
1238[+] gainet.biz
1239[+] gain-ns.com
1240[+] gakkinomori.com
1241[+] gaku-pro.com
1242[+] gallary-tensin.com
1243[+] gallery727.com
1244[+] gallerysway.com
1245[+] gallery-sio.com
1246[+] galu-miyazaki.jp
1247[+] game.kawac.net
1248[+] gamejihen.net
1249[+] gamejihen3d.net
1250[+] gamewalker.link
1251[+] ganbatte.jp
1252[+] ganesha.cc
1253[+] ganglioside.co.jp
1254[+] gaou.net
1255[+] gariaga.com
1256[+] gasc.main.jp
1257[+] gasliteestates.com
1258[+] gatita.jp
1259[+] ga-te.info
1260[+] gciworld.net
1261[+] geiyou.net
1262[+] gekipos.com
1263[+] gekiteki.link
1264[+] gengakusekkei.com
1265[+] genki-yumi.com
1266[+] genki.ksn-b.com
1267[+] germancouncil.co.jp
1268[+] getsuyokai.com
1269[+] getyourcompass.com
1270[+] giantgrammy.com
1271[+] giftsuwish.com
1272[+] gifu-exterior.com
1273[+] gifu-plus.com
1274[+] gikkuri.info
1275[+] ginganen.com
1276[+] ginga-choshi.com
1277[+] ginger-works.com
1278[+] ginzamedical-aga.com
1279[+] girls-select.net
1280[+] girls-und-panzer.com
1281[+] glad-design.jp
1282[+] glasses-r.jp
1283[+] glassstudio-hand.com
1284[+] glass-jubee.com
1285[+] gligligli.com
1286[+] gmx-jp.com
1287[+] gntnk.com
1288[+] god704.com
1289[+] gogofx.tokyo
1290[+] goldengreen.jp
1291[+] golf.gundan.net
1292[+] gomu.moo.jp
1293[+] gondoartpaint.com
1294[+] goodkarakon.info
1295[+] goodstaff-agency.com
1296[+] goo-choki-panda.com
1297[+] gorakuan.net
1298[+] gorgeousgowns.biz
1299[+] goruuma.xyz
1300[+] gosaroseikotu.com
1301[+] gotandacr.com
1302[+] gotou.tv
1303[+] gourmet.svalue.net
1304[+] grandkennel.com
1305[+] grant-inc.net
1306[+] graphlab.blue
1307[+] grimm-1.jp
1308[+] groovyint.com
1309[+] group.bene-ltd.com
1310[+] growth-japan.co.jp
1311[+] gs-fou.com
1312[+] gs-tama.com
1313[+] gttr.net
1314[+] guidedog-jp.net
1315[+] guild-art.com
1316[+] guitto.co.jp
1317[+] gundan.net
1318[+] gunnarjapan.com
1319[+] gurenheart.com
1320[+] gyarando.com
1321[+] gyoyu.com
1322[+] g-hoken.info
1323[+] g-platz.com
1324[+] g-suits.com
1325[+] g-touhi.lui-gi.com
1326[+] haa-himeji.com
1327[+] habibgroup.limited
1328[+] hachimail.jp
1329[+] hachinosu-kujo.com
1330[+] hadakamatsuri.jp
1331[+] hadakamatsuri.totoumi.com
1332[+] haga-ichouka.com
1333[+] hagiharasheet.com
1334[+] hahaha.tapo.jp
1335[+] hahatree.net
1336[+] haino-test.com
1337[+] hairmakeflow.com
1338[+] hairsalon-hana.com
1339[+] hairspace-amenita.com
1340[+] hairz.jp
1341[+] hair-cocochi.com
1342[+] hair-make-zazie.com
1343[+] haisyacenter.com
1344[+] hajimete.biz
1345[+] hakatazanmai.net
1346[+] hakkaku.org
1347[+] hakobisenka.com
1348[+] half-garden.com
1349[+] halweb.org
1350[+] hamayu-kuroshio.com
1351[+] hamusta.net
1352[+] ham-pota.net
1353[+] hanahanapon.net
1354[+] hanahiraku.com
1355[+] hanaipearl.com
1356[+] hanakaze.org
1357[+] hanakobo.biz
1358[+] hanakoganei-church.org
1359[+] hanaranman.biz
1360[+] hanashoh.com
1361[+] hanashoujo.com
1362[+] hanaya-bd.com
1363[+] hana-villa.com
1364[+] handcraftguitar.jp
1365[+] hapch.com
1366[+] haphazard.work
1367[+] happiness-odawara.com
1368[+] happychiro.com
1369[+] happyhouse.school
1370[+] happylove1.net
1371[+] happynanpa.com
1372[+] happyofks.com
1373[+] happyquest.xyz
1374[+] harahifuka.info
1375[+] hara-peko-lets.club
1376[+] hardrock-do.com
1377[+] haribotewife.xyz
1378[+] harikyu-utatane.com
1379[+] hariqshimada.com
1380[+] hariu.com
1381[+] hasegawa-jpn.net
1382[+] hashi-dental.jp
1383[+] hato810.jp
1384[+] hayataku.net
1385[+] hazukiminami.com
1386[+] healing-hearts.org
1387[+] health.svalue.net
1388[+] healthy-fat-loss-plan.com
1389[+] heart-area.com
1390[+] heiun.com
1391[+] heiwatte.com
1392[+] helenkeller-gifu.net
1393[+] helissio.co.jp
1394[+] hemukun.com
1395[+] henhao.org
1396[+] henna-attari.com
1397[+] hghs.jp
1398[+] hgvc.jp
1399[+] hidamarinote.com
1400[+] hide-my-face.com
1401[+] hifumi.uresi.org
1402[+] highstars.net
1403[+] hikarioita.net
1404[+] hikari-bibai.com
1405[+] hikkoshirakunavi.com
1406[+] hikura.info
1407[+] himauma.com
1408[+] himawari-marunouchi.com
1409[+] himehime.info
1410[+] himeji-caremanet.com
1411[+] himeji-wind.com
1412[+] hipllp.com
1413[+] hirade.jp
1414[+] hirahira-jett.com
1415[+] hiraiseikei.com
1416[+] hiro.lolipop.jp
1417[+] hirokophone.com
1418[+] hirometix.jp
1419[+] hiroshima-samurai.jp
1420[+] hiroshi-joker.net
1421[+] hiroso.com
1422[+] hiroyasukai.com
1423[+] hisa-sp.com
1424[+] hitodumanet.org
1425[+] hitohata.org
1426[+] hitotsubu.blue
1427[+] hitrip.ikuranet.com
1428[+] hitsuji-design.jp
1429[+] hiura-doll.com
1430[+] hizume.info
1431[+] hlaada.com
1432[+] hl-sa.com
1433[+] hmq.jp
1434[+] hmr-entertainment.com
1435[+] hm-humansystem.com
1436[+] hoikushinn.com
1437[+] hoizumiauto.com
1438[+] hokkokukaidou.com
1439[+] hokuriku-prefab.com
1440[+] hokuriku-prefab.lomo.jp
1441[+] holga.bz
1442[+] holistic-dental.com
1443[+] holistic-dental.net
1444[+] holp21.com
1445[+] hometechnoservice.com
1446[+] home-k.net
1447[+] honmachihiro.com
1448[+] honopro.jp
1449[+] honyaku.club
1450[+] hoopinthehood.com
1451[+] horikoshihiroyuki.com
1452[+] hoshida.net
1453[+] hosoda-fudousan.com
1454[+] hotel.svalue.net
1455[+] hotel.usagi-club.jp
1456[+] hotpot.mond.jp
1457[+] hotyoga-navi.com
1458[+] hourindou.com
1459[+] house.svalue.net
1460[+] houseiboueki.com
1461[+] howlingoldies.com
1462[+] howtoimproveenglish.info
1463[+] hp.crypto-air.site
1464[+] hrkshiragazome.net
1465[+] hulali.jp
1466[+] hunterxhuntersmoon.com
1467[+] hwcamp.gs-fou.com
1468[+] hyamato-heart.com
1469[+] h-agatsuma-mtb.com
1470[+] h-hidamari.com
1471[+] h-iroha.co.jp
1472[+] i2na.com
1473[+] i4th.co.jp
1474[+] iactokyo.jp
1475[+] iafa.tokyo.jp
1476[+] icelog.main.jp
1477[+] ichiban-do.com
1478[+] ichigeki.chu.jp
1479[+] ichika.info
1480[+] ichikoro.jp
1481[+] ichimaruni.com
1482[+] ichimatsu-menpo.com
1483[+] ichimoto.net
1484[+] ichinokura.info
1485[+] ichinoseki-m.com
1486[+] icoreate.net
1487[+] icris-setagaya.com
1488[+] idealismsound.com
1489[+] idol-bunch.com
1490[+] idress.jp
1491[+] idumiya-mutsu.com
1492[+] iegoto.live
1493[+] ieie-hayashi.com
1494[+] ifmediaoffice.com
1495[+] igaku-jiten.com
1496[+] igo-igo.net
1497[+] ihinn.com
1498[+] ih-qualities.jp
1499[+] iida-ringo.com
1500[+] iina.info
1501[+] iishina.com
1502[+] ijr-ai.com
1503[+] ikaho-navi.info
1504[+] ikeda-dent.com
1505[+] ikeda-koumu.com
1506[+] ikemenren.com
1507[+] ikuranet.chu.jp
1508[+] ikuranet.com
1509[+] ikusan.net
1510[+] illumination.main.jp
1511[+] illustrators.us
1512[+] illust-uni.com
1513[+] imahori.xyz
1514[+] imaikaguten.com
1515[+] imasen.net
1516[+] immigration-museum-tokyo.org
1517[+] impala-camp.com
1518[+] implant.baba-dc.jp
1519[+] impromotive.com
1520[+] imuzak.net
1521[+] indeeex.com
1522[+] infocart.jyouhou-ranking10.com
1523[+] infolink.info-net-hd.com
1524[+] infoneteye.com
1525[+] infospeed.main.jp
1526[+] info-glamour.net
1527[+] info-net-hd.com
1528[+] ink77.com
1529[+] inouefamilydc.com
1530[+] inoue-kujira.com
1531[+] inovation-spiritual.com
1532[+] inscrotum.net
1533[+] insight.perec.jp
1534[+] insitsu.lui-gi.com
1535[+] ins-kobe.com
1536[+] intercom-tokyo.net
1537[+] interior-ohtsuki.com
1538[+] introdesign.info
1539[+] intuition.pussycat.jp
1540[+] invest.suisei.info
1541[+] iou-internal.link
1542[+] iraxbody.com
1543[+] irodama.jp
1544[+] iromiz.com
1545[+] ise-dental.com
1546[+] ishida-arch.com
1547[+] ishigaki-night.com
1548[+] ishii-keiji.co.jp
1549[+] ishinomaki-yamashirocho.org
1550[+] ishiyama.xyz
1551[+] ishiyamashikaiin.com
1552[+] isym.xyz
1553[+] itaba.net
1554[+] itaberi.com
1555[+] itamania.com
1556[+] itami.god704.com
1557[+] item-bs.jp
1558[+] itmist.com
1559[+] itoshima.guide
1560[+] ito-copy.com
1561[+] itte-climbing.com
1562[+] iwamachi.net
1563[+] iwami-fc.com
1564[+] iwaohime.chu.jp
1565[+] iwata-ji.com
1566[+] iwata-oomatsuri.org
1567[+] iwate-plumber.com
1568[+] izumifuji.com
1569[+] i-combo.com
1570[+] i-foster.jp
1571[+] i-fudousan.net
1572[+] i-mu.net
1573[+] i-tc.jp
1574[+] i-teiken.co.jp
1575[+] ja0.net
1576[+] ja0cbp.ja0.net
1577[+] jabbeemusic.com
1578[+] jacga.jp
1579[+] jaga-network.org
1580[+] japanasa.org
1581[+] japanese-cocktail-creation.com
1582[+] japanmongolia.com
1583[+] japan-ip.net
1584[+] jaxxdafishworks.com
1585[+] jazzpiano-no-susume.com
1586[+] jckcorp.com
1587[+] jcptakeo.com
1588[+] jcra.info
1589[+] jed.tokyo
1590[+] jee.jp
1591[+] jeffscrossroadblues.com
1592[+] jewelry-sozai.jp
1593[+] jewel-salon.com
1594[+] jinchokyo.com
1595[+] jingaroleather.com
1596[+] jinnagaoka.com
1597[+] jitzuwafinder.com
1598[+] jkf-school.com
1599[+] joetsu-kakumei.net
1600[+] joint-one.com
1601[+] joshua-es.com
1602[+] joyoshiongakudan.com
1603[+] jpntrike.club
1604[+] jpsa-cocoro-niigata.com
1605[+] jp-f.net
1606[+] jp-menu.flier.jp
1607[+] jp.sim-bio.org
1608[+] jstb13.com
1609[+] js-climbing.com
1610[+] js-shika.com
1611[+] jtb-documents.com
1612[+] jucky.red
1613[+] jundental.info
1614[+] junichi-k.com
1615[+] junzzzs.com
1616[+] jun-iida.com
1617[+] justone-aoyama.com
1618[+] just-rentalcars-japan.net
1619[+] juun.jp
1620[+] juutaku-shutoku.com
1621[+] jyakukouen.org
1622[+] jyouhou-ranking10.com
1623[+] jyo-gi.main.jp
1624[+] jyugo.com
1625[+] jyutakuloan-soudan.com
1626[+] j-bookmaker.com
1627[+] j-ken01.m-takumi.net
1628[+] j-ken08.m-takumi.net
1629[+] j-ken11.m-takumi.net
1630[+] j-ken18.m-takumi.net
1631[+] j-ken24.m-takumi.net
1632[+] j-ken25.m-takumi.net
1633[+] j-ken26.m-takumi.net
1634[+] j-ken27.m-takumi.net
1635[+] j-ken.m-takumi.net
1636[+] j-pra.net
1637[+] j-programmers.info
1638[+] k881.jp
1639[+] kabocha-shokudo.totoumi.com
1640[+] kabu.ara.black
1641[+] kabu-navi.mobi
1642[+] kabu.j-pra.net
1643[+] kadvo.com
1644[+] kaeizyuku.com
1645[+] kaeru-unions.puptap.net
1646[+] kaettekoi-fujimiyataku.com
1647[+] kafukai.net
1648[+] kagaku.tokusiyo.com
1649[+] kagijo.com
1650[+] kagiya.moo.jp
1651[+] kagoshika.net
1652[+] kagoshimaj.com
1653[+] kagoshima-sports.jp
1654[+] kagoshima-uwaki.com
1655[+] kagosyou.com
1656[+] kagura-web.com
1657[+] kaidakaikei.com
1658[+] kaigaihoken.biz
1659[+] kaigai.518bz.net
1660[+] kaihos.jp
1661[+] kaijidairi.com
1662[+] kaiketsu.pdgw.org
1663[+] kaikoan.co.jp
1664[+] kaikoan.jp
1665[+] kainan1978.com
1666[+] kairasu.com
1667[+] kaiseitaikyo-yakyu.com
1668[+] kaisha-nara.com
1669[+] kaitori-fukuoka.com
1670[+] kaitouranma.net
1671[+] kaiunsite.net
1672[+] kaiun-yokido.com
1673[+] kaiyoro.com
1674[+] kajiki.info
1675[+] kajimaya.work
1676[+] kaji-stars.com
1677[+] kakashido.com
1678[+] kakiyakiwatanabe.com
1679[+] kakouya.net
1680[+] kakushinhan.org
1681[+] kalmia.total-r.net
1682[+] kamabokokan.co.jp
1683[+] kamakon.com
1684[+] kamanet.jp
1685[+] kametabi.net
1686[+] kame-p.jp
1687[+] kamilabo.net
1688[+] kamimura-kaikei.com
1689[+] kamio.com
1690[+] kamji.org
1691[+] kamodanaika.com
1692[+] kamonbaby.com
1693[+] kanagawa.yuukuuhome.com
1694[+] kanagawaglobal.com
1695[+] kanagawakensetsuunion.yuukuuhome.com
1696[+] kanagawashutter.com
1697[+] kanagawa-union.org
1698[+] kanajin.com
1699[+] kanakana.info
1700[+] kanakanabooks.com
1701[+] kanamori-s.com
1702[+] kanaokakaiji.jp
1703[+] kanazawa-fa.com
1704[+] kanban-ryukan.com
1705[+] kandakyoko.com
1706[+] kaneyoshikougei.com
1707[+] kangawa.net
1708[+] kankeimaru.com
1709[+] kannari-archi.com
1710[+] kanoaki.com
1711[+] kanoaki.hippy.jp
1712[+] kansha-fudemoji.jp
1713[+] kanto-gakuin-sailing-club.info
1714[+] kanwa.info
1715[+] kan-bell.com
1716[+] kaorifunakoshiya.com
1717[+] kaori-tuca.com
1718[+] karaage-nobunaga.com
1719[+] karaburi.chips.jp
1720[+] karigrohn.com
1721[+] kasegu99.com
1722[+] kasou-girl.jp
1723[+] kataiku.com
1724[+] katosake.shop
1725[+] katosayaka.com
1726[+] katsunobu.net
1727[+] katsutoshiyuasa.com
1728[+] kaurupin13.com
1729[+] kawaba.info
1730[+] kawac.net
1731[+] kawaeee.com
1732[+] kawagaki.net
1733[+] kawaguchi-shotenkai.com
1734[+] kawahige.com
1735[+] kawatetu.info
1736[+] kayokotomita.com
1737[+] kaze.uresi.org
1738[+] kazu510.com
1739[+] kazumikisou.com
1740[+] kazumu.net
1741[+] kazu-o.net
1742[+] kcolon.com
1743[+] kcorp.jp
1744[+] kcs-corp.jp
1745[+] kdomyo.com
1746[+] kdsurf.com
1747[+] keeih.com
1748[+] keepon.miaul.net
1749[+] keikicards.org
1750[+] keikoikuta.com
1751[+] keinishishita.net
1752[+] keiou-shiken.com
1753[+] keiou-shiken-telescope.com
1754[+] keisen-kumano.com
1755[+] keiso.biz
1756[+] keisukearima.com
1757[+] keita.tokyo
1758[+] kei-shinkyu.com
1759[+] kekkon1001.net
1760[+] kendou-bougu.com
1761[+] kenjiro.totoumi.com
1762[+] kenkobikatsu.com
1763[+] kenko-club.net
1764[+] kenminkaigi.org
1765[+] kennelgracia.com
1766[+] kenshin-k.com
1767[+] kentaimamura.com
1768[+] kentec-gp.com
1769[+] keron.jp
1770[+] kesen-numa.net
1771[+] keynote-music.jp
1772[+] keyofspace.net
1773[+] kfirsthk.com
1774[+] khs-doso.com
1775[+] kibounoki.net
1776[+] kidokorocco.info
1777[+] kids.ak-musicacademy.com
1778[+] kieta.tokyo
1779[+] kifa-all.com
1780[+] kigaku-style.com
1781[+] kigyouu.net
1782[+] kikonashiclub.com
1783[+] kikuzawa.ja0.net
1784[+] kimamanieiga.com
1785[+] kind-sound.com
1786[+] kingdomtanaka.com
1787[+] kinnunn-up.itamania.com
1788[+] kinokon.org
1789[+] kinokuni.com
1790[+] kinsitukan.com
1791[+] kinusaya.com
1792[+] kirakira5201.net
1793[+] kirala.biz
1794[+] kirarakodomo.com
1795[+] kirari.tkprojects.jp
1796[+] kireinaji.red
1797[+] kirinomi.com
1798[+] kisyo-risa.com
1799[+] kita1jp.com
1800[+] kitagawamegumi.com
1801[+] kitakaido.com
1802[+] kitamasu.com
1803[+] kitamuraganka.com
1804[+] kitsune744.com
1805[+] kiyota-design.com
1806[+] kizuna-aiban.jp
1807[+] kkcs.org
1808[+] kkkkkkkk.net
1809[+] kkosho.com
1810[+] kleinepuppe.com
1811[+] klonoho.com
1812[+] kmginzaclinic.com
1813[+] km-sj.com
1814[+] knot.website
1815[+] koba.tv
1816[+] kobe-global-quest.com
1817[+] kobe-rosette.com
1818[+] kobikichou-hanamichi.com
1819[+] kobo-sachi.com
1820[+] kobushicare.com
1821[+] kocka.main.jp
1822[+] kodawari-recipe.info
1823[+] kodomokyouiku.jp
1824[+] kodomo-kyousei.jp
1825[+] kodomo-you.net
1826[+] koedokko.net
1827[+] kofukuji-matsubara.com
1828[+] kogayabungu.jp
1829[+] kohwaplanners.jp
1830[+] koichaya.jp
1831[+] koikesake.com
1832[+] koisan.totoumi.com
1833[+] koiuranai.net
1834[+] kojidsgn.com
1835[+] kojikoji.jp
1836[+] kojitani.net
1837[+] kokoroathome.com
1838[+] kokusyashin.com
1839[+] komainu.main.jp
1840[+] konagaya-pc.com
1841[+] konan-church.jp
1842[+] kondonao.com
1843[+] konichstiger.com
1844[+] konkatsu-tokai.com
1845[+] koo-yamashita.main.jp
1846[+] koroan.com
1847[+] koseki-touhon.com
1848[+] kosi.jp
1849[+] kosodatetoikuji.com
1850[+] kosodatetoikujisub1.info
1851[+] kosoinfo.net
1852[+] kote.jp
1853[+] kotorina.com
1854[+] kotosara.com
1855[+] kotsuijitou.jp
1856[+] kou.moo.jp
1857[+] koubikyunyuki.com
1858[+] kouen-okinawa.com
1859[+] koukoku-navi.com
1860[+] koukoku-navi.schoolbus.jp
1861[+] koumuten.fp-niigata.com
1862[+] kouso-rankings.com
1863[+] koutakase.net
1864[+] koutsuujiko.net
1865[+] kouzanrou.netwing.info
1866[+] kovada.net
1867[+] kowatd.com
1868[+] koyoestate.jp
1869[+] kozuehasegawa.com
1870[+] ko-ko-ka-ra.com
1871[+] kprstory.com
1872[+] ksbuil-s.com
1873[+] ksn-b.com
1874[+] ksoffice-jp.com
1875[+] kst-international.net
1876[+] ks-ca1.com
1877[+] ks-pd.com
1878[+] ks-pj.com
1879[+] ks-pn.com
1880[+] ks-sdo.com
1881[+] ks-seo.com
1882[+] ks-setubi.com
1883[+] ktai-denjiha.info
1884[+] kumachan-lab.com
1885[+] kumafe13.com
1886[+] kumamoto-fuzoku-night.net
1887[+] kumazawamakoto.info
1888[+] kurabu-t-basu.com
1889[+] kuragon.net
1890[+] kurakake.whitesnow.jp
1891[+] kuralica.net
1892[+] kurarc.jp
1893[+] kurashiki-ae.com
1894[+] kure-wochi.umedatakumi.com
1895[+] kuri.secret.jp
1896[+] kurikuri.jp
1897[+] kuri-potter.com
1898[+] kurosuke.biz
1899[+] kurotake.com
1900[+] kurukurucoin.com
1901[+] kurumamichi.com
1902[+] kurumatakakukaitori.com
1903[+] kurumi-mansion.com
1904[+] kushiyayoiyarokuya.com
1905[+] kusimaya.com
1906[+] kuwanamasanori.com
1907[+] kuwananohotaru.net
1908[+] kuze-dental.com
1909[+] kuzukaji.com
1910[+] ku-ra-su.com
1911[+] kyoiku-labo.com
1912[+] kyoko-dc.com
1913[+] kyotosake.jp
1914[+] kyoto-runlab.com
1915[+] kyoto-runlab.main.jp
1916[+] kyougokuzushi.com
1917[+] kyo-komachi.jp
1918[+] kyugoka.com
1919[+] kz-office.jp
1920[+] k-24.net
1921[+] k-asaya.com
1922[+] k-claire.com
1923[+] k-cultureclub.com
1924[+] k-daishin.com
1925[+] k-daiwa.jp
1926[+] k-hankyu.com
1927[+] k-iwaya.com
1928[+] k-mo.jp
1929[+] k-royal.biz
1930[+] k-styleoffice.com
1931[+] k-terasaka.com
1932[+] lacalabre.com
1933[+] lactive.net
1934[+] lamiafragranza.com
1935[+] langit-bali.com
1936[+] lara-vintage.com
1937[+] large-x.com
1938[+] lasolana-art.com
1939[+] lassemarttinen.karigrohn.com
1940[+] latelier-deux.com
1941[+] law-neta.com
1942[+] lazulite.net
1943[+] leanani.com
1944[+] learning.tourismethics.org
1945[+] lemiel.biz
1946[+] leokanofam.com
1947[+] lequio.net
1948[+] levelup-group.jp
1949[+] le-chien-minami.com
1950[+] lhog.net
1951[+] liame.jp
1952[+] lifenabi.net
1953[+] lighthouse.meister-hora.net
1954[+] liisun.com
1955[+] likka-zakka.com
1956[+] lilin-manis.com
1957[+] lilong-cafe.com
1958[+] lilyco.biz
1959[+] linga.jp
1960[+] lingerieholics.com
1961[+] linkup-c.jp
1962[+] link-seo.com
1963[+] linoneillracing.com
1964[+] lirca.xyz
1965[+] lis-company.com
1966[+] lis-hair.com
1967[+] littleheaven.ikuranet.com
1968[+] littlesugar.readymade.jp
1969[+] livebarbondgirl.com
1970[+] livestyles.tv
1971[+] lizz-lizz.com
1972[+] llcaif.com
1973[+] lohas-people.com
1974[+] longvisor.com
1975[+] lookeydookey.com
1976[+] lordofwalkurefun.info
1977[+] losh-nikki.com
1978[+] loveaccele.com
1979[+] lovedogmarket.com
1980[+] lovelysolo.com
1981[+] lovely.7236.info
1982[+] loverscoat.com
1983[+] loverscoat-kitahorie.com
1984[+] love-gdw.com
1985[+] love-lunch.com
1986[+] love-mickey.com
1987[+] love-sonmul.com
1988[+] lqj.tokyo
1989[+] lucktailjapan.jp
1990[+] luckypower.info
1991[+] luft.tv
1992[+] lui-gi.com
1993[+] lumo-est.com
1994[+] luna-st.net
1995[+] luvd.jp
1996[+] luvl.net
1997[+] m.hghs.jp
1998[+] m1-factory.com
1999[+] m2works.biz
2000[+] macaws.jp
2001[+] machida-live.jp
2002[+] machinaka.wedding
2003[+] machi-nobeoka.jp
2004[+] machi-plan.com
2005[+] macintuba.com
2006[+] macourtny.com
2007[+] madoguchi-souzoku.com
2008[+] madokatakuma.com
2009[+] maga.info-net-hd.com
2010[+] magics.com
2011[+] magic-102.com
2012[+] magokoro.pw
2013[+] maguro.aikij.com
2014[+] maguro.totoumi.com
2015[+] mahalo-office.com
2016[+] mahjong.ara.black
2017[+] mahoroba-coffee.jp
2018[+] mail.calvin.org
2019[+] mail.face2fake.jp
2020[+] mail.frontierstrvl.com
2021[+] mail.getsuyokai.com
2022[+] mail.cap-kobe.com
2023[+] maimai-zti.com
2024[+] mai-aoyagi.com
2025[+] makejin.biz
2026[+] makikoyoga.com
2027[+] maki-o.com
2028[+] mako-26.com
2029[+] mamaselection.net
2030[+] mamiyo.net
2031[+] mami-platinalink.com
2032[+] maneki.daa.jp
2033[+] maniac.lui-gi.com
2034[+] mariart.jp
2035[+] maria-sv.com
2036[+] marilou.jp
2037[+] marimaro.net
2038[+] marinecraftsails.com
2039[+] marishirai.com
2040[+] maritimesilkroad.net
2041[+] mari-shimizu.com
2042[+] marqueemoon.jp
2043[+] maruei-kensetu.com
2044[+] marujyu.biz
2045[+] maruka-syoyu.com
2046[+] marukufarm.com
2047[+] marushin-jyutaku.com
2048[+] marutani-jidousha.com
2049[+] masaki-office.com
2050[+] masako-piano.net
2051[+] masalabo.com
2052[+] masamichi.info
2053[+] masashiweb.com
2054[+] masa-ori.com
2055[+] masa-web.com
2056[+] mashu-and-kei.com
2057[+] massapage.com
2058[+] mastersatworkinc.com
2059[+] masudachiryoin.com
2060[+] masudamakiko.com
2061[+] masuda-chiryoin.com
2062[+] masuda-ya.co.jp
2063[+] matatabi.ikuranet.com
2064[+] matchless-jp.com
2065[+] match-bbs.com
2066[+] matsubakaikei.com
2067[+] matsuida-hp.com
2068[+] matsuisuisan.net
2069[+] matsukawaura.net
2070[+] matsumoto-mokuzai.com
2071[+] matsuyuki77.com
2072[+] matsuzaki-farm.com
2073[+] matuko.henhao.org
2074[+] mauna-moana.com
2075[+] max-power.lilong-cafe.com
2076[+] maymaydeco.com
2077[+] mayumi-illust.com
2078[+] mayunezu.com
2079[+] ma-mm.com
2080[+] ma-tsu.com
2081[+] mb.rentana35.com
2082[+] mba-investment.work
2083[+] mbtest.rentana35.com
2084[+] mcm-group.co.jp
2085[+] mdadiet.org
2086[+] mde-sign.net
2087[+] mdlm.ciao.jp
2088[+] mds-cow-facetosmile.com
2089[+] mebaruing.com
2090[+] medium-lab.com
2091[+] meetsourcetrip.com
2092[+] meg.chu.jp
2093[+] megaxis.net
2094[+] megumi.or.jp
2095[+] meijikkikaku.biz
2096[+] meikoyokoyama.com
2097[+] meister-hora.net
2098[+] meisuicafe.com
2099[+] melancholy-gretel.com
2100[+] member.kyoto-runlab.com
2101[+] memphis7.com
2102[+] mental.hghs.jp
2103[+] menya315.com
2104[+] menz-udedokei.com
2105[+] merle-d.com
2106[+] messagemakers-j.com
2107[+] mg-freedom.com
2108[+] miaul.net
2109[+] miccori.com
2110[+] michinoeki-uryu.com
2111[+] michinomoto.com
2112[+] michiwaki.jp
2113[+] midnightmeal.net
2114[+] miesugi.com
2115[+] mikahomeo.com
2116[+] mika-g.com
2117[+] mikie-office.com
2118[+] miku.co.jp
2119[+] milestonemongstad.com
2120[+] mimosa-1.com
2121[+] minagawa-clinic.jp
2122[+] minamaux.com
2123[+] minaminanami.com
2124[+] minaminokuni.net
2125[+] minamisaitama-law.com
2126[+] minataru.senorya.com
2127[+] mindmap365.com
2128[+] minds.cx
2129[+] mineruva.com
2130[+] minkara-tyakuga.info
2131[+] minoru-arch.com
2132[+] mino-hara.com
2133[+] mino-orc.net
2134[+] mintons.tokyo
2135[+] miraimap.net
2136[+] mirai-hiroshima.net
2137[+] mirai-ringyou.com
2138[+] miri.7236.info
2139[+] mirrorbowler.com
2140[+] misa-harp.com
2141[+] miselabo.com
2142[+] misiakanagawa.com
2143[+] misrelwatan.com
2144[+] misua.rentana35.com
2145[+] misuagrace.rentana35.com
2146[+] misua-rentana.com
2147[+] mitaidouga.com
2148[+] mitake-reform.com
2149[+] mitomok.com
2150[+] mitsuami.evodevodesign.com
2151[+] mitsuikabu.com
2152[+] mitsukejuku.totoumi.com
2153[+] mitsukeyose.totoumi.com
2154[+] mitsuke-akindo.totoumi.com
2155[+] mitsuke-bunka.totoumi.com
2156[+] mitsuke-kabocha.totoumi.com
2157[+] mitsuki-ogawa.com
2158[+] mitsuru-kenchiku.net
2159[+] mitungo.sunnyday.jp
2160[+] mixapart.net
2161[+] miyagawa-shinrin.jp
2162[+] miyakos.net
2163[+] miyanomoribread117.com
2164[+] miyazaki-fuzoku-night.net
2165[+] miyazaki-skateboarding.org
2166[+] miyokko.org
2167[+] miyoshishi.com
2168[+] miyumids.net
2169[+] mizubenosato.com
2170[+] mizuhoseikei.com
2171[+] mizuironoinu.com
2172[+] mizusawa-tansu.info
2173[+] mizutahideki.com
2174[+] mizutamaya.com
2175[+] mk-management.jp
2176[+] mmaika.com
2177[+] mob.fournetclub.com
2178[+] mobapara.com
2179[+] mobile.koroan.com
2180[+] mobilmester.com
2181[+] mob.kyoto-runlab.com
2182[+] moes-lighting.net
2183[+] mogienterprise.com
2184[+] momokei.net
2185[+] momokuma.com
2186[+] momonotane.com
2187[+] monjack.jp
2188[+] monkichi.info
2189[+] monocolle.com
2190[+] mono-pl.com
2191[+] montessori-himawari.com
2192[+] mooaloha.com
2193[+] moon.kametabi.net
2194[+] moonlight-mile.net
2195[+] more-mind.com
2196[+] morikawa-kinzoku.com
2197[+] morita-estate.com
2198[+] mori-hospital.com
2199[+] motherleaf-abeno.com
2200[+] motoe-tig.com
2201[+] mottainaiya.click
2202[+] mouiikanatte.info
2203[+] mozneko.boo.jp
2204[+] mpiace.com
2205[+] mrfp-hakata.com
2206[+] mrt-umeda.com
2207[+] mr-transceiver.com
2208[+] mr-yoshy.com
2209[+] msf-pine.com
2210[+] msharp.jp
2211[+] msroom.site
2212[+] mswork.info
2213[+] ms-b.net
2214[+] ms-connection.com
2215[+] mugu.moo.jp
2216[+] muir-kaguya.snowy-heart.com
2217[+] mullinscheese.net
2218[+] muramatsu-gosei.com
2219[+] murayajinja.com
2220[+] musacom.jp
2221[+] musacom.sub.jp
2222[+] musashinohalloween.com
2223[+] museumofart.jp
2224[+] musica-lento.com
2225[+] musica-piacevole.com
2226[+] musicfansite.net
2227[+] music-gourmet.com
2228[+] music-jormungand.com
2229[+] music-machine.info
2230[+] musubiya-k.com
2231[+] mutsumi-biz.com
2232[+] mutyuya.net
2233[+] mu-nya.com
2234[+] myarcherfishsolo.com
2235[+] mykonosis.com
2236[+] my-psb.biz
2237[+] mzzhujian.com
2238[+] m-epoch.com
2239[+] m-glass.net
2240[+] m-ism.net
2241[+] m-i-care.com
2242[+] m-kobe.net
2243[+] m-paradise.com
2244[+] m-shigeno.net
2245[+] m-shj.com
2246[+] m-speed.com
2247[+] m-takumi.net
2248[+] m-tomei.net
2249[+] m-you.jp
2250[+] m.crypto-air.net
2251[+] n.momokuma.com
2252[+] nachupuri.com
2253[+] nagaishi-iin.com
2254[+] nagano7.net
2255[+] nagano21.co.jp
2256[+] nagaoka-artigiani.com
2257[+] nagasaki-dent.com
2258[+] nagaseyoshihiro.com
2259[+] nagata-microtia.com
2260[+] nagijupi.com
2261[+] nagomini.com
2262[+] nagominoyo-ga.com
2263[+] nagomiryouhou.com
2264[+] nagoyaka.info
2265[+] nagoyaootake.com
2266[+] naiamao.net
2267[+] nail-mishadi.com
2268[+] nail-papilio.com
2269[+] nail-ribbon.com
2270[+] nail-rifare.com
2271[+] nairobi-artproject.jp
2272[+] naissho.com
2273[+] naisyoku1.com
2274[+] naitoya.com
2275[+] nakai.in
2276[+] nakamatsu.info
2277[+] nakameguro-good.net
2278[+] nakamuraeriko.seaside-c.jp
2279[+] nakane.link
2280[+] nakaq.com
2281[+] nakayamaboring.jp
2282[+] nanasclub.com
2283[+] nankouramen.com
2284[+] nao.main.jp
2285[+] naoshima-line.com
2286[+] naotta.org
2287[+] naruto-hamada.com
2288[+] natori-kiseki.main.jp
2289[+] natsu.lomo.jp
2290[+] natsutsubaki.com
2291[+] naturaldiet-nishihachi.com
2292[+] naturaldiet-tsujido.com
2293[+] naturalforce.info
2294[+] naturalforce.main.jp
2295[+] naturalis.jp
2296[+] naturalseitai-nishihachi.com
2297[+] natural-photo.net
2298[+] naving-inc.net
2299[+] na-concept.com
2300[+] necomars.com
2301[+] necomati.pepper.jp
2302[+] necot.org
2303[+] negibose.jp
2304[+] nehajapan.com
2305[+] neko.henhao.org
2306[+] neko.santaro3.com
2307[+] nekonoko.chu.jp
2308[+] nekonosenaka.com
2309[+] nekopechi.com
2310[+] nems-n.co.jp
2311[+] nenrin-kirakira.net
2312[+] neochi.net
2313[+] neojp.com
2314[+] neowill.info
2315[+] nesesito.com
2316[+] neta.kawac.net
2317[+] netapp.perec.jp
2318[+] netwing.info
2319[+] network.n-apc.com
2320[+] nexter.ltd
2321[+] nextstyle-jp.com
2322[+] nextto.thegreenhousestudio.net
2323[+] nh-agri.com
2324[+] nichiin.aikij.com
2325[+] nicodigoku.com
2326[+] nico-uni.com
2327[+] nieishokai.com
2328[+] nijiori.com
2329[+] nikibi-water.com
2330[+] nikkoservice.co.jp
2331[+] nikko-kk.net
2332[+] nikko-kousan.com
2333[+] ninchi.info
2334[+] ninna-nanna.net
2335[+] nishihara-dental.com
2336[+] nishihara-photo.com
2337[+] nishiji-foods.com
2338[+] nishodo.jp
2339[+] nissei-ws.com
2340[+] niwaki-shobun.com
2341[+] nobinobi-kc.info
2342[+] nobunsha.jp
2343[+] nobusf.info
2344[+] nonohana-hoikuen.net
2345[+] nonohirukai.com
2346[+] nonoyuri.com
2347[+] nordictable-akakatsu.shop
2348[+] noric-cycle.com
2349[+] northvillage.jp
2350[+] nortonplace.jp
2351[+] nosta.jp
2352[+] nouwakaiwate.com
2353[+] now-tel.com
2354[+] no-graffiti.org
2355[+] npokaikei.com
2356[+] npo-engei.com
2357[+] npo-horizonte.org
2358[+] npo-kizuna.net
2359[+] npo-uchi.org
2360[+] npo-yukari.net
2361[+] nrsw.net
2362[+] nsballet.jp
2363[+] nss.jp.net
2364[+] numberlink.ara.black
2365[+] nurufuwa.com
2366[+] nyonline-record.com
2367[+] n-apc.com
2368[+] n-assist.net
2369[+] n-i-w-a.com
2370[+] n-metallicon.jp
2371[+] oasis-club.com
2372[+] obihiro-hiroki.com
2373[+] obiyama.com
2374[+] oceanenterprise.jp
2375[+] ochakai-akasaka.com
2376[+] octahotel.com
2377[+] officejapan.co.jp
2378[+] officelibre.com
2379[+] office-b.tokyo
2380[+] office-hiroe.com
2381[+] office-kino.com
2382[+] office-mita.com
2383[+] office-mizumoto.com
2384[+] office-ps.com
2385[+] office-rikki.com
2386[+] office-sien.com
2387[+] office-tominaga.com
2388[+] office-tsuji.biz
2389[+] offrock.jp
2390[+] ofuchi.net
2391[+] ogsanex.com
2392[+] oguni-tourism.com
2393[+] ohakamairi.tetyan.com
2394[+] ohana-salon.com
2395[+] oharabooks.com
2396[+] ohbanzai.com
2397[+] ohishi-seitai.com
2398[+] ohnishi-denki.jp
2399[+] ohnishi-lc.net
2400[+] oita-creation-gallery.com
2401[+] oitekaze.com
2402[+] oitekebori.fool.jp
2403[+] okada-sachiko.com
2404[+] okada-system.com
2405[+] okamotovf.com
2406[+] okayamafe.com
2407[+] okigaru-wataru.com
2408[+] okinawa.ikemenren.com
2409[+] okinawangirls.com
2410[+] okinawaplanning-agent.com
2411[+] okushiga-resort.com
2412[+] oku-jo.com
2413[+] oku-jo.main.jp
2414[+] ok-umisakura.com
2415[+] olimpico-web.com
2416[+] omakase1833.com
2417[+] omiken11.m-takumi.net
2418[+] omiken16.m-takumi.net
2419[+] omiken21.m-takumi.net
2420[+] omni-box.net
2421[+] oneandonly-miyazaki.org
2422[+] onecraft-k.com
2423[+] one-deck.com
2424[+] onigiiiiri.net
2425[+] online-school.xyz
2426[+] online-shops.tokyo
2427[+] only-one-crew.com
2428[+] onmtp.com
2429[+] onodera.com
2430[+] onoe-dc.com
2431[+] onshindo.com
2432[+] on-apartments.com
2433[+] on-para.com
2434[+] oohara2103.com
2435[+] ooookigumi.com
2436[+] oosugiya3.com
2437[+] opensesame246.com
2438[+] open-close-guesthouse.info
2439[+] opml.xyz
2440[+] orangesound.net
2441[+] orange-moon.org
2442[+] orcatoys.com
2443[+] orefunky.com
2444[+] organic-map.com
2445[+] osabisiyama.com
2446[+] osakaryomakai.com
2447[+] osakimakkura.com
2448[+] osaki-korean.com
2449[+] osamusan.jp
2450[+] osechimatome.com
2451[+] oshigoto-sagashi.info
2452[+] osusumenopg.xyz
2453[+] osusumenotuushinkoza.click
2454[+] otaru-ichifuji.com
2455[+] otete-club.com
2456[+] otohaya.com
2457[+] otoku-guide.com
2458[+] otoku-net.jp
2459[+] otome.biz
2460[+] otonanoasoviva.com
2461[+] otowa-pj.com
2462[+] otsuva.com
2463[+] oumeldonia.com
2464[+] ourc.info
2465[+] outiyasai.com
2466[+] ova-japan.org
2467[+] oyster-aoyama.com
2468[+] ozakism.com
2469[+] o-arc.com
2470[+] o-gold.net
2471[+] o-haraseikotsuin.com
2472[+] o-k.cc
2473[+] o.mutsumi-biz.com
2474[+] paddockstyle.com
2475[+] paddock-pog.club
2476[+] pagerank-jp.info
2477[+] page.asahi-kawasumi.com
2478[+] pani-kumaya.com
2479[+] panoil.net
2480[+] pano-h.com
2481[+] papacomeon.daa.jp
2482[+] paradisemd.net
2483[+] paramananda-hena.com
2484[+] pasery.com
2485[+] pasonoki.com
2486[+] pasta-myrecipes.com
2487[+] patalife.com
2488[+] path-works.net
2489[+] patriotmd.info
2490[+] pc.svalue.net
2491[+] pdgw.org
2492[+] pdiom.com
2493[+] pdr34.com
2494[+] peace-crayon.world
2495[+] peachmade.com
2496[+] pearfields.com
2497[+] pearholic.com
2498[+] pekegoatblama.com
2499[+] pellionart.com
2500[+] pensimples.sunnyday.jp
2501[+] pepe.ara.black
2502[+] perche-no.com
2503[+] perec.jp
2504[+] permian.site
2505[+] permian.tokyo
2506[+] personal-sawa.com
2507[+] petmedical-center.com
2508[+] petnabi.net
2509[+] pet-b.com
2510[+] pgcom.tkprojects.jp
2511[+] pharmacist123.com
2512[+] phoenixclub.xyz
2513[+] photo.hikarioita.net
2514[+] photographerhal.com
2515[+] photojapan.karigrohn.com
2516[+] phototic.net
2517[+] pianoire.link
2518[+] piano-refrain.com
2519[+] pico-tech.jp
2520[+] piglet-prosciutto.com
2521[+] pilates-one.com
2522[+] pilotsandplanesmilitary.com
2523[+] pinkribbon-k.jp
2524[+] pink-clover.com
2525[+] pipo-eve.com
2526[+] pitaschio.ara.black
2527[+] pivoine.biz
2528[+] plankton-mp.com
2529[+] planning-box.com
2530[+] playgrounddanceschool.com
2531[+] playsports.jp
2532[+] plaza-katayama.com
2533[+] plugramhatchi.com
2534[+] plusplants.com
2535[+] pluswoodwork.com
2536[+] pocham.net
2537[+] point-cash-webmoney.clvs.info
2538[+] poisson-dor.jp
2539[+] polishnavi.jp
2540[+] polka-dot.info
2541[+] polymorphore.com
2542[+] ponpoko-pon.net
2543[+] poo.main.jp
2544[+] poohtankoubou.com
2545[+] popo.ara.black
2546[+] popo2.ara.black
2547[+] popopoporn.com
2548[+] popo-sportsclub.com
2549[+] pop-teen2009.com
2550[+] posimag.tokyo
2551[+] poteken.heavy.jp
2552[+] power-builder.jp
2553[+] pre.hghs.jp
2554[+] premium-ak.com
2555[+] prev-medicine.com
2556[+] prier-wedding.net
2557[+] primes-hair.com
2558[+] prime-res.net
2559[+] print.shioin.com
2560[+] print.quick-banner.net
2561[+] professional-teacher.com
2562[+] promised-land.info
2563[+] pronunciation-english.com
2564[+] proots.jucky.red
2565[+] proots.net
2566[+] proud-show.com
2567[+] proud-show.lolipop.jp
2568[+] proware.jp
2569[+] pro-iz.com
2570[+] pubfes.com
2571[+] pukamaikala.com
2572[+] puptap.net
2573[+] pura-kaitori.com
2574[+] purituya.com
2575[+] puromo2017.com
2576[+] push-house.link
2577[+] pvc-next.com
2578[+] pwt.jp
2579[+] pyrite.jp
2580[+] pzodai09r.2001mediagroup.com
2581[+] pzodai10q.2001mediagroup.com
2582[+] pzoda.2001mediagroup.com
2583[+] p-adal.com
2584[+] p-auf.jp
2585[+] p-fouls.com
2586[+] p-sankyo.com
2587[+] qinform.net
2588[+] qmaonly.info
2589[+] qt-honey.com
2590[+] quadpod-g.com
2591[+] quality.main.jp
2592[+] quartermasterz.com
2593[+] quick-banner.net
2594[+] quties-girls.com
2595[+] q-miyazaki.com
2596[+] radiant-plus.com
2597[+] ragon.jp
2598[+] rainbowtg.com
2599[+] rakuchin.cantaman.com
2600[+] rakugakienpitsu.net
2601[+] ramazan2011.org
2602[+] rankei.net
2603[+] raou-legend.com
2604[+] rapid-car.jp
2605[+] rapid-trucks.net
2606[+] raraplus.jp
2607[+] rarara.info
2608[+] raspberrypi.tokyo
2609[+] rc-gcraft.com
2610[+] realicet.com
2611[+] reality-r.com
2612[+] reborn-parts.com
2613[+] rec.gligligli.com
2614[+] recell-osaka.com
2615[+] reconne.com
2616[+] recruit.matsubakaikei.com
2617[+] recruite.site
2618[+] recruit-sanyouroad.com
2619[+] recruit.brian-brew.com
2620[+] recst.info
2621[+] redmoon-mtg.com
2622[+] reembody.cantaman.com
2623[+] refresh-healing.com
2624[+] reihou.net
2625[+] reiki-eishin.net
2626[+] reikomitsuoka.com
2627[+] relife-k.com
2628[+] renoi.net
2629[+] rent.koyoestate.jp
2630[+] rentana35.com
2631[+] reone.jp
2632[+] requestap.com
2633[+] rerechan.com
2634[+] restaurant-note.com
2635[+] reverie-premier.jp
2636[+] rexpro.jp
2637[+] riccaen.com
2638[+] richardnickelcommittee.org
2639[+] richwell-marketing.com
2640[+] rich-miyabi.com
2641[+] rickmans.net
2642[+] ricybethink.com
2643[+] ridinglads.com
2644[+] rifare-nail.com
2645[+] rikkagama.com
2646[+] rikkagama.main.jp
2647[+] rikomamute.com
2648[+] rikuno-dc.com
2649[+] ringo-juice.net
2650[+] rinyusyoku.com
2651[+] rinyu-group.com
2652[+] riochan.net
2653[+] ripnoise.com
2654[+] ripple-happy.com
2655[+] riseisha.com
2656[+] rise-p.co
2657[+] rise-up.recruite.site
2658[+] ristorante-yagi.com
2659[+] ritmo-albero.com
2660[+] riyo7.com
2661[+] rmcaj.net
2662[+] rmsmultimidia.com
2663[+] ro.suvaru.com
2664[+] robaie.com
2665[+] robinsons.co.jp
2666[+] robot.schoolbus.jp
2667[+] robot-classroom.com
2668[+] rocca-cafe.com
2669[+] rocomaho.com
2670[+] rokuemon-akita.com
2671[+] romanesk.com
2672[+] ronswanson2012.org
2673[+] rooftop.jp
2674[+] room-studio.com
2675[+] rozeboom.jp
2676[+] rsjprwjp.com
2677[+] rskind.main.jp
2678[+] rs-aqua.net
2679[+] ruminasu.net
2680[+] runaair-senmon.net
2681[+] rungraph.com
2682[+] runru.jp
2683[+] runtan.info
2684[+] rurika.jp
2685[+] rurikas-table.net
2686[+] ryokuyukai.net
2687[+] ryokuyuusya.com
2688[+] ryotan.club
2689[+] ryotech1.com
2690[+] ryotr.com
2691[+] rysk.biz
2692[+] rythkids.com
2693[+] ryuushinkai.com
2694[+] ryuzoji.jp
2695[+] rztaiyun.com
2696[+] r-level.com
2697[+] r-reform.com
2698[+] s243s.com
2699[+] sacra.info
2700[+] saekiclinic.net
2701[+] sagamihara.yuukuuhome.com
2702[+] sagamihara-machida.com
2703[+] saijocom.com
2704[+] sailog.shag-eft.biz
2705[+] saimuseiri-bengoshi.xyz
2706[+] sainokunilaw.com
2707[+] saito-bone.com
2708[+] saito-jc.com
2709[+] saiwaipiano.net
2710[+] saiyasunetuuhan.com
2711[+] sakado-unkai.com
2712[+] sakaidafruits.com
2713[+] sakaihiroki.com
2714[+] sakai-mirufi-zu.com
2715[+] sakakibara.black
2716[+] sakeworldcup.com
2717[+] sake-hiranoya.com
2718[+] sakimura-office.com
2719[+] sakucomi.com
2720[+] sakula.info
2721[+] sakuraroman.com
2722[+] sakuravren.com
2723[+] sakura-kokusai.com
2724[+] sakura-op.com
2725[+] sale.hghs.jp
2726[+] salonann.com
2727[+] salondekurono.com
2728[+] salondemoko.net
2729[+] salon-gluck.com
2730[+] samhairdesign.com
2731[+] sample.evodevodesign.com
2732[+] sample-testsite.com
2733[+] sampling-love.com
2734[+] samuraiceo.jp
2735[+] sandd.jp
2736[+] saneiclub.tokyo
2737[+] sangatsunomizu.com
2738[+] sansen.biz
2739[+] sanso-t.com
2740[+] sansui-food.com
2741[+] santaro3.com
2742[+] sanuki.sub.jp
2743[+] sanukids.org
2744[+] sanuki-awa.com
2745[+] sanyo-crane.com
2746[+] sapporo-morita.co.jp
2747[+] sapporo-yutaka.com
2748[+] sapuri1.com
2749[+] saraca-de-sarasa.com
2750[+] saratree.com
2751[+] saruita.org
2752[+] sas99.com
2753[+] sasakiai.com
2754[+] sasayoshi.com
2755[+] sasebomap.com
2756[+] satomi.happyhouse.school
2757[+] satomina.com
2758[+] satori.suisei.info
2759[+] satoyam.com
2760[+] satsukikishida.com
2761[+] satsuta.com
2762[+] sauna-dictionary.com
2763[+] savespaceshipearth.com
2764[+] sawarabi-en.com
2765[+] sawasdee-thai.com
2766[+] sayakah.com
2767[+] sayinsei.com
2768[+] sa-shi.com
2769[+] school.kprstory.com
2770[+] school-tantei.com
2771[+] school-tentol.com
2772[+] scoop-home.jp
2773[+] scsne.com
2774[+] sc-pg.com
2775[+] seaportenglish.com
2776[+] search.svalue.net
2777[+] search-support.jp
2778[+] search.ad-affiliate.jp
2779[+] seattlespiel.com
2780[+] sea-angel.pro
2781[+] sea-monk.com
2782[+] second-self.com
2783[+] seedstudio.vivian.jp
2784[+] seeds-dance.com
2785[+] seed-ship.com
2786[+] seigetsu-entertainment.com
2787[+] seigot.net
2788[+] seikatukoubou.com
2789[+] seiketsu.gyoyu.com
2790[+] seikou-gr.jp
2791[+] seinen.ykenchikushi.org
2792[+] seiryudaiko.com
2793[+] seitabussan.com
2794[+] seiun-in.jp
2795[+] seiwa-hsinc.jp
2796[+] sekai-isshu.com
2797[+] sekimiyabi.jp
2798[+] seki-shika.jp
2799[+] sekoukanri.com
2800[+] select-snowboard.com
2801[+] selfbox.net
2802[+] seminar.triumph98.net
2803[+] seminars.triumph98.net
2804[+] sengoku.tobenko.com
2805[+] senkeikoryu-ikebana.net
2806[+] senorya.com
2807[+] sept-ppn.com
2808[+] serina.littlestar.jp
2809[+] serpentuva.com
2810[+] server.svalue.net
2811[+] setsuzeiooya.com
2812[+] setuyaku.cheap.jp
2813[+] setuyaku.org
2814[+] set-p.com
2815[+] seven-sangyo.com
2816[+] sg-koshigaya.com
2817[+] shadanki.com
2818[+] shag-eft.biz
2819[+] shanway.jp
2820[+] sharou-shi.com
2821[+] shatilovart.com
2822[+] shibatest.lolipop.jp
2823[+] shibuya-maharaja.net
2824[+] shien.club
2825[+] shien-shien.com
2826[+] shikaerabi.com
2827[+] shikaku.pdgw.org
2828[+] shikakua.m-takumi.net
2829[+] shikakue.m-takumi.net
2830[+] shikakuf.m-takumi.net
2831[+] shikakuk.m-takumi.net
2832[+] shikakul.m-takumi.net
2833[+] shikakum.m-takumi.net
2834[+] shikakun.m-takumi.net
2835[+] shikakuo.m-takumi.net
2836[+] shikaku-tsushin.com
2837[+] shikaku.m-takumi.net
2838[+] shimazakirody.com
2839[+] shimizuakiko.com
2840[+] shimizuplanning.jp
2841[+] shimizu-chiryo.com
2842[+] shimokita-killers.com
2843[+] shimomurakagu.jp
2844[+] shinaikids.com
2845[+] shinbashi-gift.net
2846[+] shinchaaaaaaan.net
2847[+] shineijapan.com
2848[+] shinei-industry.co.jp
2849[+] shinkenkai.jp
2850[+] shinken-nuae.org
2851[+] shinokimiya.jp
2852[+] shinsen.org
2853[+] shinshochurch.org
2854[+] shin-zu.com
2855[+] shioin.com
2856[+] shiokawachiro.com
2857[+] shiokawaschool.com
2858[+] shioty.info
2859[+] shiragazomee.net
2860[+] shirakabado.com
2861[+] shiretsukyousei-repo.net
2862[+] shitayama-h.com
2863[+] shiwaganka.cc
2864[+] shiyorasu.m-ism.net
2865[+] shizen-no-mori.com
2866[+] shizuku.info
2867[+] shizuku.raindrop.jp
2868[+] shoes-market.net
2869[+] shoheikatsuki.com
2870[+] shoichi-k.com
2871[+] shoji-kaiga.com
2872[+] shojonotomo.com
2873[+] shokuiku-net.com
2874[+] shokumousoudan.net
2875[+] shokunowa.org
2876[+] shonan-steel.com
2877[+] shop.fournetclub.com
2878[+] shop.koroan.com
2879[+] shop.runru.jp
2880[+] shopowner-akakatsu.site
2881[+] shop-card.jp
2882[+] shop-hooga.com
2883[+] shop-voltage.com
2884[+] shop.2nd-option.com
2885[+] shop.fs-planning.net
2886[+] shoraku-jp.com
2887[+] shoshu.aikij.com
2888[+] shoutouan.com
2889[+] shufunavi.kprstory.com
2890[+] shuheiyoneda.com
2891[+] shunsuke-o.net
2892[+] shu-card.net
2893[+] sh-freegate.com
2894[+] sientanebiki.info
2895[+] sigrest.biz
2896[+] sikaku.aaa-mall.com
2897[+] sikisai.cc
2898[+] silvercarts.net
2899[+] sim-bio.org
2900[+] singapore.futakolife.com
2901[+] singletraveler.ikuranet.com
2902[+] sinki-j.jp
2903[+] sinkoukai.com
2904[+] sinlatech.com
2905[+] sino-tozan.com
2906[+] sinra-urusi.com
2907[+] sions.net
2908[+] siotica.com
2909[+] sirakabako.jp
2910[+] sisst.jp
2911[+] sistemas-digitales.com
2912[+] sisyuu-maekawa.com
2913[+] si-o-ne.jp
2914[+] skilluptraning.com
2915[+] skylife.cc
2916[+] skyorca.com
2917[+] skywallpartners.com
2918[+] sky-auc.com
2919[+] sky-tree.net
2920[+] slc-mie.com
2921[+] slowlife-c.com
2922[+] smilechance.com
2923[+] smilejunky.com
2924[+] smileneon.com
2925[+] smiler.info
2926[+] smilewar.com
2927[+] snackers.tabibito.org
2928[+] snowy-heart.com
2929[+] sns.sugarteatime.com
2930[+] snug-rd.com
2931[+] sodekaho.com
2932[+] soen-machioko.brian-brew.com
2933[+] sogojyuken.com
2934[+] sogokyouiku.com
2935[+] sokonuke.chu.jp
2936[+] solid-jp.com
2937[+] soltyes.net
2938[+] sol-web.co
2939[+] somewheretokyo.com
2940[+] sona-re.net
2941[+] soniclabo.com
2942[+] sonic-blue.jp
2943[+] sonpub.com
2944[+] sora4u.net
2945[+] soraniwa.net
2946[+] sorry-shave-web.oops.jp
2947[+] sotohane.com
2948[+] sotsuron.work
2949[+] soudan-rikon.com
2950[+] souko.fournetclub.com
2951[+] soulbeat2013.com
2952[+] soumane.com
2953[+] soundfeeling.net
2954[+] soundo.jp
2955[+] sound-try.com
2956[+] source-ws.com
2957[+] souwa-realestate.co.jp
2958[+] souyoukai-noh.com
2959[+] souzoku-tama.com
2960[+] sowa-co.net
2961[+] so-fit.biz
2962[+] so-only.emeraldsphere.net
2963[+] sp.hghs.jp
2964[+] sp.tokyogirl.info
2965[+] spa-ysroom.com
2966[+] speechbunrei-tv.com
2967[+] spicyflower.jp
2968[+] spinoza.jp
2969[+] spinoza.tokyo
2970[+] spiritmedical.biz
2971[+] spiritualyogawork-calnadhia.com
2972[+] spontaneous-ensemble.com
2973[+] sposic.com
2974[+] sprec.jp
2975[+] sp-avance.com
2976[+] sp.esaka-kuboclinic.com
2977[+] srg-office.com
2978[+] sskmszm.com
2979[+] ssk-alps.xyz
2980[+] ssparkle.com
2981[+] stab-blue.com
2982[+] stair-tokyo.com
2983[+] star-review.info
2984[+] std.tokyo
2985[+] std-max.net
2986[+] steadycompany.co.jp
2987[+] steingarcoo.com
2988[+] stg.guitto.co.jp
2989[+] stg.clover-kids.jp
2990[+] stljapan.com
2991[+] stone-onemore.com
2992[+] storiastoria.com
2993[+] straight-perm.jp
2994[+] studio3re.com
2995[+] studiofelice.com
2996[+] studioharappa.com
2997[+] studiolazuli.com
2998[+] studiomarsh.net
2999[+] studioshizuka.com
3000[+] studio-creare.com
3001[+] studio-lark.com
3002[+] studio-pirouette.com
3003[+] studio-radiance.com
3004[+] studio-songline.com
3005[+] study.svalue.net
3006[+] stu-diom.net
3007[+] styleplan.net
3008[+] style-neo.biz
3009[+] style-neo.jp
3010[+] style-neo.net
3011[+] sub-tokyo.com
3012[+] sudoku.ara.black
3013[+] sudo.okada-system.com
3014[+] sugarteatime.com
3015[+] sugidaru-shouyu.com
3016[+] sugihit.com
3017[+] sugne.com
3018[+] suhadabijuku.com
3019[+] suikousaibai.tetyan.com
3020[+] suisei.info
3021[+] suisenn.com
3022[+] suiso.k-24.net
3023[+] sukoyakabody.com
3024[+] sumai-oota.com
3025[+] sumai-oota.main.jp
3026[+] sumimec.jp
3027[+] sumizumi.co.jp
3028[+] summer-eye.com
3029[+] sumoken.com
3030[+] sunlive-koga.com
3031[+] sunshindo.com
3032[+] sun-bath.net
3033[+] support-place.com
3034[+] surfclub-graphic.com
3035[+] surugawazome-std.com
3036[+] surushika.com
3037[+] survive-style.com
3038[+] sushirecords.net
3039[+] suusan.net
3040[+] suvaru.com
3041[+] suwayamamusic.com
3042[+] suzubo.com
3043[+] suzukib.net
3044[+] suzuki-zouen.net
3045[+] suzuoto.net
3046[+] suzworks.net
3047[+] svalue.net
3048[+] sw294.com
3049[+] sweet-brownie.com
3050[+] switchy.jp
3051[+] sws1971.com
3052[+] syachi.com
3053[+] syenrong-mami.net
3054[+] syl-design.com
3055[+] syokudaikakkokai.com
3056[+] syouyanomori.com
3057[+] syuro.info
3058[+] s-big-b.com
3059[+] s-chuoclean.com
3060[+] s-comm.info
3061[+] s-comm.net
3062[+] s-f-e.com
3063[+] s-grs.com
3064[+] s-gym.com
3065[+] s-g.shag-eft.biz
3066[+] s-ojisama.org
3067[+] s-sampa.com
3068[+] tabibito.org
3069[+] tagami.jp
3070[+] taiheionishi.com
3071[+] taikikennai.com
3072[+] taikousha.com
3073[+] taikyoku-seitai.com
3074[+] tail-to-nose.com
3075[+] taishintekigou.sub.jp
3076[+] tak002.com
3077[+] takachiho.cc
3078[+] takakura-sharoushi.com
3079[+] takami.gr.jp
3080[+] takamiokaki.com
3081[+] takanokinsei.com
3082[+] takanoya.net
3083[+] takarakujibukuro.com
3084[+] takaramonogatari.com
3085[+] takasax.com
3086[+] takasewakabaen.com
3087[+] takase-shun.com
3088[+] takashima-bt.com
3089[+] takashiyamamoto.jp
3090[+] takatamisa.net
3091[+] takeoff.link
3092[+] takesatogochamise.xyz
3093[+] takeuchikikaku.com
3094[+] takken-kouza.com
3095[+] takudai-shizuoka.aikij.com
3096[+] takuma-g.net
3097[+] tam33.net
3098[+] tama.chu.jp
3099[+] tamakan.net
3100[+] tamaki-miwaza.com
3101[+] tamarimizu.com
3102[+] tama-ichi.net
3103[+] tanaka-dance.com
3104[+] tanbakan.com
3105[+] taneda-sekkei.com
3106[+] tango-style.com
3107[+] tanpoponooka.com
3108[+] tanteimiyazaki.com
3109[+] tapo.jp
3110[+] tapuriinc.com
3111[+] tarouandnoel.oops.jp
3112[+] tarutarujapan.com
3113[+] taske.jp
3114[+] tateguya-inoue.com
3115[+] tateshinabiyori.com
3116[+] tatsumiya.cc
3117[+] tatuki-design.net
3118[+] taxconsulting.link
3119[+] tax-consulting.link
3120[+] tbsb.info
3121[+] team.jp
3122[+] team-a.jp
3123[+] team-fuwa.com
3124[+] team-str.net
3125[+] technical-auto.com
3126[+] technoyard.jp
3127[+] tech-yz.com
3128[+] tecnas.net
3129[+] ted4gov.org
3130[+] teddytink.com
3131[+] tegosul.com
3132[+] teikyo-ebook.com
3133[+] tekireiki.net
3134[+] temps-des-coloris.com
3135[+] terapudding.work
3136[+] test.btg101.com
3137[+] test.funneloflife.com
3138[+] test.kawac.net
3139[+] test.miaul.net
3140[+] test01.ifmediaoffice.com
3141[+] test2.fp-niigata.com
3142[+] test-next-ed.funneloflife.com
3143[+] test.lis-hair.com
3144[+] test.shu-card.net
3145[+] tetyan.com
3146[+] thamesbeat.com
3147[+] theartsroom.com
3148[+] theater.lui-gi.com
3149[+] thebari.jp
3150[+] thebbboogie.com
3151[+] thecallings.com
3152[+] thee.jp
3153[+] thegreenhousestudio.net
3154[+] theory.svalue.net
3155[+] therapist-net.com
3156[+] theton-upmotors.com
3157[+] the-beach.info
3158[+] the-crawl.miaul.net
3159[+] the-pit-statuecollection.com
3160[+] the-posting.com
3161[+] thinkrainbow.net
3162[+] thinktppip.jp
3163[+] thirdculture.tv
3164[+] tidanefa.com
3165[+] tierra-wedding.com
3166[+] tigers2003.com
3167[+] timeshaft.info
3168[+] timshel-smile.com
3169[+] tinkerbell-11.com
3170[+] tkhomepage.com
3171[+] tkprojects.jp
3172[+] tk-kaikei-sr.jp
3173[+] tmakiba.com
3174[+] tmizusawa.com
3175[+] tmz45.com
3176[+] tns.900000009.net
3177[+] toan-japan.com
3178[+] tobenko.com
3179[+] tobetobe-tombi.net
3180[+] toesks.com
3181[+] tohban.com
3182[+] toho-okinawa.com
3183[+] toifleur2018.yywilliams.net
3184[+] toiya.lolipop.jp
3185[+] toiyamachi-studio.com
3186[+] tokita-komu10.com
3187[+] tokoname.com
3188[+] tokonamestore.com
3189[+] tokubetsushienkyoiku.com
3190[+] tokushima-fukushikikiten.com
3191[+] tokusin.sub.jp
3192[+] tokusiyo.com
3193[+] toku.m-takumi.net
3194[+] tokyo.chorishikai.com
3195[+] tokyo.tobenko.com
3196[+] tokyoartmuseum.info
3197[+] tokyobayfcu15.com
3198[+] tokyogirl.biz
3199[+] tokyogirl.info
3200[+] tokyohotelbooking.com
3201[+] tokyomura.com
3202[+] tokyosetsuritsu.com
3203[+] tokyotoshi-bm.com
3204[+] tokyo-maruso.com
3205[+] tokyo-olympic2020japan.com
3206[+] tokyo-webmail.com
3207[+] tomiyamakoichi.com
3208[+] tomi-yo.net
3209[+] tomode.tokyo
3210[+] tomoko-gs.net
3211[+] tomotrip.net
3212[+] tomottie.com
3213[+] tonamicompany.com
3214[+] tondenanbo.com
3215[+] tool-box.biz
3216[+] top.hghs.jp
3217[+] topmarutoku.com
3218[+] toriishi.com
3219[+] toshikikamei.com
3220[+] toshinao.com
3221[+] tosibong.net
3222[+] tosou-kagoshima.com
3223[+] tossys.com
3224[+] total-clinic.jp
3225[+] total-r.net
3226[+] totoumi.com
3227[+] tourismethics.org
3228[+] towacchi.com
3229[+] toyogiken-qc.com
3230[+] toyohouse.com
3231[+] toyokensetsu-iwaki.com
3232[+] toyo-clinic.net
3233[+] toys-mimic.com
3234[+] tozan.co.uk
3235[+] to-u-ka.com
3236[+] tpgj.biz
3237[+] traincafe-haruka.com
3238[+] trans-f.com
3239[+] traplife.com
3240[+] trapp.in
3241[+] travel.svalue.net
3242[+] travel-times.ikuranet.com
3243[+] trend-system.net
3244[+] triumph98.net
3245[+] tscf-school.com
3246[+] tsomething.com
3247[+] tsubaki.mobi
3248[+] tsubakuro.jp
3249[+] tsudadenki.com
3250[+] tsudadenki.co.jp
3251[+] tsugarunishiki.com
3252[+] tsumuguru.com
3253[+] tsunagalet-club.net
3254[+] tsunemi.biz
3255[+] tsutsumufuku.com
3256[+] ttdesign.jp
3257[+] tteac.com
3258[+] ttg-pao.com
3259[+] ttr-noh.net
3260[+] tubakiabura.com
3261[+] tuhankai.biz
3262[+] tuki8man.biz
3263[+] tukituki.jp
3264[+] tume04.m-takumi.net
3265[+] tume06.m-takumi.net
3266[+] tume08.m-takumi.net
3267[+] tume09.m-takumi.net
3268[+] tume11.m-takumi.net
3269[+] tume23.m-takumi.net
3270[+] tume29.m-takumi.net
3271[+] tume.m-takumi.net
3272[+] twcu-saitama.com
3273[+] twoyearsold.net
3274[+] tykyunc.org
3275[+] type-b.jp
3276[+] tyrolean.jp
3277[+] t-kingf.com
3278[+] t-model-job.com
3279[+] t-o.works
3280[+] t-wd.com
3281[+] u210.net
3282[+] uchinoneko-sotononeko.com
3283[+] udaya.jp
3284[+] udode.com
3285[+] uedamasaaki.com
3286[+] ue-chan.com
3287[+] uhnellys.com
3288[+] ukaji.jp
3289[+] ukcosmo.info
3290[+] ultrasound-doc.com
3291[+] umakandagawa.com
3292[+] uma-festa.com
3293[+] umbrellafs.net
3294[+] umedatakumi.com
3295[+] umiyamasachi.net
3296[+] underscope.org
3297[+] unicowns.asia
3298[+] uniform-gallery.com
3299[+] unikura.net
3300[+] union-inc.com
3301[+] union-serve.jp
3302[+] unitegraphica.com
3303[+] unmeinowa.net
3304[+] unoyoshiko.net
3305[+] unpain.jp
3306[+] upcheeka.com
3307[+] uqma.co.jp
3308[+] ura.pdgw.org
3309[+] uranai.ara.black
3310[+] uranai99.biz
3311[+] uranaikazuko.main.jp
3312[+] uranaiseisaku.com
3313[+] urashibuya.com
3314[+] urc86.org
3315[+] uresi.org
3316[+] urocli.com
3317[+] uron.xyz
3318[+] urukust.com
3319[+] ur-danchi.com
3320[+] usagi-club.jp
3321[+] usuge-site.com
3322[+] utagarasu.com
3323[+] utura.com
3324[+] uucute.com
3325[+] uuu.t-kingf.com
3326[+] uver.tokyo
3327[+] uwawanowa.com
3328[+] uz.tourismethics.org
3329[+] uz.trapp.in
3330[+] u-company.net
3331[+] u-na.com
3332[+] v2.sugarteatime.com
3333[+] valid-web.com
3334[+] valuefence.net
3335[+] vecellvessel.com
3336[+] vedas-knowledge.com
3337[+] vedas-knowledge.sub.jp
3338[+] vegetablemotto.com
3339[+] vegetable-oil-tsuhan.com
3340[+] vege-burger.com
3341[+] venture-kaikei.net
3342[+] victory-lightning.com
3343[+] vientodelcaribe.com
3344[+] vif-beauty.com
3345[+] villagestone.net
3346[+] virtue-info.cc
3347[+] visa-fukuoka.com
3348[+] vita-animalhospital.com
3349[+] viva-la-knz.com
3350[+] viva-okazaki.com
3351[+] vivi-ac.net
3352[+] voicework.co.jp
3353[+] voice-odai.jp
3354[+] voice.snowy-heart.com
3355[+] vonlienmotoyama.com
3356[+] voxray.net
3357[+] vrnetwork.net
3358[+] vsgan.net
3359[+] vtangra.com
3360[+] w.momokuma.com
3361[+] wachtraum.net
3362[+] wadaclinic.net
3363[+] wadadennki.com
3364[+] wahuu.net
3365[+] wakabayashi.biz
3366[+] wakasagi-yamanakako.com
3367[+] waka-koma.com
3368[+] wake-yamanakako.com
3369[+] waki-cosme.com
3370[+] wakoopt.com
3371[+] wancup.com
3372[+] wanway.info
3373[+] waraku-tadaya.com
3374[+] washo.main.jp
3375[+] wasite.jp
3376[+] watanabe-kougyou.org
3377[+] water-opal.com
3378[+] wa-interior.com
3379[+] wa-kana.com
3380[+] wbphoto.jp
3381[+] webinjp.com
3382[+] webmixs.com
3383[+] webpod.jp
3384[+] websleuthers.com
3385[+] webtest.link
3386[+] web-custom.com
3387[+] web-madoguchi.com
3388[+] web-prc.com
3389[+] weddingeve.co.jp
3390[+] westjr-anshin-f.jp
3391[+] wheelchair.jp
3392[+] wholecake.net
3393[+] wholeplantscookbook.com
3394[+] willit.jp
3395[+] wineclub-la-tablee.com
3396[+] wironkemono.com
3397[+] wiscon.jp
3398[+] wlf-cafe.com
3399[+] wonder-home.info
3400[+] woo.moo.jp
3401[+] wordpress.r-reform.com
3402[+] wordsalad.kotosara.com
3403[+] work.kawac.net
3404[+] worldcollection.net
3405[+] worldinphotos.net
3406[+] worldstyle.boo.jp
3407[+] worldstyle.jp
3408[+] wp.choseikan.com
3409[+] wp.msharp.jp
3410[+] wp.hasegawa-jpn.net
3411[+] wp.yla-tech.com
3412[+] wraf.info
3413[+] writehack.site
3414[+] wwjd-fpb.com
3415[+] www.aanoya.com
3416[+] www.adl.sc
3417[+] www.advertisenow.info
3418[+] www.afinet.red
3419[+] www.ahodesigns.com
3420[+] www.aiauto.jp
3421[+] www.aikij.com
3422[+] www.airconfukuoka.com
3423[+] www.aiscc.org
3424[+] www.akakatsuyu.net
3425[+] www.akitadansei.com
3426[+] www.amanoemi.com
3427[+] www.amarojik.com
3428[+] www.amasakeyamaru.com
3429[+] www.americanboyfriend.com
3430[+] www.amizo.net
3431[+] www.andgreen.net
3432[+] www.aqsakana.com
3433[+] www.araimika.com
3434[+] www.araka.org
3435[+] www.araside.net
3436[+] www.ara.black
3437[+] www.archixxx.jp
3438[+] www.arnev.jp
3439[+] www.arteline.net
3440[+] www.arutobenri.com
3441[+] www.asianplasticparty.com
3442[+] www.asianrj.com
3443[+] www.asiwadahotel.co.jp
3444[+] www.asloudaspossible.org
3445[+] www.atelierdecale.net
3446[+] www.atelieria.jp
3447[+] www.atopi.info
3448[+] www.ats0606.com
3449[+] www.atsukoikuta.com
3450[+] www.auf.co.jp
3451[+] www.auto2000.cc
3452[+] www.avvent.club
3453[+] www.awaben.info
3454[+] www.ayurayus.com
3455[+] www.azamidental.com
3456[+] www.babyfinder.org
3457[+] www.bace.camp
3458[+] www.bace.work
3459[+] www.ban796.com
3460[+] www.bestwine.tokyo.jp
3461[+] www.biguest.com
3462[+] www.biocoal.jp
3463[+] www.biomarco.com
3464[+] www.biora.jp
3465[+] www.biosensor.co.jp
3466[+] www.bizs.jp
3467[+] www.blackwatersmetal.net
3468[+] www.blanca.co.jp
3469[+] www.bluesalon.net
3470[+] www.bluetas.net
3471[+] www.bodhyinc.com
3472[+] www.bookofdays.jp
3473[+] www.brossurf.com
3474[+] www.btg101.com
3475[+] www.busevipsalon.com
3476[+] www.busyworks.net
3477[+] www.buyomyreha.jp
3478[+] www.cafecible.com
3479[+] www.calvin.org
3480[+] www.campbase.jp
3481[+] www.canary69.com
3482[+] www.canvasofdreams.com
3483[+] www.carneya.net
3484[+] www.carrotjuice.jp
3485[+] www.cartrust.jp
3486[+] www.ccforum.jp
3487[+] www.chaddsfordpa.net
3488[+] www.channelcinema.com
3489[+] www.chirpieapp.com
3490[+] www.chocoblossom.jp
3491[+] www.chokorin.com
3492[+] www.chorishikai.com
3493[+] www.choseikan.com
3494[+] www.chouette.jp
3495[+] www.christopherallandiadora.com
3496[+] www.churayado.com
3497[+] www.cleanel.com
3498[+] www.clownbee.com
3499[+] www.coccoland.jp
3500[+] www.colombo.jp
3501[+] www.communitymedia.co.jp
3502[+] www.companyslave.jp
3503[+] www.concre.jp
3504[+] www.cookhome21.com
3505[+] www.coolheart.co.jp
3506[+] www.cosy.jp
3507[+] www.crowntownhandmade.com
3508[+] www.cucrfc.com
3509[+] www.cw2008.jp
3510[+] www.cytokines2012.org
3511[+] www.dadaflora.com
3512[+] www.daijo.net
3513[+] www.daikokubashira.com
3514[+] www.desaki.com
3515[+] www.diamondshiga.com
3516[+] www.dicks.jp
3517[+] www.dobrojutro.net
3518[+] www.dogfood.co.jp
3519[+] www.dohkenkyo.net
3520[+] www.dragontalk.com
3521[+] www.dukeswesthollywood.com
3522[+] www.ebinatokyo.com
3523[+] www.eclo.biz
3524[+] www.ecorreo.org
3525[+] www.ecosfactory.jp
3526[+] www.eheart.co.jp
3527[+] www.elegirl.net
3528[+] www.endoharikyu.com
3529[+] www.eneport.com
3530[+] www.enirvana.biz
3531[+] www.enkaisenka.com
3532[+] www.enzymedrink.net
3533[+] www.eririn.com
3534[+] www.eternite.biz
3535[+] www.evodevodesign.com
3536[+] www.eyeinstitute.net
3537[+] www.face2fake.jp
3538[+] www.fairyfairy.net
3539[+] www.fakefield.com
3540[+] www.feliz1414.com
3541[+] www.ferryyakusima2.com
3542[+] www.firot.com
3543[+] www.fivedaysofwar.com
3544[+] www.footenergy.jp
3545[+] www.fremen.biz
3546[+] www.fromhere.tokyo
3547[+] www.frontierstrvl.com
3548[+] www.fugushop.com
3549[+] www.fukurokuju.net
3550[+] www.fushigina.net
3551[+] www.futabaclub.com
3552[+] www.fuyouhin.jp
3553[+] www.fwook.net
3554[+] www.gainet.biz
3555[+] www.gakkinomori.com
3556[+] www.gallerysway.com
3557[+] www.gamejihen3d.net
3558[+] www.gamejihen.net
3559[+] www.gamewalker.link
3560[+] www.gasliteestates.com
3561[+] www.germancouncil.co.jp
3562[+] www.getsuyokai.com
3563[+] www.getyourcompass.com
3564[+] www.giftsuwish.com
3565[+] www.ginganen.com
3566[+] www.gligligli.com
3567[+] www.goldengreen.jp
3568[+] www.gorakuan.net
3569[+] www.gorgeousgowns.biz
3570[+] www.goruuma.xyz
3571[+] www.gosaroseikotu.com
3572[+] www.groovyint.com
3573[+] www.guesthousetokyo.jp
3574[+] www.gunnarjapan.com
3575[+] www.gyoyu.com
3576[+] www.hadakamatsuri.jp
3577[+] www.hagiharasheet.com
3578[+] www.hairmakeflow.com
3579[+] www.hairz.jp
3580[+] www.haisyacenter.com
3581[+] www.hakatazanmai.net
3582[+] www.hakkaku.org
3583[+] www.hanahanapon.net
3584[+] www.hanahiraku.com
3585[+] www.hanakobo.biz
3586[+] www.handcraftguitar.jp
3587[+] www.haphazard.work
3588[+] www.happychiro.com
3589[+] www.happyhouse.school
3590[+] www.happyofks.com
3591[+] www.hazukiminami.com
3592[+] www.heiun.com
3593[+] www.helissio.co.jp
3594[+] www.hghs.jp
3595[+] www.hikarioita.net
3596[+] www.hirade.jp
3597[+] www.hirometix.jp
3598[+] www.hokkokukaidou.com
3599[+] www.honmachihiro.com
3600[+] www.hoopinthehood.com
3601[+] www.howtoswingagolfclub.org
3602[+] www.hulali.jp
3603[+] www.iactokyo.jp
3604[+] www.iafa.tokyo.jp
3605[+] www.iegoto.live
3606[+] www.ifmediaoffice.com
3607[+] www.ihinn.com
3608[+] www.iishina.com
3609[+] www.ikemenren.com
3610[+] www.ikiikijapan.jp
3611[+] www.imaikaguten.com
3612[+] www.imasen.net
3613[+] www.impromotive.com
3614[+] www.indeeex.com
3615[+] www.irodama.jp
3616[+] www.isym.xyz
3617[+] www.itaba.net
3618[+] www.iwamachi.net
3619[+] www.ja0.net
3620[+] www.jabbeemusic.com
3621[+] www.jacga.jp
3622[+] www.japanasa.org
3623[+] www.jaxxdafishworks.com
3624[+] www.jeffscrossroadblues.com
3625[+] www.jinchokyo.com
3626[+] www.jpntrike.club
3627[+] www.jucky.red
3628[+] www.jyugo.com
3629[+] www.kadvo.com
3630[+] www.kafukai.net
3631[+] www.kaikoan.co.jp
3632[+] www.kaiunsite.net
3633[+] www.kakashido.com
3634[+] www.kakiyakiwatanabe.com
3635[+] www.kakushinhan.org
3636[+] www.kamabokokan.co.jp
3637[+] www.kametabi.net
3638[+] www.kanoaki.com
3639[+] www.kaorifunakoshiya.com
3640[+] www.karigrohn.com
3641[+] www.katsunobu.net
3642[+] www.kawac.net
3643[+] www.kawaeee.com
3644[+] www.keikoikuta.com
3645[+] www.keinishishita.net
3646[+] www.keita.tokyo
3647[+] www.kennelgracia.com
3648[+] www.kidokorocco.info
3649[+] www.kieta.tokyo
3650[+] www.kinusaya.com
3651[+] www.kirala.biz
3652[+] www.kirarakodomo.com
3653[+] www.kitakaido.com
3654[+] www.kitamuraganka.com
3655[+] www.kkcs.org
3656[+] www.kmginzaclinic.com
3657[+] www.kobushicare.com
3658[+] www.koedokko.net
3659[+] www.kogayabungu.jp
3660[+] www.kokoroathome.com
3661[+] www.koroan.com
3662[+] www.kosodatetoikujisub1.info
3663[+] www.kosodatetoikuji.com
3664[+] www.koubikyunyuki.com
3665[+] www.koyoestate.jp
3666[+] www.kprstory.com
3667[+] www.kuralica.net
3668[+] www.kushiyayoiyarokuya.com
3669[+] www.kuzukaji.com
3670[+] www.kyotosake.jp
3671[+] www.leanani.com
3672[+] www.lilyco.biz
3673[+] www.linoneillracing.com
3674[+] www.livebarbondgirl.com
3675[+] www.livestyles.tv
3676[+] www.longvisor.com
3677[+] www.lookeydookey.com
3678[+] www.lovedogmarket.com
3679[+] www.loverscoat.com
3680[+] www.luckypower.info
3681[+] www.m2works.biz
3682[+] www.macot.co.jp
3683[+] www.magics.com
3684[+] www.magokoro.pw
3685[+] www.mamaselection.net
3686[+] www.marimaro.net
3687[+] www.maritimesilkroad.net
3688[+] www.marukufarm.com
3689[+] www.mastersatworkinc.com
3690[+] www.mdadiet.org
3691[+] www.mebaruing.com
3692[+] www.megumi.or.jp
3693[+] www.meikoyokoyama.com
3694[+] www.milestonemongstad.com
3695[+] www.minds.cx
3696[+] www.mintons.tokyo
3697[+] www.miraimap.net
3698[+] www.mirrorbowler.com
3699[+] www.misrelwatan.com
3700[+] www.mitaidouga.com
3701[+] www.miyumids.net
3702[+] www.mizubenosato.com
3703[+] www.mizuhoseikei.com
3704[+] www.mizutamaya.com
3705[+] www.mmaika.com
3706[+] www.mobilmester.com
3707[+] www.mogienterprise.com
3708[+] www.momokuma.com
3709[+] www.monjack.jp
3710[+] www.monocolle.com
3711[+] www.mottainaiya.click
3712[+] www.msharp.jp
3713[+] www.mullinscheese.net
3714[+] www.museumofart.jp
3715[+] www.musicfansite.net
3716[+] www.mutyuya.net
3717[+] www.myarcherfishsolo.com
3718[+] www.nachupuri.com
3719[+] www.nagano7.net
3720[+] www.nagano21.co.jp
3721[+] www.nagijupi.com
3722[+] www.nagomiryouhou.com
3723[+] www.nagoyaootake.com
3724[+] www.naissho.com
3725[+] www.nakai.in
3726[+] www.nakane.link
3727[+] www.nakaq.com
3728[+] www.nakayamaboring.jp
3729[+] www.nanasclub.com
3730[+] www.natsutsubaki.com
3731[+] www.nehajapan.com
3732[+] www.nekonosenaka.com
3733[+] www.nekopechi.com
3734[+] www.neojp.com
3735[+] www.neowill.info
3736[+] www.netwing.info
3737[+] www.nicodigoku.com
3738[+] www.nikkoservice.co.jp
3739[+] www.ninchi.info
3740[+] www.nishodo.jp
3741[+] www.nonoyuri.com
3742[+] www.northvillage.jp
3743[+] www.npokaikei.com
3744[+] www.nss.jp.net
3745[+] www.nurufuwa.com
3746[+] www.oceanenterprise.jp
3747[+] www.octahotel.com
3748[+] www.officejapan.co.jp
3749[+] www.ofuchi.net
3750[+] www.oharabooks.com
3751[+] www.osusumenopg.xyz
3752[+] www.osusumenotuushinkoza.click
3753[+] www.otohaya.com
3754[+] www.paddockstyle.com
3755[+] www.patriotmd.info
3756[+] www.peachmade.com
3757[+] www.perec.jp
3758[+] www.permian.site
3759[+] www.photographerhal.com
3760[+] www.polishnavi.jp
3761[+] www.popopoporn.com
3762[+] www.proots.net
3763[+] www.puromo2017.com
3764[+] www.ramazan2011.org
3765[+] www.realicet.com
3766[+] www.rentana35.com
3767[+] www.rerechan.com
3768[+] www.richardnickelcommittee.org
3769[+] www.riseisha.com
3770[+] www.rmcaj.net
3771[+] www.rmsmultimidia.com
3772[+] www.robinsons.co.jp
3773[+] www.rocomaho.com
3774[+] www.ronswanson2012.org
3775[+] www.rozeboom.jp
3776[+] www.rsjprwjp.com
3777[+] www.runru.jp
3778[+] www.runtan.info
3779[+] www.ryokuyuusya.com
3780[+] www.saekiclinic.net
3781[+] www.sakucomi.com
3782[+] www.salondekurono.com
3783[+] www.samuraiceo.jp
3784[+] www.sansen.biz
3785[+] www.santaro3.com
3786[+] www.sasakiai.com
3787[+] www.sasayoshi.com
3788[+] www.satomina.com
3789[+] www.satsuta.com
3790[+] www.savespaceshipearth.com
3791[+] www.sayakah.com
3792[+] www.sayinsei.com
3793[+] www.seikatukoubou.com
3794[+] www.senorya.com
3795[+] www.setuyaku.org
3796[+] www.shadanki.com
3797[+] www.shikaerabi.com
3798[+] www.shinaikids.com
3799[+] www.shinkenkai.jp
3800[+] www.shioty.info
3801[+] www.shirakabado.com
3802[+] www.shizuku.info
3803[+] www.shojonotomo.com
3804[+] www.shoutouan.com
3805[+] www.sikisai.cc
3806[+] www.silvercarts.net
3807[+] www.sinlatech.com
3808[+] www.skyorca.com
3809[+] www.soltyes.net
3810[+] www.somewheretokyo.com
3811[+] www.sonpub.com
3812[+] www.soraniwa.net
3813[+] www.sotohane.com
3814[+] www.soundo.jp
3815[+] www.spiritmedical.biz
3816[+] www.steadycompany.co.jp
3817[+] www.studioharappa.com
3818[+] www.sugarteatime.com
3819[+] www.suisenn.com
3820[+] www.sukoyakabody.com
3821[+] www.sumimec.jp
3822[+] www.sumizumi.co.jp
3823[+] www.sumoken.com
3824[+] www.sushirecords.net
3825[+] www.suvaru.com
3826[+] www.svalue.net
3827[+] www.syokudaikakkokai.com
3828[+] www.syuro.info
3829[+] www.takamiokaki.com
3830[+] www.takarakujibukuro.com
3831[+] www.takesatogochamise.xyz
3832[+] www.takeuchikikaku.com
3833[+] www.tamarimizu.com
3834[+] www.tanteimiyazaki.com
3835[+] www.tapuriinc.com
3836[+] www.tarutarujapan.com
3837[+] www.tekireiki.net
3838[+] www.tetyan.com
3839[+] www.thamesbeat.com
3840[+] www.thebari.jp
3841[+] www.thinktppip.jp
3842[+] www.tigers2003.com
3843[+] www.tkhomepage.com
3844[+] www.tkprojects.jp
3845[+] www.tobenko.com
3846[+] www.tohban.com
3847[+] www.tokusiyo.com
3848[+] www.tokyoartmuseum.info
3849[+] www.tomiyamakoichi.com
3850[+] www.tondenanbo.com
3851[+] www.toriishi.com
3852[+] www.toshikikamei.com
3853[+] www.toshinao.com
3854[+] www.tossys.com
3855[+] www.totoumi.com
3856[+] www.toyohouse.com
3857[+] www.tpgj.biz
3858[+] www.triumph98.net
3859[+] www.tsugarunishiki.com
3860[+] www.tsumuguru.com
3861[+] www.tsunemi.biz
3862[+] www.tubakiabura.com
3863[+] www.uhnellys.com
3864[+] www.ujack.co.jp
3865[+] www.ukcosmo.info
3866[+] www.underscope.org
3867[+] www.uqma.co.jp
3868[+] www.urc86.org
3869[+] www.uron.xyz
3870[+] www.urukust.com
3871[+] www.utura.com
3872[+] www.valuefence.net
3873[+] www.vecellvessel.com
3874[+] www.vegetablemotto.com
3875[+] www.voicework.co.jp
3876[+] www.vtangra.com
3877[+] www.wadadennki.com
3878[+] www.wakabayashi.biz
3879[+] www.wakoopt.com
3880[+] www.wancup.com
3881[+] www.wasite.jp
3882[+] www.wholecake.net
3883[+] www.wholeplantscookbook.com
3884[+] www.wraf.info
3885[+] www.xpec.jp
3886[+] www.yamagisi.jp
3887[+] www.yamasanchi.com
3888[+] www.yamatech.net
3889[+] www.yamatecorp.com
3890[+] www.yamatofudousan.com
3891[+] www.yaminabe.tv
3892[+] www.yataisakaba.com
3893[+] www.ykenchikushi.org
3894[+] www.ymtechno.jp
3895[+] www.ynos.tv
3896[+] www.yokolog.net
3897[+] www.youki.life
3898[+] www.yukarich.com
3899[+] www.yuukuuhome.com
3900[+] www.yuyuan.jp
3901[+] www.yywilliams.net
3902[+] www.zaby.jp
3903[+] www.zatopek11.net
3904[+] www.zett.work
3905[+] www.zooham.com
3906[+] www.zyaguchiya.com
3907[+] wwwichi.ichinokura.info
3908[+] www.1st-stroke.com
3909[+] www.1-maru.com
3910[+] www.2nd-option.com
3911[+] www.8meets.com
3912[+] www.10-24.net
3913[+] www.12win.jp
3914[+] www.15ya.in
3915[+] www.18k.jp
3916[+] www.30dai40dai.com
3917[+] www.55surf.com
3918[+] www.419speed.net
3919[+] www.428km.com
3920[+] www.510ysk.com
3921[+] www.518bz.net
3922[+] www.7236.info
3923[+] www.aaa-mall.com
3924[+] www.aa-co.net
3925[+] www.acid-lactic-bacteria.com
3926[+] www.add-ss.com
3927[+] www.ad-venture.jp
3928[+] www.ag-ex.com
3929[+] www.aki-works.info
3930[+] www.ak-iam.com
3931[+] www.ak-musicacademy.com
3932[+] www.ak-musicacademy-kids.com
3933[+] www.aloha-k.com
3934[+] www.amberpearl-jewel.com
3935[+] www.anan-iroha.com
3936[+] www.animal-club.link
3937[+] www.apt-planning.info
3938[+] www.arc-tv.com
3939[+] www.argle-as.com
3940[+] www.artfile-s.com
3941[+] www.asamura-ichigo.com
3942[+] www.aspa-osaka.com
3943[+] www.assist-jp.info
3944[+] www.asuka-koubai.com
3945[+] www.as-exceed.com
3946[+] www.atelier-m-design.com
3947[+] www.av-navi.co.jp
3948[+] www.axis-net.jp
3949[+] www.azami-dc.com
3950[+] www.a-d-factory.com
3951[+] www.a-tsumeru.com
3952[+] www.bali-surfersparadise.com
3953[+] www.bar-granreserva.com
3954[+] www.beauty-bon.com
3955[+] www.bello-3.com
3956[+] www.bene-ltd.com
3957[+] www.beppu-sennari.com
3958[+] www.bizen-ike.biz
3959[+] www.bon-mari.com
3960[+] www.book-akiba.com
3961[+] www.brands-bank.com
3962[+] www.brian-brew.com
3963[+] www.bring-luck.com
3964[+] www.bs-1.jp
3965[+] www.b-atami.com
3966[+] www.b-gene.com
3967[+] www.b-m-rokkou.com
3968[+] www.cafe-naturellement.com
3969[+] www.cafe-ryupeco-com.jp
3970[+] www.canful-megane.com
3971[+] www.cap-kobe.com
3972[+] www.carlife-topic.net
3973[+] www.casual-hunt.com
3974[+] www.central-noise-voice.school
3975[+] www.chai-hana.net
3976[+] www.chelsea-ny.com
3977[+] www.chiba-hs-volleyball.com
3978[+] www.chousei-yu.com
3979[+] www.choya-web.com
3980[+] www.cinq-etoiles.net
3981[+] www.climbing-park.com
3982[+] www.clover-kids.jp
3983[+] www.cococi-jp.com
3984[+] www.coffeebeans-cafe.com
3985[+] www.coffeeyu-a.com
3986[+] www.colors-fuk.com
3987[+] www.color-concept.net
3988[+] www.core-tuning.com
3989[+] www.cosmo-salon.com
3990[+] www.counselingroom-u.com
3991[+] www.country-terrace.jp
3992[+] www.crypto-air.net
3993[+] www.crypto-air.site
3994[+] www.crypto-air.tk
3995[+] www.cr-chromium.info
3996[+] www.cts-kumamoto.com
3997[+] www.customize-mode.com
3998[+] www.cycleshop-fun.com
3999[+] www.daiki-sekimizu.com
4000[+] www.day-clover.com
4001[+] www.dear-c.jp
4002[+] www.dee-plus.com
4003[+] www.deux-blanc.com
4004[+] www.dining-waka.com
4005[+] www.divebase-paradise.com
4006[+] www.dolcezza-mn.com
4007[+] www.doro-kanagawa.org
4008[+] www.double-veil.net
4009[+] www.dp-yc.com
4010[+] www.dr-three.com
4011[+] www.dtable-singlehouse.net
4012[+] www.d-labo-consulting.com
4013[+] www.ecopro-nagoya.com
4014[+] www.eec-study.com
4015[+] www.eluda-counseling.net
4016[+] www.ems-ad.biz
4017[+] www.ems-japan.com
4018[+] www.enshu-jomin.org
4019[+] www.eos-fan.com
4020[+] www.esaka-kuboclinic.com
4021[+] www.espe-ranza.com
4022[+] www.eureka-akerue.com
4023[+] www.every-k.com
4024[+] www.e-kamakura.com
4025[+] www.e-njointuk.com
4026[+] www.e-saitama.org
4027[+] www.e-satuma.com
4028[+] www.e-sumi.net
4029[+] www.e-wayamasina.com
4030[+] www.faceline-labo.com
4031[+] www.faceline-labo.net
4032[+] www.financial-service.jp
4033[+] www.fine-chiro.com
4034[+] www.food-sty.jp
4035[+] www.forest-town.jp
4036[+] www.fp-bestlife.com
4037[+] www.fp-choice.net
4038[+] www.fp-kouza.jp
4039[+] www.fp-niigata.com
4040[+] www.fp-writers.com
4041[+] www.free-file-backup.com
4042[+] www.ftc-trading.com
4043[+] www.fujisawa-rotary.com
4044[+] www.fukano-seitai.com
4045[+] www.fukutomi-dental.com
4046[+] www.futamura-unsouten.com
4047[+] www.fu-tower.com
4048[+] www.f-bf.com
4049[+] www.f-clione.com
4050[+] www.f-echino.com
4051[+] www.f-sakura-hs.jp
4052[+] www.gain-ns.com
4053[+] www.gaku-pro.com
4054[+] www.gallary-tensin.com
4055[+] www.galu-miyazaki.jp
4056[+] www.ginger-works.com
4057[+] www.ginzamedical-aga.com
4058[+] www.glad-design.jp
4059[+] www.glasses-r.jp
4060[+] www.glassstudio-hand.com
4061[+] www.glass-jubee.com
4062[+] www.goodstaff-agency.com
4063[+] www.g-hoken.info
4064[+] www.hair-make-zazie.com
4065[+] www.hamayu-kuroshio.com
4066[+] www.hanaya-bd.com
4067[+] www.hasegawa-jpn.net
4068[+] www.healthy-fat-loss-plan.com
4069[+] www.himawari-marunouchi.com
4070[+] www.himeji-caremanet.com
4071[+] www.hisa-sp.com
4072[+] www.hitsuji-design.jp
4073[+] www.hl-sa.com
4074[+] www.hmr-entertainment.com
4075[+] www.holistic-dental.com
4076[+] www.hotyoga-navi.com
4077[+] www.hy-diary.com
4078[+] www.h-agatsuma-mtb.com
4079[+] www.idol-bunch.com
4080[+] www.idumiya-mutsu.com
4081[+] www.igaku-jiten.com
4082[+] www.ih-qualities.jp
4083[+] www.ikeda-koumu.com
4084[+] www.immigration-museum-tokyo.org
4085[+] www.impala-camp.com
4086[+] www.info-net-hd.com
4087[+] www.inoue-kujira.com
4088[+] www.ins-kobe.com
4089[+] www.ishida-arch.com
4090[+] www.ishigaki-night.com
4091[+] www.ito-copy.com
4092[+] www.iwata-oomatsuri.org
4093[+] www.i-fudousan.net
4094[+] www.i-teiken.co.jp
4095[+] www.japanese-cocktail-creation.com
4096[+] www.jazzpiano-no-susume.com
4097[+] www.jewel-salon.com
4098[+] www.jkf-school.com
4099[+] www.joetsu-kakumei.net
4100[+] www.joshua-es.com
4101[+] www.js-climbing.com
4102[+] www.js-shika.com
4103[+] www.jun-iida.com
4104[+] www.just-rentalcars-japan.net
4105[+] www.jyouhou-ranking10.com
4106[+] www.j-bookmaker.com
4107[+] www.kaettekoi-fujimiyataku.com
4108[+] www.kagoshima-uwaki.com
4109[+] www.kaitori-fukuoka.com
4110[+] www.kamimura-kaikei.com
4111[+] www.kanagawa-union.org
4112[+] www.kanban-ryukan.com
4113[+] www.kannari-archi.com
4114[+] www.kansha-fudemoji.jp
4115[+] www.karaage-nobunaga.com
4116[+] www.kawaguchi-shotenkai.com
4117[+] www.kei-shinkyu.com
4118[+] www.kenshin-k.com
4119[+] www.keynote-music.jp
4120[+] www.kigaku-style.com
4121[+] www.km-sj.com
4122[+] www.kodomo-kyousei.jp
4123[+] www.kofukuji-matsubara.com
4124[+] www.konkatsu-tokai.com
4125[+] www.koukoku-navi.com
4126[+] www.ko-ko-ka-ra.com
4127[+] www.ksbuil-s.com
4128[+] www.ksoffice-jp.com
4129[+] www.ks-pd.com
4130[+] www.ks-pj.com
4131[+] www.ks-pn.com
4132[+] www.ks-seo.com
4133[+] www.ks-setubi.com
4134[+] www.ktai-denjiha.info
4135[+] www.kumamoto-fuzoku-night.net
4136[+] www.kurashiki-ae.com
4137[+] www.kurumi-mansion.com
4138[+] www.k-24.net
4139[+] www.k-claire.com
4140[+] www.k-cultureclub.com
4141[+] www.k-daiwa.jp
4142[+] www.k-royal.biz
4143[+] www.k-styleoffice.com
4144[+] www.k-terasaka.com
4145[+] www.langit-bali.com
4146[+] www.lara-vintage.com
4147[+] www.lilong-cafe.com
4148[+] www.link-seo.com
4149[+] www.lis-hair.com
4150[+] www.lohas-people.com
4151[+] www.losh-nikki.com
4152[+] www.lui-gi.com
4153[+] www.lumo-est.com
4154[+] www.machida-live.jp
4155[+] www.machi-nobeoka.jp
4156[+] www.machi-plan.com
4157[+] www.mako-26.com
4158[+] www.mari-shimizu.com
4159[+] www.maruei-kensetu.com
4160[+] www.maruka-syoyu.com
4161[+] www.masako-piano.net
4162[+] www.masa-web.com
4163[+] www.mashu-and-kei.com
4164[+] www.masuda-ya.co.jp
4165[+] www.matsuzaki-farm.com
4166[+] www.mba-investment.work
4167[+] www.mcm-group.co.jp
4168[+] www.meister-hora.net
4169[+] www.michinoeki-uryu.com
4170[+] www.minagawa-clinic.jp
4171[+] www.mino-orc.net
4172[+] www.misua-rentana.com
4173[+] www.mitsuki-ogawa.com
4174[+] www.mitsuru-kenchiku.net
4175[+] www.miyagawa-shinrin.jp
4176[+] www.miyazaki-fuzoku-night.net
4177[+] www.mk-management.jp
4178[+] www.mrfp-hakata.com
4179[+] www.mrt-umeda.com
4180[+] www.ms-connection.com
4181[+] www.muramatsu-gosei.com
4182[+] www.m-i-care.com
4183[+] www.m-shj.com
4184[+] www.nagata-microtia.com
4185[+] www.nagominoyo-ga.com
4186[+] www.nail-ribbon.com
4187[+] www.nail-rifare.com
4188[+] www.naoshima-line.com
4189[+] www.naruto-hamada.com
4190[+] www.nikibi-water.com
4191[+] www.nikko-kousan.com
4192[+] www.ninna-nanna.net
4193[+] www.nobinobi-kc.info
4194[+] www.nordictable-akakatsu.shop
4195[+] www.npo-engei.com
4196[+] www.npo-horizonte.org
4197[+] www.npo-kizuna.net
4198[+] www.n-i-w-a.com
4199[+] www.oasis-club.com
4200[+] www.ochakai-akasaka.com
4201[+] www.office-hiroe.com
4202[+] www.office-kino.com
4203[+] www.office-mita.com
4204[+] www.office-rikki.com
4205[+] www.ohishi-seitai.com
4206[+] www.oita-creation-gallery.com
4207[+] www.okada-system.com
4208[+] www.okushiga-resort.com
4209[+] www.olimpico-web.com
4210[+] www.oneandonly-miyazaki.org
4211[+] www.op-ayame.jp
4212[+] www.orange-moon.org
4213[+] www.otaru-ichifuji.com
4214[+] www.otete-club.com
4215[+] www.otoku-net.jp
4216[+] www.ova-japan.org
4217[+] www.oyster-aoyama.com
4218[+] www.o-haraseikotsuin.com
4219[+] www.paddock-pog.club
4220[+] www.pani-kumaya.com
4221[+] www.pano-h.com
4222[+] www.paramananda-hena.com
4223[+] www.pasta-myrecipes.com
4224[+] www.peace-crayon.world
4225[+] www.pet-b.com
4226[+] www.piano-refrain.com
4227[+] www.pinkribbon-k.jp
4228[+] www.planning-box.com
4229[+] www.poisson-dor.jp
4230[+] www.polka-dot.info
4231[+] www.ponpoko-pon.net
4232[+] www.prier-wedding.net
4233[+] www.promised-land.info
4234[+] www.pronunciation-english.com
4235[+] www.pro-iz.com
4236[+] www.p-adal.com
4237[+] www.p-auf.jp
4238[+] www.rc-gcraft.com
4239[+] www.recruit-sanyouroad.com
4240[+] www.reverie-premier.jp
4241[+] www.richwell-marketing.com
4242[+] www.rifare-nail.com
4243[+] www.rinyu-group.com
4244[+] www.ripple-happy.com
4245[+] www.rise-p.co
4246[+] www.rokuemon-akita.com
4247[+] www.runaair-senmon.net
4248[+] www.r-reform.com
4249[+] www.sakura-op.com
4250[+] www.salon-gluck.com
4251[+] www.sansui-food.com
4252[+] www.sanuki-awa.com
4253[+] www.sapporo-yutaka.com
4254[+] www.saraca-de-sarasa.com
4255[+] www.sauna-dictionary.com
4256[+] www.sawasdee-thai.com
4257[+] www.sa-shi.com
4258[+] www.school-tantei.com
4259[+] www.school-tentol.com
4260[+] www.scoop-home.jp
4261[+] www.seeds-dance.com
4262[+] www.seikou-gr.jp
4263[+] www.seiwa-hsinc.jp
4264[+] www.sekai-isshu.com
4265[+] www.sg-koshigaya.com
4266[+] www.shag-eft.biz
4267[+] www.shimizu-chiryo.com
4268[+] www.shin-zu.com
4269[+] www.shiretsukyousei-repo.net
4270[+] www.shizen-no-mori.com
4271[+] www.shopowner-akakatsu.site
4272[+] www.shu-card.net
4273[+] www.sh-freegate.com
4274[+] www.sim-bio.org
4275[+] www.sisyuu-maekawa.com
4276[+] www.sky-auc.com
4277[+] www.slc-mie.com
4278[+] www.snowy-heart.com
4279[+] www.sol-web.co
4280[+] www.soudan-rikon.com
4281[+] www.souwa-realestate.co.jp
4282[+] www.so-fit.biz
4283[+] www.spa-ysroom.com
4284[+] www.stab-blue.com
4285[+] www.studio-pirouette.com
4286[+] www.style-neo.biz
4287[+] www.surfclub-graphic.com
4288[+] www.syl-design.com
4289[+] www.s-big-b.com
4290[+] www.s-comm.net
4291[+] www.tail-to-nose.com
4292[+] www.takakura-sharoushi.com
4293[+] www.takase-shun.com
4294[+] www.takken-kouza.com
4295[+] www.tanaka-dance.com
4296[+] www.team-a.jp
4297[+] www.team-str.net
4298[+] www.technical-auto.com
4299[+] www.therapist-net.com
4300[+] www.theton-upmotors.com
4301[+] www.the-posting.com
4302[+] www.tick-tock-repos.com
4303[+] www.tierra-wedding.com
4304[+] www.tk-kaikei-sr.jp
4305[+] www.tobetobe-tombi.net
4306[+] www.tokita-komu10.com
4307[+] www.tokyo-maruso.com
4308[+] www.tool-box.biz
4309[+] www.total-clinic.jp
4310[+] www.to-u-ka.com
4311[+] www.ttg-pao.com
4312[+] www.twcu-saitama.com
4313[+] www.t-kingf.com
4314[+] www.t-o.works
4315[+] www.usuge-site.com
4316[+] www.u-company.net
4317[+] www.u-na.com
4318[+] www.vegetable-oil-tsuhan.com
4319[+] www.venture-kaikei.net
4320[+] www.victory-lightning.com
4321[+] www.viva-la-knz.com
4322[+] www.viva-okazaki.com
4323[+] www.vivi-ac.net
4324[+] www.wa-kana.com
4325[+] www.web-prc.com
4326[+] www.wlf-cafe.com
4327[+] www.wonder-home.info
4328[+] www.w-now.com
4329[+] www.xn--68jtbo2i2b.tokyo
4330[+] www.xn--80-g73axa3pk73vg2jba631xnkwznk.net
4331[+] www.xn--eckfe3dl2fxe5e2c1127cu9n.net
4332[+] www.xn--eckfe3dl2fxe5e2c3799bvyyaw89g.net
4333[+] www.xn--eckfe3dl2fxe5e2c5840cy4xa3h6a448a.net
4334[+] www.xn--eckfe3dl2fxe5e2c7452fdmh.net
4335[+] www.xn--eckfe3dl2fxe5e2c7491dlmf8u0m.net
4336[+] www.xn--eckfe3dl2fxe5e2c9068b650aj24a.net
4337[+] www.xn--eckfe3dl2fxe5e2c9506fxqqd.net
4338[+] www.xn--eckfe3dl2fxe5e2c9540cj6xa76w.net
4339[+] www.xn--eckfe3dl2fxe5e2cz093db4bzm.net
4340[+] www.xn--eckfe3dl2fxe5e2cz537bd0wazo8d.net
4341[+] www.xn--eckfe3dl2fxe5e2cz537bd0wazo8d.xyz
4342[+] www.xn--mck8fv62k8dig5fikf.com
4343[+] www.xn--n8jlr9a6a3ty94qbicv40u.net
4344[+] www.xn--ndkwc500mlsd3rxox0c.net
4345[+] www.xn--u9jz52gmqcuyqb9iu2bi3p646c.xyz
4346[+] www.yakitori-isao.com
4347[+] www.yamamoto-sika.net
4348[+] www.yla-tech.com
4349[+] www.yokohama-seitai.com
4350[+] www.ys-photo.com
4351[+] www.yukue-tantei.com
4352[+] www.yumekoubou-f.com
4353[+] www.yume-kokoro.com
4354[+] www.yu-ki-seitai.jp
4355[+] www.y-k15-pores.com
4356[+] www.y-labo.info
4357[+] www.zaisu-yamazaki.com
4358[+] w-ad.net
4359[+] w-d-w.com
4360[+] w-now.com
4361[+] w-rainbows.com
4362[+] w-train-bus.com
4363[+] xenoark.com
4364[+] xn--0trz0idyep9e716e.jp
4365[+] xn--1cki9mlb0916bzh4c.com
4366[+] xn--1dkaje.net
4367[+] xn--1-ogu1a8073aep0d9uc.xyz
4368[+] xn--1-vfuqb6cufvby918cg4g2odk9t2g8b68pmg3b.com
4369[+] xn--1-weu0iwc1981akpovifdx0g.net
4370[+] xn--2ckya6byeqb0179a1pewt8l.net
4371[+] xn--2ckya6byeqb6175b2ujy91ebixa.com
4372[+] xn--2ckya6byeqb6648a14rptis54es2za.jp
4373[+] xn--2ckya6byeqbz748aw4rptij02co1gg88c.com
4374[+] xn--3yq508bwrckxo.com
4375[+] xn--4gr61rv9c48m.com
4376[+] xn--08j2fs38g9ne8zu22kvnfy41b.com
4377[+] xn--20-e73a6gyb3zycsf9htc5697bxkmlxuvh3hinm097e.com
4378[+] xn--30-e73a6gyb3zycsf9htc5697ber0arpcly4axn0gehn.net
4379[+] xn--68jtbo2i2b.tokyo
4380[+] xn--68jxika9ce0b4krgj9oe6154jdni91cw7m9yvss9m1s9a.net
4381[+] xn--80-g73axa3pk73vg2jba631xnkwznk.net
4382[+] xn--100-ii4b3h6d2b8b9410i.xyz
4383[+] xn--2016-kc4c2b5545amx4e0do.xyz
4384[+] xn--ccka1iua0105bhdc106i.jp
4385[+] xn--cckln8zy35mr01b02xb.com
4386[+] xn--dmm-jk4b3c4af1qu860aec6f.com
4387[+] xn--eck3bkc7pndyc6892exr0b.com
4388[+] xn--eck4ae1fvf2g151wf2k1m5b.net
4389[+] xn--ecke1d3a9b4a1k.com
4390[+] xn--eckfe3dl2fxe5e2c1127cu9n.net
4391[+] xn--eckfe3dl2fxe5e2c3799bvyyaw89g.net
4392[+] xn--eckfe3dl2fxe5e2c5840cy4xa3h6a448a.net
4393[+] xn--eckfe3dl2fxe5e2c7452fdmh.net
4394[+] xn--eckfe3dl2fxe5e2c7491dlmf8u0m.net
4395[+] xn--eckfe3dl2fxe5e2c9068b650aj24a.net
4396[+] xn--eckfe3dl2fxe5e2c9506fxqqd.net
4397[+] xn--eckfe3dl2fxe5e2c9540cj6xa76w.net
4398[+] xn--eckfe3dl2fxe5e2cz093db4bzm.net
4399[+] xn--eckfe3dl2fxe5e2cz537bd0wazo8d.net
4400[+] xn--eckfe3dl2fxe5e2cz537bd0wazo8d.xyz
4401[+] xn--eckfpl9ji4c6a53a2242cz7ya6g5f6xq.com
4402[+] xn--eckvao9fqb0ai5mco9qu449asbvabg1r.com
4403[+] xn--efv26fcv2bw9j.biz
4404[+] xn--euts3n8lg6bk91h.xyz
4405[+] xn--ez-083a8gob0116cw2wb4qza9rh.com
4406[+] xn--fx-nb4aqa7fufs896az5bw74a355f.com
4407[+] xn--gravis-nb9rh4t.biz
4408[+] xn--hdks2996aecfu4jsogdnld23b.net
4409[+] xn--hdks8366ah30b.com
4410[+] xn--hrk-te4bzjmj045tul7aku1ake0f.net
4411[+] xn--ick8azbz88vk5lrr5d.net
4412[+] xn--idk0bn6g092ubwcbq0k.com
4413[+] xn--ipad-to4c4jf0d.biz
4414[+] xn--iso-rz1ew04hfysgu5b.com
4415[+] xn--lck8auv7ea3lj8d1191ezwnhp6h.com
4416[+] xn--mck2bp8e3c580x83xbjgvi29e.com
4417[+] xn--mck2bp8e3cz96xuur.com
4418[+] xn--mck2bp8e3cz949a11l.com
4419[+] xn--mck8fv62k8dig5fikf.com
4420[+] xn--n8j6d3byb6950bfxm.com
4421[+] xn--n8jl21ama7z5bb8344eoskkolp26egl3c.net
4422[+] xn--n8jl021zyxefqgpk8b509a.com
4423[+] xn--n8jl75asb2d5f1b3711cp9lbs5e.net
4424[+] xn--n8jlr9a6a3ty94qbicv40u.net
4425[+] xn--n8jtnhb6cufvbx918cw38b6oh.jp
4426[+] xn--n8jubya0otb8217de12bbks.net
4427[+] xn--n8jxlja0c4cue2fva8dcb2928j1ivdmtl.com
4428[+] xn--n8jz08jk7cv76ahj0a.net
4429[+] xn--n9j7h3a9e6h019qfkn1h0a6b0c.com
4430[+] xn--nckex1cb1f9fsa3645h8vm.net
4431[+] xn--ndkwc500mlsd3rxox0c.net
4432[+] xn--no1-r63b3a9sc83dmdqgpj5c9232d9y3acw9f.com
4433[+] xn--ok-7g4a2ethkbydc6100h4hza.net
4434[+] xn--pckba0b4jybydual7d8e.net
4435[+] xn--pckj3hsdd4c3958dw3ta.com
4436[+] xn--pet001am3k.com
4437[+] xn--sbifx-5u4dse5b0i.com
4438[+] xn--t8j0a5dr650a9qduo2c4tjjno.com
4439[+] xn--t8j4aa4d3a7i9jqa0h3b8mtgoa8l7e3a.com
4440[+] xn--t8j4aa4n0k6crlv76wi80f.xyz
4441[+] xn--t8j4aa4npg9a9htc9a0172fk0wg.xyz
4442[+] xn--t8j4aa8f8d5iap62es01xh2rv62o.com
4443[+] xn--t8j4aa8f8d5o0cuhrfs446fggma1wdo6vnll.xyz
4444[+] xn--t8j4aa8f8dwj4di6o1e8jk384awj0awy1i.com
4445[+] xn--t8j8a2is95lbkiq4q2pfpq3d8h0a.com
4446[+] xn--t8j9b3du78l57p7jt.com
4447[+] xn--tck5dycy80x.com
4448[+] xn--tckdid7q7a6c4gcb9939g.com
4449[+] xn--tckuee9ab2is41yd6ce93o.xyz
4450[+] xn--tdkvb4a.com
4451[+] xn--tfr399c8rj.com
4452[+] xn--u9j940g67fq9vfp0d.net
4453[+] xn--u9jtfpgycx12rhuofj3a25b.com
4454[+] xn--u9jz52gmqcuyqb9iu2bi3p646c.xyz
4455[+] xn--w8j6lqb4hz87nzzs.net
4456[+] xn--w9jucc7q7bue1g7b0193c.net
4457[+] xn--wvw46rd8issa.com
4458[+] xn--yckxaaa2due639x42wa295b.com
4459[+] xn--yet6enut3crv1c442a.com
4460[+] xn--zck7a7j9342ajcp.biz
4461[+] xn--zck7a7jl58i42zlbgpm2f.com
4462[+] xn--zqs346az50b.net
4463[+] xn----k8tzmsc8goep75wk8ya.com
4464[+] xn----n8txae9ga2lrgno4p5fy958bkkxb.com
4465[+] xn----qeu5buc540v9b5a.com
4466[+] xpec.jp
4467[+] xxmadnessxx.com
4468[+] y.hghs.jp
4469[+] yabuuchi-cpta.com
4470[+] yadakun.com
4471[+] yakedake.com
4472[+] yakiniku-himawari.com
4473[+] yakitori-isao.com
4474[+] yakitori-nagare.com
4475[+] yakuman.net
4476[+] yakuzaishi.net
4477[+] yakuzaishi.tv
4478[+] yamadamasato-tax.com
4479[+] yamagisi.jp
4480[+] yamaguchimasahiro.com
4481[+] yamaguchiya.in
4482[+] yamaguchi-fc-kickers.net
4483[+] yamakensou.com
4484[+] yamamoto-care.com
4485[+] yamamoto-sika.net
4486[+] yamanote6-dental.com
4487[+] yamasanchi.com
4488[+] yamatech.net
4489[+] yamatecorp.com
4490[+] yamatofudousan.com
4491[+] yamatomail.com
4492[+] yamatoseikotsu.com
4493[+] yamauchi-sougou.com
4494[+] yamawakirei.com
4495[+] yamerumaeni.com
4496[+] yaminabe.tv
4497[+] yanagihara-k.com
4498[+] yanai-knitting.com
4499[+] yaoyoros.com
4500[+] yashiki-shika.com
4501[+] yasuco.info
4502[+] yasudanouen.net
4503[+] yasuragi-group.net
4504[+] yataisakaba.com
4505[+] yecohome.com
4506[+] yfukyu.com
4507[+] ykenchikushi.org
4508[+] yks-u.net
4509[+] yla-tech.com
4510[+] ymimage.com
4511[+] ymtechno.jp
4512[+] ynos.tv
4513[+] yn-kickers.com
4514[+] yocco.main.jp
4515[+] yogoh.com
4516[+] yokohama-koryukai.com
4517[+] yokohama-seitai.com
4518[+] yokohama.fine-chiro.com
4519[+] yokolog.net
4520[+] yokozuki.jp
4521[+] yomoneko.com
4522[+] yonahadake.com
4523[+] yorokobasou.com
4524[+] yose.totoumi.com
4525[+] yoshida-radio.com
4526[+] yoshinagadenki.com
4527[+] yosizawa-auto.com
4528[+] yosi-non.com
4529[+] yotsuba.miaul.net
4530[+] yotsumoto.daa.jp
4531[+] youki.life
4532[+] yourmoncler.com
4533[+] yousai.com
4534[+] youtsuu.info
4535[+] yoyogidesign.com
4536[+] ystono.com
4537[+] ys-photo.com
4538[+] yu39.com
4539[+] yubipro.totoumi.com
4540[+] yubi-inc.com
4541[+] yucoon.com
4542[+] yufuinn-minaminokaze.com
4543[+] yuichihirako.com
4544[+] yuichi-web.com
4545[+] yukarich.com
4546[+] yukkiy-star.com
4547[+] yukonimura.com
4548[+] yuko-usui.com
4549[+] yukue-tantei.com
4550[+] yulala.net
4551[+] yumejitsugen.net
4552[+] yumekoubou-f.com
4553[+] yumenofusen.totoumi.com
4554[+] yumesalon.com
4555[+] yume-kokoro.com
4556[+] yumyumfam.com
4557[+] yumyumgraf.com
4558[+] yumyumyummy.us
4559[+] yum-i.com
4560[+] yunyun.info
4561[+] yuri-ka.com
4562[+] yuri-taka.com
4563[+] yusukeryuman.com
4564[+] yutakasushi.com
4565[+] yuukuuhome.com
4566[+] yuuya.net
4567[+] yuwa.co
4568[+] yuwis.com
4569[+] yuya.org
4570[+] yuyuan.jp
4571[+] yuzawa.co.jp
4572[+] yuzawa.land
4573[+] yuzu-ksfoods.com
4574[+] yu-ki-seitai.jp
4575[+] yywilliams.net
4576[+] y-cgworks.com
4577[+] y-k15-pores.com
4578[+] y-k16-carassess.com
4579[+] y-labo.info
4580[+] y-tanaka.sunnyday.jp
4581[+] zaby.jp
4582[+] zaisu-yamazaki.com
4583[+] zaitakusan.net
4584[+] zakioka.com
4585[+] zatopek11.net
4586[+] zaxis.cc
4587[+] zeirisi.org
4588[+] zenbun-obr.com
4589[+] zenshin.win
4590[+] zensho-gakuen.com
4591[+] zero-gra.net
4592[+] zero-siki.com
4593[+] zett.work
4594[+] zieel-hair.com
4595[+] zigokuno.kawac.net
4596[+] zipanglab.com
4597[+] zock.info
4598[+] zooham.com
4599[+] zyaguchiya.com
4600[+] z-cosme.m-takumi.net
4601[+] z-ryugaku01.m-takumi.net
4602[+] z-ryugaku07.m-takumi.net
4603[+] z-ryugaku10.m-takumi.net
4604[+] z-ryugaku14.m-takumi.net
4605[+] z-ryugaku15.m-takumi.net
4606[+] z-ryugaku29.m-takumi.net
4607[+] z-ryugaku.m-takumi.net
4608[+] z-ton.com
4609#######################################################################################################################################
4610
4611
4612Reverse IP With YouGetSignal 'inoue-kujira.com'
4613--------------------------------------------------
4614
4615[*] IP: 157.7.107.254
4616[*] Domain: inoue-kujira.com
4617[*] Total Domains: 1
4618
4619[+] inoue-kujira.com
4620#######################################################################################################################################
4621
4622
4623Geo IP Lookup 'inoue-kujira.com'
4624-----------------------------------
4625
4626[+] IP Address: 157.7.107.254
4627[+] Country: Japan
4628[+] State: Tokyo
4629[+] City: Tokyo
4630[+] Latitude: 35.6882
4631[+] Longitude: 139.7532
4632#######################################################################################################################################
4633
4634
4635
4636Bypass Cloudflare 'inoue-kujira.com'
4637---------------------------------------
4638
4639[!] CloudFlare Bypass 157.7.107.254 | ftp.inoue-kujira.com
4640[!] CloudFlare Bypass 133.130.34.119 | blog.inoue-kujira.com
4641[!] CloudFlare Bypass 157.7.107.254 | mail.inoue-kujira.com
4642[!] CloudFlare Bypass 157.7.107.254 | www.inoue-kujira.com
4643#######################################################################################################################################
4644
4645
4646
4647DNS Lookup 'inoue-kujira.com'
4648--------------------------------
4649
4650[+] inoue-kujira.com. 599 IN A 157.7.107.254
4651[+] inoue-kujira.com. 599 IN MX 10 mx01.lolipop.jp.
4652[+] inoue-kujira.com. 21599 IN NS uns02.lolipop.jp.
4653[+] inoue-kujira.com. 21599 IN NS uns01.lolipop.jp.
4654[+] inoue-kujira.com. 21599 IN SOA uns01.lolipop.jp. admin.madame.jp. 2007112926 60 3600 1209600 86400
4655#######################################################################################################################################
4656
4657
4658
4659Show HTTP Header 'inoue-kujira.com'
4660--------------------------------------
4661
4662[+] HTTP/1.1 200 OK
4663[+] Date: Tue, 09 Jul 2019 02:34:25 GMT
4664[+] Content-Type: text/html
4665[+] Content-Length: 6091
4666[+] Connection: keep-alive
4667[+] Last-Modified: Fri, 11 Jul 2008 00:24:49 GMT
4668[+] Accept-Ranges: none
4669[+] Vary: Range,Accept-Encoding
4670[+] Server: Apache
4671#######################################################################################################################################
4672
4673
4674
4675Port Scan 'inoue-kujira.com'
4676-------------------------------
4677
4678Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 02:34 UTC
4679Nmap scan report for inoue-kujira.com (157.7.107.254)
4680Host is up (0.16s latency).
4681rDNS record for 157.7.107.254: 157-7-107-254.virt.lolipop.jp
4682
4683PORT STATE SERVICE
468421/tcp filtered ftp
468522/tcp filtered ssh
468623/tcp filtered telnet
468780/tcp open http
4688110/tcp filtered pop3
4689143/tcp filtered imap
4690443/tcp open https
46913389/tcp filtered ms-wbt-server
4692
4693Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
4694#######################################################################################################################################
4695
4696
4697
4698
4699Traceroute 'inoue-kujira.com'
4700--------------------------------
4701
4702Start: 2019-07-09T02:34:33+0000
4703HOST: web01 Loss% Snt Last Avg Best Wrst StDev
4704 1.|-- 45.79.12.202 0.0% 3 0.6 0.7 0.6 0.8 0.1
4705 2.|-- 45.79.12.6 0.0% 3 0.5 0.5 0.5 0.5 0.0
4706 3.|-- 199.245.16.65 0.0% 3 1.6 1.5 1.5 1.6 0.0
4707 4.|-- ae-0.r23.dllstx09.us.bb.gin.ntt.net 0.0% 3 2.0 1.5 1.3 2.0 0.4
4708 5.|-- ae-8.r23.snjsca04.us.bb.gin.ntt.net 0.0% 3 39.0 39.0 39.0 39.1 0.0
4709 6.|-- ae-21.r30.tokyjp05.jp.bb.gin.ntt.net 0.0% 3 144.3 144.3 144.3 144.3 0.0
4710 7.|-- ae-2.r02.tokyjp05.jp.bb.gin.ntt.net 0.0% 3 145.6 145.6 145.6 145.7 0.0
4711 8.|-- ae-0.a01.tokyjp05.jp.bb.gin.ntt.net 0.0% 3 145.4 145.5 145.4 145.8 0.2
4712 9.|-- ae-0.gmo.tokyjp05.jp.bb.gin.ntt.net 0.0% 3 144.6 144.8 144.6 144.9 0.2
4713 10.|-- unused-133-130-012-058.interq.or.jp 0.0% 3 153.2 148.1 145.6 153.2 4.4
4714 11.|-- g-o-p-4ee-a01-1-e-1-1.interq.or.jp 0.0% 3 145.6 145.6 145.6 145.7 0.0
4715 12.|-- unused-157-7-041-162.interq.or.jp 0.0% 3 153.7 148.7 146.0 153.7 4.4
4716 13.|-- 157-7-107-254.virt.lolipop.jp 0.0% 3 144.3 144.3 144.3 144.3 0.0
4717#######################################################################################################################################
4718[INFO] Date: 08/07/19 | Time: 22:47:44
4719[INFO] ------TARGET info------
4720[*] TARGET: http://www.inoue-kujira.com/
4721[*] TARGET IP: 157.7.107.254
4722[INFO] NO load balancer detected for www.inoue-kujira.com...
4723[*] DNS servers: uns01.lolipop.jp.
4724[*] TARGET server: Apache
4725[*] CC: JP
4726[*] Country: Japan
4727[*] RegionCode: 13
4728[*] RegionName: Tokyo
4729[*] City: Shibuya
4730[*] ASN: AS7506
4731[*] BGP_PREFIX: 157.7.64.0/18
4732[*] ISP: INTERQ GMO Internet,Inc, JP
4733[INFO] DNS enumeration:
4734[*] blog.inoue-kujira.com users11.jg.jugem.jp. users311.jg.jugem.jp. 133.130.34.119
4735[*] ftp.inoue-kujira.com 157.7.107.254
4736[*] mail.inoue-kujira.com 157.7.107.254
4737[INFO] Possible abuse mails are:
4738[*] abuse@gmo.jp
4739[*] abuse@inoue-kujira.com
4740[*] abuse@www.inoue-kujira.com
4741[INFO] NO PAC (Proxy Auto Configuration) file FOUND
4742[INFO] Starting FUZZing in http://www.inoue-kujira.com/FUzZzZzZzZz...
4743[INFO] Status code Folders
4744[*] 200 http://www.inoue-kujira.com/index
4745[ALERT] Look in the source code. It may contain passwords
4746[INFO] Links found from http://www.inoue-kujira.com/ http://157.7.107.254/:
4747[*] http://blog.inoue-kujira.com/
4748[*] http://bookkeeping.rental-rental.net/
4749[*] http://www.inoue-kujira.com/gaiyou.html
4750[*] http://www.inoue-kujira.com/kaimono.html
4751[*] http://www.inoue-kujira.com/mame.html
4752[*] http://www.inoue-kujira.com/new.html
4753[*] http://www.inoue-kujira.com/pra.html
4754[*] http://www.inoue-kujira.com/tenpo.html
4755[*] http://www.inoue-kujira.com/toiawase.html
4756[*] http://www.inoue-kujira.com/tokutei.html
4757[*] http://x4.akazunoma.com/bin/gg?049784100
4758[INFO] GOOGLE has 453,000 results (0.23 seconds) about http://www.inoue-kujira.com/
4759[INFO] Shodan detected the following opened ports on 157.7.107.254:
4760[*] 443
4761[*] 80
4762[INFO] ------VirusTotal SECTION------
4763[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
4764[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
4765[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
4766[INFO] ------Alexa Rank SECTION------
4767[INFO] Percent of Visitors Rank in Country:
4768[INFO] Percent of Search Traffic:
4769[INFO] Percent of Unique Visits:
4770[INFO] Total Sites Linking In:
4771[*] Total Sites
4772[INFO] Useful links related to www.inoue-kujira.com - 157.7.107.254:
4773[*] https://www.virustotal.com/pt/ip-address/157.7.107.254/information/
4774[*] https://www.hybrid-analysis.com/search?host=157.7.107.254
4775[*] https://www.shodan.io/host/157.7.107.254
4776[*] https://www.senderbase.org/lookup/?search_string=157.7.107.254
4777[*] https://www.alienvault.com/open-threat-exchange/ip/157.7.107.254
4778[*] http://pastebin.com/search?q=157.7.107.254
4779[*] http://urlquery.net/search.php?q=157.7.107.254
4780[*] http://www.alexa.com/siteinfo/www.inoue-kujira.com
4781[*] http://www.google.com/safebrowsing/diagnostic?site=www.inoue-kujira.com
4782[*] https://censys.io/ipv4/157.7.107.254
4783[*] https://www.abuseipdb.com/check/157.7.107.254
4784[*] https://urlscan.io/search/#157.7.107.254
4785[*] https://github.com/search?q=157.7.107.254&type=Code
4786[INFO] Useful links related to AS7506 - 157.7.64.0/18:
4787[*] http://www.google.com/safebrowsing/diagnostic?site=AS:7506
4788[*] https://www.senderbase.org/lookup/?search_string=157.7.64.0/18
4789[*] http://bgp.he.net/AS7506
4790[*] https://stat.ripe.net/AS7506
4791[INFO] Date: 08/07/19 | Time: 22:48:22
4792[INFO] Total time: 0 minute(s) and 38 second(s)
4793#######################################################################################################################################
4794Trying "inoue-kujira.com"
4795;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21562
4796;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
4797
4798;; QUESTION SECTION:
4799;inoue-kujira.com. IN ANY
4800
4801;; ANSWER SECTION:
4802inoue-kujira.com. 600 IN MX 10 mx01.lolipop.jp.
4803inoue-kujira.com. 43200 IN SOA uns01.lolipop.jp. admin.madame.jp. 2007112926 60 3600 1209600 86400
4804inoue-kujira.com. 600 IN A 157.7.107.254
4805inoue-kujira.com. 43200 IN NS uns02.lolipop.jp.
4806inoue-kujira.com. 43200 IN NS uns01.lolipop.jp.
4807
4808;; AUTHORITY SECTION:
4809inoue-kujira.com. 43200 IN NS uns01.lolipop.jp.
4810inoue-kujira.com. 43200 IN NS uns02.lolipop.jp.
4811
4812Received 198 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 320 ms
4813#######################################################################################################################################
4814; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace inoue-kujira.com
4815;; global options: +cmd
4816. 86091 IN NS c.root-servers.net.
4817. 86091 IN NS j.root-servers.net.
4818. 86091 IN NS i.root-servers.net.
4819. 86091 IN NS e.root-servers.net.
4820. 86091 IN NS h.root-servers.net.
4821. 86091 IN NS l.root-servers.net.
4822. 86091 IN NS a.root-servers.net.
4823. 86091 IN NS g.root-servers.net.
4824. 86091 IN NS b.root-servers.net.
4825. 86091 IN NS d.root-servers.net.
4826. 86091 IN NS f.root-servers.net.
4827. 86091 IN NS m.root-servers.net.
4828. 86091 IN NS k.root-servers.net.
4829. 86091 IN RRSIG NS 8 0 518400 20190721210000 20190708200000 59944 . ujjsSR7ZQqoQJ5owETcoWZFtkzn8CwlH8p489rpCu1ruvLtCcMa4rQNE IrDNkevWh/BSTq47x3iaskRvjGaOkhzWd/pS9pCI723++iEkhJhsh8gN ADu1Bd93+4vS5fpUaIPzX8qLBZ+WKs2u12BI6tFeYxaqTRoA6ul9BdHK U8Ak3v/UH9wXJHvejWgkIyG+ezRFTuNuONrlmADdDPVhRinLr0zdb6xw vYFnxSjRrcb39lksTXUotfSh3S4m22SqZfNgF6LPpycqnWUch4/qjZ0q 0LAfK4/qUDgFwbFWtSm+0iI8dE9ZyhsR/8MQAR9M0QI5wAn8vdQk1js1 vtYlQA==
4830;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 270 ms
4831
4832com. 172800 IN NS h.gtld-servers.net.
4833com. 172800 IN NS m.gtld-servers.net.
4834com. 172800 IN NS l.gtld-servers.net.
4835com. 172800 IN NS b.gtld-servers.net.
4836com. 172800 IN NS a.gtld-servers.net.
4837com. 172800 IN NS i.gtld-servers.net.
4838com. 172800 IN NS d.gtld-servers.net.
4839com. 172800 IN NS j.gtld-servers.net.
4840com. 172800 IN NS k.gtld-servers.net.
4841com. 172800 IN NS e.gtld-servers.net.
4842com. 172800 IN NS f.gtld-servers.net.
4843com. 172800 IN NS c.gtld-servers.net.
4844com. 172800 IN NS g.gtld-servers.net.
4845com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
4846com. 86400 IN RRSIG DS 8 1 86400 20190721210000 20190708200000 59944 . rBBoxa85AB4TGBjemIyo+OrzEE6WB1GKZB+LaNhX8XLlgfj6FBTJDy3D a1+Bc8Dp6bhu+OYz5KdFwQaoV3ac/WsP9Ftp8BAFgrGbO8iLAe0xJ13d XWPWxsUmsd08jStBw7mVMPDWHcQguwF6eI3Qqhdokl9J5W0f6Nfn+w27 OMG+KqMuZIzi9s/ualc0ZpUivKu/VNgXWqO93YOsBheXdzPLgqPiuGdT BSfLAD1mC9X/Wpvt2ucEh+JvmlK1Zf0psTIFpw1D8M6zjrKzGf2cZdY7 WAzC3hYcBRObBOFRaqLTmDBMy5G1esxwshAOTSuKRQNCFBgV2buykje0 nucu3Q==
4847;; Received 1176 bytes from 2001:7fe::53#53(i.root-servers.net) in 98 ms
4848
4849inoue-kujira.com. 172800 IN NS uns01.lolipop.jp.
4850inoue-kujira.com. 172800 IN NS uns02.lolipop.jp.
4851CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
4852CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190714044431 20190707033431 3800 com. BKPFq/Z6OdQj3J/veD+Ty87mCyx1yfhuW3eFuZ4g6d6JOZ+CHghL6DEL y8ztytbZxVCMHrFRl5VkSrxM9buZ2MDJnHeZBqB/LwuCncLD9DRQ/5R3 tbvu8PIWFrwvpgfyez+h5/XVEKJqszN+rFlNEsOS4iaZDw+mIn3PYOt5 T2U=
485315URQVRRUJLAG61CRNO4PSL54P7JDLFF.com. 86400 IN NSEC3 1 1 0 - 15USAF6HN3BGBB1NQGAUL7QJ5QHM2D0N NS DS RRSIG
485415URQVRRUJLAG61CRNO4PSL54P7JDLFF.com. 86400 IN RRSIG NSEC3 8 2 86400 20190714041621 20190707030621 3800 com. YNQnub/7c0yYz2a9NByI8tXtb3xHTc8ObFH493RGfeqfQxI1ujKIV4JH FWixfklewPRj3AjWfFGxwL2+cDyW1E838uELKl7X09MKHP6A56unx+XI ox6q6Qhhxld830hrmWWFQ6YdT8YQo6jYnV3tUpoVliW+1PgSmuorfIx8 73o=
4855;; Received 580 bytes from 192.41.162.30#53(l.gtld-servers.net) in 397 ms
4856
4857inoue-kujira.com. 600 IN A 157.7.107.254
4858;; Received 61 bytes from 210.188.212.73#53(uns02.lolipop.jp) in 525 ms
4859
4860#######################################################################################################################################
4861[*] Performing General Enumeration of Domain: inoue-kujira.com
4862[-] DNSSEC is not configured for inoue-kujira.com
4863[*] SOA uns01.lolipop.jp 157.7.190.91
4864[*] NS uns02.lolipop.jp 210.188.212.73
4865[*] Bind Version for 210.188.212.73 GMO Pepabo
4866[*] NS uns01.lolipop.jp 157.7.190.91
4867[*] Bind Version for 157.7.190.91 GMO Pepabo
4868[*] MX mx01.lolipop.jp 157.7.107.6
4869[*] A inoue-kujira.com 157.7.107.254
4870[*] Enumerating SRV Records
4871[-] No SRV Records Found for inoue-kujira.com
4872[+] 0 Records Found
4873#######################################################################################################################################
4874[*] Processing domain inoue-kujira.com
4875[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
4876[+] Getting nameservers
4877210.188.212.73 - uns02.lolipop.jp
4878157.7.190.91 - uns01.lolipop.jp
4879[-] Zone transfer failed
4880
4881[+] MX records found, added to target list
488210 mx01.lolipop.jp.
4883
4884[*] Scanning inoue-kujira.com for A records
4885157.7.107.254 - inoue-kujira.com
4886133.130.34.119 - blog.inoue-kujira.com
4887157.7.107.254 - ftp.inoue-kujira.com
4888157.7.107.254 - mail.inoue-kujira.com
4889157.7.107.254 - www.inoue-kujira.com
4890#######################################################################################################################################
4891Ip Address Status Type Domain Name Server
4892---------- ------ ---- ----------- ------
4893133.130.34.119 200 alias blog.inoue-kujira.com nginx/1.11.12
4894133.130.34.119 200 alias users11.jg.jugem.jp nginx/1.11.12
4895133.130.34.119 200 host users311.jg.jugem.jp nginx/1.11.12
4896157.7.107.254 403 host ftp.inoue-kujira.com Apache
4897157.7.107.254 403 host mail.inoue-kujira.com Apache
4898157.7.107.254 200 host www.inoue-kujira.com Apache
4899#######################################################################################################################################
4900[+] Testing domain
4901 www.inoue-kujira.com 157.7.107.254
4902[+] Dns resolving
4903 Domain name Ip address Name server
4904 inoue-kujira.com 157.7.107.254 157-7-107-254.virt.lolipop.jp
4905Found 1 host(s) for inoue-kujira.com
4906[+] Testing wildcard
4907 Ok, no wildcard found.
4908
4909[+] Scanning for subdomain on inoue-kujira.com
4910[!] Wordlist not specified. I scannig with my internal wordlist...
4911 Estimated time about 390.58 seconds
4912
4913 Subdomain Ip address Name server
4914
4915 ftp.inoue-kujira.com 157.7.107.254 157-7-107-254.virt.lolipop.jp
4916 mail.inoue-kujira.com 157.7.107.254 157-7-107-254.virt.lolipop.jp
4917 www.inoue-kujira.com 157.7.107.254 157-7-107-254.virt.lolipop.jp
4918#######################################################################################################################################
4919WhatWeb report for http://inoue-kujira.com
4920Status : 200 OK
4921Title : ������̔��̈�㏤�X
4922IP : 157.7.107.254
4923Country : JAPAN, JP
4924
4925Summary : Apache, Frame, HTTPServer[Apache], ActiveX[D27CDB6E-AE6D-11cf-96B8-444553540000], Script[text/JavaScript,text/javascript], Object[http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0][clsid:D27CDB6E-AE6D-11cf-96B8-444553540000], Adobe-Flash
4926
4927Detected Plugins:
4928[ ActiveX ]
4929 ActiveX is a framework based on Microsoft's Component
4930 Object Model (COM) and Object Linking and Embedding (OLE)
4931 technologies. ActiveX components officially operate only
4932 with Microsoft's Internet Explorer web browser and the
4933 Microsoft Windows operating system. - More info:
4934 http://en.wikipedia.org/wiki/ActiveX
4935
4936 Module : D27CDB6E-AE6D-11cf-96B8-444553540000
4937
4938[ Adobe-Flash ]
4939 This plugin identifies instances of embedded adobe flash
4940 files.
4941
4942 Google Dorks: (1)
4943
4944[ Apache ]
4945 The Apache HTTP Server Project is an effort to develop and
4946 maintain an open-source HTTP server for modern operating
4947 systems including UNIX and Windows NT. The goal of this
4948 project is to provide a secure, efficient and extensible
4949 server that provides HTTP services in sync with the current
4950 HTTP standards.
4951
4952 Google Dorks: (3)
4953 Website : http://httpd.apache.org/
4954
4955[ Frame ]
4956 This plugin detects instances of frame and iframe HTML
4957 elements.
4958
4959
4960[ HTTPServer ]
4961 HTTP server header string. This plugin also attempts to
4962 identify the operating system from the server header.
4963
4964 String : Apache (from server string)
4965
4966[ Object ]
4967 HTML object tag. This can be audio, video, Flash, ActiveX,
4968 Python, etc. More info:
4969 http://www.w3schools.com/tags/tag_object.asp
4970
4971 Module : clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 (from classid)
4972 String : http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0
4973
4974[ Script ]
4975 This plugin detects instances of script HTML elements and
4976 returns the script language/type.
4977
4978 String : text/JavaScript,text/javascript
4979
4980HTTP Headers:
4981 HTTP/1.1 200 OK
4982 Date: Tue, 09 Jul 2019 04:44:57 GMT
4983 Content-Type: text/html
4984 Content-Length: 2114
4985 Connection: close
4986 Last-Modified: Fri, 11 Jul 2008 00:24:49 GMT
4987 Accept-Ranges: none
4988 Vary: Range,Accept-Encoding
4989 Content-Encoding: gzip
4990 Server: Apache
4991#######################################################################################################################################
4992DNS Servers for inoue-kujira.com:
4993 uns01.lolipop.jp
4994 uns02.lolipop.jp
4995
4996Trying zone transfer first...
4997 Testing uns01.lolipop.jp
4998 Request timed out or transfer not allowed.
4999 Testing uns02.lolipop.jp
5000 Request timed out or transfer not allowed.
5001
5002Unsuccessful in zone transfer (it was worth a shot)
5003Okay, trying the good old fashioned way... brute force
5004
5005Checking for wildcard DNS...
5006Nope. Good.
5007Now performing 2280 test(s)...
5008157.7.107.254 ftp.inoue-kujira.com
5009157.7.107.254 mail.inoue-kujira.com
5010157.7.107.254 www.inoue-kujira.com
5011
5012Subnets found (may want to probe here using nmap or unicornscan):
5013 157.7.107.0-255 : 3 hostnames found.
5014
5015Done with Fierce scan: http://ha.ckers.org/fierce/
5016Found 3 entries.
5017
5018Have a nice day.
5019#######################################################################################################################################
5020
5021Domains still to check: 1
5022 Checking if the hostname inoue-kujira.com. given is in fact a domain...
5023
5024Analyzing domain: inoue-kujira.com.
5025 Checking NameServers using system default resolver...
5026 IP: 210.188.212.73 (Japan)
5027 HostName: uns02.lolipop.jp Type: NS
5028 HostName: uns02.lolipop.jp Type: PTR
5029 IP: 157.7.190.91 (Japan)
5030 HostName: uns01.lolipop.jp Type: NS
5031 HostName: uns01.lolipop.jp Type: PTR
5032
5033 Checking MailServers using system default resolver...
5034 IP: 157.7.107.6 (Japan)
5035 HostName: mx01.lolipop.jp Type: MX
5036 HostName: mx01.lolipop.jp Type: PTR
5037
5038 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
5039 No zone transfer found on nameserver 157.7.190.91
5040 No zone transfer found on nameserver 210.188.212.73
5041
5042 Checking SPF record...
5043 No SPF record
5044
5045 Checking 192 most common hostnames using system default resolver...
5046 IP: 157.7.107.254 (Japan)
5047 HostName: www.inoue-kujira.com. Type: A
5048 IP: 157.7.107.254 (Japan)
5049 HostName: www.inoue-kujira.com. Type: A
5050 HostName: ftp.inoue-kujira.com. Type: A
5051 HostName: 157-7-107-254.virt.lolipop.jp Type: PTR
5052 IP: 157.7.107.254 (Japan)
5053 HostName: www.inoue-kujira.com. Type: A
5054 HostName: ftp.inoue-kujira.com. Type: A
5055 HostName: 157-7-107-254.virt.lolipop.jp Type: PTR
5056 HostName: mail.inoue-kujira.com. Type: A
5057
5058 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
5059 Checking netblock 157.7.190.0
5060 Checking netblock 157.7.107.0
5061 Checking netblock 210.188.212.0
5062
5063 Searching for inoue-kujira.com. emails in Google
5064
5065 Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
5066 Host 157.7.190.91 is up (reset ttl 64)
5067 Host 157.7.107.6 is up (reset ttl 64)
5068 Host 157.7.107.254 is up (reset ttl 64)
5069 Host 210.188.212.73 is up (reset ttl 64)
5070
5071 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
5072 Scanning ip 157.7.190.91 (uns01.lolipop.jp (PTR)):
5073 53/tcp open domain syn-ack ttl 49 (unknown banner: GMO Pepabo)
5074 | dns-nsid:
5075 | NSID: dns101.phy.lolipop.jp (646e733130312e7068792e6c6f6c69706f702e6a70)
5076 | id.server: dns101.phy.lolipop.jp
5077 |_ bind.version: GMO Pepabo
5078 | fingerprint-strings:
5079 | DNSVersionBindReqTCP:
5080 | version
5081 | bind
5082 |_ Pepabo
5083 Scanning ip 157.7.107.6 (mx01.lolipop.jp (PTR)):
5084 Scanning ip 157.7.107.254 (mail.inoue-kujira.com.):
5085 80/tcp open http syn-ack ttl 44 Apache httpd
5086 | http-methods:
5087 |_ Supported Methods: GET HEAD
5088 |_http-server-header: Apache
5089 |_http-title: 403 Error - Forbidden
5090 443/tcp open ssl/https syn-ack ttl 44 Apache
5091 |_http-server-header: Apache
5092 |_http-title: 400 The plain HTTP request was sent to HTTPS port
5093 Scanning ip 210.188.212.73 (uns02.lolipop.jp (PTR)):
5094 53/tcp open domain syn-ack ttl 40 (unknown banner: GMO Pepabo)
5095 | dns-nsid:
5096 | NSID: dns202.phy.lolipop.jp (646e733230322e7068792e6c6f6c69706f702e6a70)
5097 | id.server: dns202.phy.lolipop.jp
5098 |_ bind.version: GMO Pepabo
5099 | fingerprint-strings:
5100 | DNSVersionBindReqTCP:
5101 | version
5102 | bind
5103 |_ Pepabo
5104 WebCrawling domain's web servers... up to 50 max links.
5105
5106 + URL to crawl: http://ftp.inoue-kujira.com.
5107 + Date: 2019-07-09
5108
5109 + Crawling URL: http://ftp.inoue-kujira.com.:
5110 + Links:
5111 + Crawling http://ftp.inoue-kujira.com. (403 Forbidden)
5112 + Searching for directories...
5113 + Searching open folders...
5114
5115
5116 + URL to crawl: http://www.inoue-kujira.com.
5117 + Date: 2019-07-09
5118
5119 + Crawling URL: http://www.inoue-kujira.com.:
5120 + Links:
5121 + Crawling http://www.inoue-kujira.com.
5122 + Crawling http://www.inoue-kujira.com./mame.html
5123 + Crawling http://www.inoue-kujira.com./kaimono.html
5124 + Crawling http://www.inoue-kujira.com./tokutei.html
5125 + Crawling http://www.inoue-kujira.com./pra.html
5126 + Crawling http://www.inoue-kujira.com./tenpo.html
5127 + Crawling http://www.inoue-kujira.com./gaiyou.html
5128 + Crawling http://www.inoue-kujira.com./toiawase.html
5129 + Crawling http://www.inoue-kujira.com./new.html
5130 + Crawling http://www.inoue-kujira.com./index.html
5131 + Crawling http://www.inoue-kujira.com./img/mame-1gif (File! Not crawling it.)
5132 + Crawling http://www.inoue-kujira.com./
5133 + Searching for directories...
5134 - Found: http://www.inoue-kujira.com./img/
5135 - Found: http://www.inoue-kujira.com./sales/
5136 + Searching open folders...
5137 - http://www.inoue-kujira.com./img/ (403 Forbidden)
5138 - http://www.inoue-kujira.com./sales/ (403 Forbidden)
5139 + Crawl finished successfully.
5140----------------------------------------------------------------------
5141Summary of http://http://www.inoue-kujira.com.
5142----------------------------------------------------------------------
5143+ Links crawled:
5144 - http://www.inoue-kujira.com.
5145 - http://www.inoue-kujira.com./
5146 - http://www.inoue-kujira.com./gaiyou.html
5147 - http://www.inoue-kujira.com./index.html
5148 - http://www.inoue-kujira.com./kaimono.html
5149 - http://www.inoue-kujira.com./mame.html
5150 - http://www.inoue-kujira.com./new.html
5151 - http://www.inoue-kujira.com./pra.html
5152 - http://www.inoue-kujira.com./tenpo.html
5153 - http://www.inoue-kujira.com./toiawase.html
5154 - http://www.inoue-kujira.com./tokutei.html
5155 Total links crawled: 11
5156
5157+ Links to files found:
5158 - http://www.inoue-kujira.com./080513.css
5159 - http://www.inoue-kujira.com./img/10.gif
5160 - http://www.inoue-kujira.com./img/20.gif
5161 - http://www.inoue-kujira.com./img/280x20.gif
5162 - http://www.inoue-kujira.com./img/420x20.gif
5163 - http://www.inoue-kujira.com./img/620x20.gif
5164 - http://www.inoue-kujira.com./img/92x10.gif
5165 - http://www.inoue-kujira.com./img/blog_banner.gif
5166 - http://www.inoue-kujira.com./img/bt1gaiyo.gif
5167 - http://www.inoue-kujira.com./img/bt1kaimono.gif
5168 - http://www.inoue-kujira.com./img/bt1mame.gif
5169 - http://www.inoue-kujira.com./img/bt1prai.gif
5170 - http://www.inoue-kujira.com./img/bt1tenpo.gif
5171 - http://www.inoue-kujira.com./img/bt1toi.gif
5172 - http://www.inoue-kujira.com./img/bt1tokutei.gif
5173 - http://www.inoue-kujira.com./img/bt1top.gif
5174 - http://www.inoue-kujira.com./img/bt2gaiyo.gif
5175 - http://www.inoue-kujira.com./img/bt2kaimono.gif
5176 - http://www.inoue-kujira.com./img/bt2mame.gif
5177 - http://www.inoue-kujira.com./img/bt2prai.gif
5178 - http://www.inoue-kujira.com./img/bt2tenpo.gif
5179 - http://www.inoue-kujira.com./img/bt2toi.gif
5180 - http://www.inoue-kujira.com./img/bt2tokutei.gif
5181 - http://www.inoue-kujira.com./img/bt2top.gif
5182 - http://www.inoue-kujira.com./img/gift_btn.gif
5183 - http://www.inoue-kujira.com./img/google.gif
5184 - http://www.inoue-kujira.com./img/header.gif
5185 - http://www.inoue-kujira.com./img/kujira-gaiyo.gif
5186 - http://www.inoue-kujira.com./img/kujira-kaimono.gif
5187 - http://www.inoue-kujira.com./img/kujira-mame.gif
5188 - http://www.inoue-kujira.com./img/kujira-pra.gif
5189 - http://www.inoue-kujira.com./img/kujira-toi.gif
5190 - http://www.inoue-kujira.com./img/kujira-tokutei.gif
5191 - http://www.inoue-kujira.com./img/mame-1gif
5192 - http://www.inoue-kujira.com./img/mame-2.gif
5193 - http://www.inoue-kujira.com./img/mame-3.gif
5194 - http://www.inoue-kujira.com./img/mame-4.gif
5195 - http://www.inoue-kujira.com./img/mame-5.gif
5196 - http://www.inoue-kujira.com./img/mame-6.gif
5197 - http://www.inoue-kujira.com./img/map.gif
5198 - http://www.inoue-kujira.com./img/midasi-gaiyo.gif
5199 - http://www.inoue-kujira.com./img/midasi-mame.gif
5200 - http://www.inoue-kujira.com./img/midasi-mamehikaku.gif
5201 - http://www.inoue-kujira.com./img/midasi-pra.gif
5202 - http://www.inoue-kujira.com./img/midasi-toktei.gif
5203 - http://www.inoue-kujira.com./img/new.gif
5204 - http://www.inoue-kujira.com./img/nihonhogei.gif
5205 - http://www.inoue-kujira.com./img/ochugen_title.gif
5206 - http://www.inoue-kujira.com./img/oldshop.jpg
5207 - http://www.inoue-kujira.com./img/shohinsyasin.jpg
5208 - http://www.inoue-kujira.com./img/syamei.gif
5209 - http://www.inoue-kujira.com./img/top.swf
5210 - http://www.inoue-kujira.com./img/top_01.jpg
5211 - http://www.inoue-kujira.com./img/toriatukaishohin.gif
5212 - http://www.inoue-kujira.com./img/tukimatihontenmoji.gif
5213 - http://www.inoue-kujira.com./img/whale.gif
5214 - http://www.inoue-kujira.com./pt12css.css
5215 - http://www.inoue-kujira.com./sales/akami-sasimi.jpg
5216 - http://www.inoue-kujira.com./sales/akami-stake.jpg
5217 - http://www.inoue-kujira.com./sales/akanikusio.jpg
5218 - http://www.inoue-kujira.com./sales/becon.jpg
5219 - http://www.inoue-kujira.com./sales/hyakuhiro.jpg
5220 - http://www.inoue-kujira.com./sales/ibukuro.jpg
5221 - http://www.inoue-kujira.com./sales/katu.jpg
5222 - http://www.inoue-kujira.com./sales/namakawa-b.jpg
5223 - http://www.inoue-kujira.com./sales/nisime.jpg
5224 - http://www.inoue-kujira.com./sales/oba.jpg
5225 - http://www.inoue-kujira.com./sales/obasaki.jpg
5226 - http://www.inoue-kujira.com./sales/ochugen_c.gif
5227 - http://www.inoue-kujira.com./sales/ochugen_d.gif
5228 - http://www.inoue-kujira.com./sales/ochugen_e.gif
5229 - http://www.inoue-kujira.com./sales/onomi.jpg
5230 - http://www.inoue-kujira.com./sales/saezuri.jpg
5231 - http://www.inoue-kujira.com./sales/siosuraisu.jpg
5232 - http://www.inoue-kujira.com./sales/suthiku.jpg
5233 - http://www.inoue-kujira.com./sales/tokusen_a.gif
5234 - http://www.inoue-kujira.com./sales/tokusen_b.gif
5235 - http://www.inoue-kujira.com./sales/unesu.jpg
5236 - http://www.inoue-kujira.com./sales/yamatoni.jpg
5237 - http://www.inoue-kujira.com./sales/yude.jpg
5238 Total links to files: 80
5239
5240+ Externals links found:
5241 - http://blog.inoue-kujira.com/
5242 - http://bookkeeping.rental-rental.net
5243 - http://maps.google.co.jp/maps?f=q&hl=ja&geocode=&time=&date=&ttype=&q=%E9%95%B7%E5%B4%8E%E5%B8%82%E7%AF%89%E7%94%BA5-10%E3%80%80%E4%BA%95%E4%B8%8A%E9%AF%A8&ie=UTF8&z=18&om=1
5244 - http://www.whaling.jp
5245 - http://www.whaling.jp/
5246 - http://x4.akazunoma.com/bin/gg?049784100
5247 - http://x4.akazunoma.com/bin/ll?049784100
5248 - http://x4.akazunoma.com/ufo/049784100
5249 Total external links: 8
5250
5251+ Email addresses found:
5252 Total email address found: 0
5253
5254+ Directories found:
5255 - http://www.inoue-kujira.com./img/ (403 Forbidden)
5256 - http://www.inoue-kujira.com./sales/ (403 Forbidden)
5257 Total directories: 2
5258
5259+ Directory indexing found:
5260 Total directories with indexing: 0
5261
5262----------------------------------------------------------------------
5263
5264
5265 + URL to crawl: http://mail.inoue-kujira.com.
5266 + Date: 2019-07-09
5267
5268 + Crawling URL: http://mail.inoue-kujira.com.:
5269 + Links:
5270 + Crawling http://mail.inoue-kujira.com. (403 Forbidden)
5271 + Searching for directories...
5272 + Searching open folders...
5273
5274
5275 + URL to crawl: http://ftp.inoue-kujira.com.:443
5276 + Date: 2019-07-09
5277
5278 + Crawling URL: http://ftp.inoue-kujira.com.:443:
5279 + Links:
5280 + Crawling http://ftp.inoue-kujira.com.:443 (400 Bad Request)
5281 + Searching for directories...
5282 + Searching open folders...
5283
5284
5285 + URL to crawl: http://www.inoue-kujira.com.:443
5286 + Date: 2019-07-09
5287
5288 + Crawling URL: http://www.inoue-kujira.com.:443:
5289 + Links:
5290 + Crawling http://www.inoue-kujira.com.:443 (400 Bad Request)
5291 + Searching for directories...
5292 + Searching open folders...
5293
5294
5295 + URL to crawl: http://mail.inoue-kujira.com.:443
5296 + Date: 2019-07-09
5297
5298 + Crawling URL: http://mail.inoue-kujira.com.:443:
5299 + Links:
5300 + Crawling http://mail.inoue-kujira.com.:443 (400 Bad Request)
5301 + Searching for directories...
5302 + Searching open folders...
5303
5304--Finished--
5305Summary information for domain inoue-kujira.com.
5306-----------------------------------------
5307
5308 Domain Ips Information:
5309 IP: 157.7.190.91
5310 HostName: uns01.lolipop.jp Type: NS
5311 HostName: uns01.lolipop.jp Type: PTR
5312 Country: Japan
5313 Is Active: True (reset ttl 64)
5314 Port: 53/tcp open domain syn-ack ttl 49 (unknown banner: GMO Pepabo)
5315 Script Info: | dns-nsid:
5316 Script Info: | NSID: dns101.phy.lolipop.jp (646e733130312e7068792e6c6f6c69706f702e6a70)
5317 Script Info: | id.server: dns101.phy.lolipop.jp
5318 Script Info: |_ bind.version: GMO Pepabo
5319 Script Info: | fingerprint-strings:
5320 Script Info: | DNSVersionBindReqTCP:
5321 Script Info: | version
5322 Script Info: | bind
5323 Script Info: |_ Pepabo
5324 IP: 157.7.107.6
5325 HostName: mx01.lolipop.jp Type: MX
5326 HostName: mx01.lolipop.jp Type: PTR
5327 Country: Japan
5328 Is Active: True (reset ttl 64)
5329 IP: 157.7.107.254
5330 HostName: www.inoue-kujira.com. Type: A
5331 HostName: ftp.inoue-kujira.com. Type: A
5332 HostName: 157-7-107-254.virt.lolipop.jp Type: PTR
5333 HostName: mail.inoue-kujira.com. Type: A
5334 Country: Japan
5335 Is Active: True (reset ttl 64)
5336 Port: 80/tcp open http syn-ack ttl 44 Apache httpd
5337 Script Info: | http-methods:
5338 Script Info: |_ Supported Methods: GET HEAD
5339 Script Info: |_http-server-header: Apache
5340 Script Info: |_http-title: 403 Error - Forbidden
5341 Port: 443/tcp open ssl/https syn-ack ttl 44 Apache
5342 Script Info: |_http-server-header: Apache
5343 Script Info: |_http-title: 400 The plain HTTP request was sent to HTTPS port
5344 IP: 210.188.212.73
5345 HostName: uns02.lolipop.jp Type: NS
5346 HostName: uns02.lolipop.jp Type: PTR
5347 Country: Japan
5348 Is Active: True (reset ttl 64)
5349 Port: 53/tcp open domain syn-ack ttl 40 (unknown banner: GMO Pepabo)
5350 Script Info: | dns-nsid:
5351 Script Info: | NSID: dns202.phy.lolipop.jp (646e733230322e7068792e6c6f6c69706f702e6a70)
5352 Script Info: | id.server: dns202.phy.lolipop.jp
5353 Script Info: |_ bind.version: GMO Pepabo
5354 Script Info: | fingerprint-strings:
5355 Script Info: | DNSVersionBindReqTCP:
5356 Script Info: | version
5357 Script Info: | bind
5358 Script Info: |_ Pepabo
5359#######################################################################################################################################
5360=======================================================================================================================================
5361| E-mails:
5362| [+] E-mail Found: kujira-inoue@royal.ocn.ne.jp
5363=======================================================================================================================================
5364| External hosts:
5365| [+] External Host Found: http://x4.akazunoma.com
5366=======================================================================================================================================
5367#######################################################################################################################################
5368----- inoue-kujira.com -----
5369
5370
5371Host's addresses:
5372__________________
5373
5374inoue-kujira.com. 600 IN A 157.7.107.254
5375
5376----------------
5377Wildcards test:
5378----------------
5379 good
5380
5381
5382Name Servers:
5383______________
5384
5385uns02.lolipop.jp. 173 IN A 210.188.212.73
5386uns01.lolipop.jp. 173 IN A 157.7.190.91
5387
5388
5389Mail (MX) Servers:
5390___________________
5391
5392mx01.lolipop.jp. 600 IN A 157.7.107.6
5393
5394#######################################################################################################################################
5395Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:32 EDT
5396Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5397Host is up (0.18s latency).
5398Not shown: 471 filtered ports, 3 closed ports
5399Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
5400PORT STATE SERVICE
540180/tcp open http
5402443/tcp open https
5403
5404Nmap done: 1 IP address (1 host up) scanned in 11.18 seconds
5405#######################################################################################################################################
5406Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:32 EDT
5407Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5408Host is up (0.023s latency).
5409Not shown: 2 filtered ports
5410PORT STATE SERVICE
541153/udp open|filtered domain
541267/udp open|filtered dhcps
541368/udp open|filtered dhcpc
541469/udp open|filtered tftp
541588/udp open|filtered kerberos-sec
5416123/udp open|filtered ntp
5417139/udp open|filtered netbios-ssn
5418161/udp open|filtered snmp
5419162/udp open|filtered snmptrap
5420389/udp open|filtered ldap
5421520/udp open|filtered route
54222049/udp open|filtered nfs
5423
5424Nmap done: 1 IP address (1 host up) scanned in 1.35 seconds
5425#######################################################################################################################################
5426Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:32 EDT
5427Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5428Host is up (0.032s latency).
5429
5430PORT STATE SERVICE VERSION
543167/udp open|filtered dhcps
5432|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
5433Too many fingerprints match this host to give specific OS details
5434Network Distance: 19 hops
5435
5436TRACEROUTE (using proto 1/icmp)
5437HOP RTT ADDRESS
54381 27.24 ms 10.244.200.1
54392 28.45 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
54403 46.27 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
54414 27.41 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
54425 21.70 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
54436 194.37 ms if-ae-30-2.tcore2.ct8-chicago.as6453.net (66.198.96.24)
54447 203.78 ms if-ae-22-2.tcore1.ct8-chicago.as6453.net (64.86.79.2)
54458 201.79 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104)
54469 201.20 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
544710 200.39 ms if-ae-18-2.tcore2.sv1-santa-clara.as6453.net (63.243.205.73)
544811 ...
544912 199.43 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
545013 199.82 ms 120.29.217.2
545114 203.56 ms 133.208.55.50
545215 246.57 ms unused-133-130-015-093.interq.or.jp (133.130.15.93)
545316 248.26 ms unused-133-130-012-058.interq.or.jp (133.130.12.58)
545417 245.31 ms g-o-p-4ee-a01-1-e-1-1.interq.or.jp (210.157.9.210)
545518 250.64 ms unused-157-7-041-162.interq.or.jp (157.7.41.162)
545619 249.46 ms 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5457#######################################################################################################################################
5458Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:34 EDT
5459Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5460Host is up (0.25s latency).
5461
5462PORT STATE SERVICE VERSION
546368/udp open|filtered dhcpc
5464Too many fingerprints match this host to give specific OS details
5465Network Distance: 19 hops
5466
5467TRACEROUTE (using proto 1/icmp)
5468HOP RTT ADDRESS
54691 21.13 ms 10.244.200.1
54702 21.52 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
54713 34.53 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
54724 21.33 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
54735 21.37 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
54746 194.06 ms if-ae-30-2.tcore2.ct8-chicago.as6453.net (66.198.96.24)
54757 203.27 ms if-ae-22-2.tcore1.ct8-chicago.as6453.net (64.86.79.2)
54768 201.68 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104)
54779 200.68 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
547810 ... 11
547912 196.47 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
548013 197.92 ms 120.29.217.2
548114 197.88 ms 133.208.55.50
548215 245.78 ms unused-133-130-015-093.interq.or.jp (133.130.15.93)
548316 247.84 ms unused-133-130-012-058.interq.or.jp (133.130.12.58)
548417 245.79 ms g-o-p-4ee-a01-1-e-1-1.interq.or.jp (210.157.9.210)
548518 249.78 ms unused-157-7-041-162.interq.or.jp (157.7.41.162)
548619 250.62 ms 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5487#######################################################################################################################################
5488Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:35 EDT
5489Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5490Host is up (0.25s latency).
5491
5492PORT STATE SERVICE VERSION
549369/udp filtered tftp
5494Too many fingerprints match this host to give specific OS details
5495
5496TRACEROUTE (using port 69/udp)
5497HOP RTT ADDRESS
54981 29.68 ms 10.244.200.1
54992 24.16 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
55003 44.68 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
55014 24.12 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
55025 24.52 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
55036 196.78 ms if-ae-30-2.tcore2.ct8-chicago.as6453.net (66.198.96.24)
55047 206.41 ms if-ae-22-2.tcore1.ct8-chicago.as6453.net (64.86.79.2)
55058 196.90 ms if-ae-52-55.tcore2.sqn-san-jose.as6453.net (63.243.129.21)
55069 203.63 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
550710 ... 11
550812 192.64 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
550913 199.86 ms 120.29.217.2
551014 200.47 ms 133.208.55.50
551115 247.38 ms unused-133-130-015-093.interq.or.jp (133.130.15.93)
551216 242.67 ms unused-133-130-012-058.interq.or.jp (133.130.12.58)
551317 245.32 ms g-o-p-4ee-a01-1-e-1-1.interq.or.jp (210.157.9.210)
551418 246.50 ms unused-157-7-041-162.interq.or.jp (157.7.41.162)
551519 ... 24
551625 246.44 ms unused-157-7-041-162.interq.or.jp (157.7.41.162)
551726 ... 30
5518#######################################################################################################################################
5519Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:36 EDT
5520Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
5521Host is up (0.25s latency).
5522
5523PORT STATE SERVICE VERSION
552480/tcp open http Apache httpd
5525|_http-server-header: Apache
5526| vulscan: VulDB - https://vuldb.com:
5527| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
5528| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
5529| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
5530| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
5531| [134416] Apache Sanselan 0.97-incubator Loop denial of service
5532| [134415] Apache Sanselan 0.97-incubator Hang denial of service
5533| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
5534| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
5535| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
5536| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
5537| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
5538| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
5539| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
5540| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
5541| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
5542| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
5543| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
5544| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
5545| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
5546| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
5547| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
5548| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
5549| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
5550| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
5551| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
5552| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
5553| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
5554| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
5555| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
5556| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
5557| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
5558| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
5559| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
5560| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
5561| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
5562| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
5563| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
5564| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
5565| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
5566| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
5567| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
5568| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
5569| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
5570| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
5571| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
5572| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
5573| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
5574| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
5575| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
5576| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
5577| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
5578| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
5579| [131859] Apache Hadoop up to 2.9.1 privilege escalation
5580| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
5581| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
5582| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
5583| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
5584| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
5585| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
5586| [130629] Apache Guacamole Cookie Flag weak encryption
5587| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
5588| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
5589| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
5590| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
5591| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
5592| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
5593| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
5594| [130123] Apache Airflow up to 1.8.2 information disclosure
5595| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
5596| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
5597| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
5598| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
5599| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
5600| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
5601| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
5602| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
5603| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
5604| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
5605| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
5606| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
5607| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
5608| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
5609| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
5610| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
5611| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
5612| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
5613| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
5614| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
5615| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
5616| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
5617| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
5618| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
5619| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
5620| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
5621| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
5622| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
5623| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
5624| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
5625| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
5626| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
5627| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
5628| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
5629| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
5630| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
5631| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
5632| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
5633| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
5634| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
5635| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
5636| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
5637| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
5638| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
5639| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
5640| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
5641| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
5642| [127007] Apache Spark Request Code Execution
5643| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
5644| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
5645| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
5646| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
5647| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
5648| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
5649| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
5650| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
5651| [126346] Apache Tomcat Path privilege escalation
5652| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
5653| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
5654| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
5655| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
5656| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
5657| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
5658| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
5659| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
5660| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
5661| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
5662| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
5663| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
5664| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
5665| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
5666| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
5667| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
5668| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
5669| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
5670| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
5671| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
5672| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
5673| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
5674| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
5675| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
5676| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
5677| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
5678| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
5679| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
5680| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
5681| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
5682| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
5683| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
5684| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
5685| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
5686| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
5687| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
5688| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
5689| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
5690| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
5691| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
5692| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
5693| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
5694| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
5695| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
5696| [123197] Apache Sentry up to 2.0.0 privilege escalation
5697| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
5698| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
5699| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
5700| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
5701| [122800] Apache Spark 1.3.0 REST API weak authentication
5702| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
5703| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
5704| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
5705| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
5706| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
5707| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
5708| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
5709| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
5710| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
5711| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
5712| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
5713| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
5714| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
5715| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
5716| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
5717| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
5718| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
5719| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
5720| [121354] Apache CouchDB HTTP API Code Execution
5721| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
5722| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
5723| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
5724| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
5725| [120168] Apache CXF weak authentication
5726| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
5727| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
5728| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
5729| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
5730| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
5731| [119306] Apache MXNet Network Interface privilege escalation
5732| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
5733| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
5734| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
5735| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
5736| [118143] Apache NiFi activemq-client Library Deserialization denial of service
5737| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
5738| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
5739| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
5740| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
5741| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
5742| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
5743| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
5744| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
5745| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
5746| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
5747| [117115] Apache Tika up to 1.17 tika-server command injection
5748| [116929] Apache Fineract getReportType Parameter privilege escalation
5749| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
5750| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
5751| [116926] Apache Fineract REST Hand Parameter privilege escalation
5752| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
5753| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
5754| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
5755| [115883] Apache Hive up to 2.3.2 privilege escalation
5756| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
5757| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
5758| [115518] Apache Ignite 2.3 Deserialization privilege escalation
5759| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
5760| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
5761| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
5762| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
5763| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
5764| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
5765| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
5766| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
5767| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
5768| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
5769| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
5770| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
5771| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
5772| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
5773| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
5774| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
5775| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
5776| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
5777| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
5778| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
5779| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
5780| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
5781| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
5782| [113895] Apache Geode up to 1.3.x Code Execution
5783| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
5784| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
5785| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
5786| [113747] Apache Tomcat Servlets privilege escalation
5787| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
5788| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
5789| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
5790| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
5791| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
5792| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
5793| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
5794| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
5795| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
5796| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
5797| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
5798| [112885] Apache Allura up to 1.8.0 File information disclosure
5799| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
5800| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
5801| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
5802| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
5803| [112625] Apache POI up to 3.16 Loop denial of service
5804| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
5805| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
5806| [112339] Apache NiFi 1.5.0 Header privilege escalation
5807| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
5808| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
5809| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
5810| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
5811| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
5812| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
5813| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
5814| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
5815| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
5816| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
5817| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
5818| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
5819| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
5820| [112114] Oracle 9.1 Apache Log4j privilege escalation
5821| [112113] Oracle 9.1 Apache Log4j privilege escalation
5822| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
5823| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
5824| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
5825| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
5826| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
5827| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
5828| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
5829| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
5830| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
5831| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
5832| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
5833| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
5834| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
5835| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
5836| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
5837| [110701] Apache Fineract Query Parameter sql injection
5838| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
5839| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
5840| [110393] Apple macOS up to 10.13.2 apache information disclosure
5841| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
5842| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
5843| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
5844| [110106] Apache CXF Fediz Spring cross site request forgery
5845| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
5846| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
5847| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
5848| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
5849| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
5850| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
5851| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
5852| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
5853| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
5854| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
5855| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
5856| [108938] Apple macOS up to 10.13.1 apache denial of service
5857| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
5858| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
5859| [108935] Apple macOS up to 10.13.1 apache denial of service
5860| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
5861| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
5862| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
5863| [108931] Apple macOS up to 10.13.1 apache denial of service
5864| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
5865| [108929] Apple macOS up to 10.13.1 apache denial of service
5866| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
5867| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
5868| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
5869| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
5870| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
5871| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
5872| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
5873| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
5874| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
5875| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
5876| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
5877| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
5878| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
5879| [108782] Apache Xerces2 XML Service denial of service
5880| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
5881| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
5882| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
5883| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
5884| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
5885| [108629] Apache OFBiz up to 10.04.01 privilege escalation
5886| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
5887| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
5888| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
5889| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
5890| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
5891| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
5892| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
5893| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
5894| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
5895| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
5896| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
5897| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
5898| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
5899| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
5900| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
5901| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
5902| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
5903| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
5904| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
5905| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
5906| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
5907| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
5908| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
5909| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
5910| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
5911| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
5912| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
5913| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
5914| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
5915| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
5916| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
5917| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
5918| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
5919| [107639] Apache NiFi 1.4.0 XML External Entity
5920| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
5921| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
5922| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
5923| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
5924| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
5925| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
5926| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
5927| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
5928| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
5929| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
5930| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
5931| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
5932| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
5933| [107197] Apache Xerces Jelly Parser XML File XML External Entity
5934| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
5935| [107084] Apache Struts up to 2.3.19 cross site scripting
5936| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
5937| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
5938| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
5939| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
5940| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
5941| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
5942| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
5943| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
5944| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
5945| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
5946| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
5947| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
5948| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
5949| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
5950| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
5951| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
5952| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
5953| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
5954| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
5955| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
5956| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
5957| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
5958| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
5959| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
5960| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
5961| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
5962| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
5963| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
5964| [105878] Apache Struts up to 2.3.24.0 privilege escalation
5965| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
5966| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
5967| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
5968| [105643] Apache Pony Mail up to 0.8b weak authentication
5969| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
5970| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
5971| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
5972| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
5973| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
5974| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
5975| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
5976| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
5977| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
5978| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
5979| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
5980| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
5981| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
5982| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
5983| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
5984| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
5985| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
5986| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
5987| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
5988| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
5989| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
5990| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
5991| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
5992| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
5993| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
5994| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
5995| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
5996| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
5997| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
5998| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
5999| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
6000| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
6001| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
6002| [103690] Apache OpenMeetings 1.0.0 sql injection
6003| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
6004| [103688] Apache OpenMeetings 1.0.0 weak encryption
6005| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
6006| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
6007| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
6008| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
6009| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
6010| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
6011| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
6012| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
6013| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
6014| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
6015| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
6016| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
6017| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
6018| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
6019| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
6020| [103352] Apache Solr Node weak authentication
6021| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
6022| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
6023| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
6024| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
6025| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
6026| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
6027| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
6028| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
6029| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
6030| [102536] Apache Ranger up to 0.6 Stored cross site scripting
6031| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
6032| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
6033| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
6034| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
6035| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
6036| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
6037| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
6038| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
6039| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
6040| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
6041| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
6042| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
6043| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
6044| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
6045| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
6046| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
6047| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
6048| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
6049| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
6050| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
6051| [99937] Apache Batik up to 1.8 privilege escalation
6052| [99936] Apache FOP up to 2.1 privilege escalation
6053| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
6054| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
6055| [99930] Apache Traffic Server up to 6.2.0 denial of service
6056| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
6057| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
6058| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
6059| [117569] Apache Hadoop up to 2.7.3 privilege escalation
6060| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
6061| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
6062| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
6063| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
6064| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
6065| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
6066| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
6067| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
6068| [99014] Apache Camel Jackson/JacksonXML privilege escalation
6069| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
6070| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
6071| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
6072| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
6073| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
6074| [98605] Apple macOS up to 10.12.3 Apache denial of service
6075| [98604] Apple macOS up to 10.12.3 Apache denial of service
6076| [98603] Apple macOS up to 10.12.3 Apache denial of service
6077| [98602] Apple macOS up to 10.12.3 Apache denial of service
6078| [98601] Apple macOS up to 10.12.3 Apache denial of service
6079| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
6080| [98405] Apache Hadoop up to 0.23.10 privilege escalation
6081| [98199] Apache Camel Validation XML External Entity
6082| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
6083| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
6084| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
6085| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
6086| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
6087| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
6088| [97081] Apache Tomcat HTTPS Request denial of service
6089| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
6090| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
6091| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
6092| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
6093| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
6094| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
6095| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
6096| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
6097| [95311] Apache storm UI Daemon privilege escalation
6098| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
6099| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
6100| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
6101| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
6102| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
6103| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
6104| [94540] Apache Tika 1.9 tika-server File information disclosure
6105| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
6106| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
6107| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
6108| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
6109| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
6110| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
6111| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
6112| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
6113| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
6114| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
6115| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
6116| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
6117| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
6118| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
6119| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
6120| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
6121| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
6122| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
6123| [93532] Apache Commons Collections Library Java privilege escalation
6124| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
6125| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
6126| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
6127| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
6128| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
6129| [93098] Apache Commons FileUpload privilege escalation
6130| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
6131| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
6132| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
6133| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
6134| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
6135| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
6136| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
6137| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
6138| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
6139| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
6140| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
6141| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
6142| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
6143| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
6144| [92549] Apache Tomcat on Red Hat privilege escalation
6145| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
6146| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
6147| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
6148| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
6149| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
6150| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
6151| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
6152| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
6153| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
6154| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
6155| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
6156| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
6157| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
6158| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
6159| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
6160| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
6161| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
6162| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
6163| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
6164| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
6165| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
6166| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
6167| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
6168| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
6169| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
6170| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
6171| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
6172| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
6173| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
6174| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
6175| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
6176| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
6177| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
6178| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
6179| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
6180| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
6181| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
6182| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
6183| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
6184| [90263] Apache Archiva Header denial of service
6185| [90262] Apache Archiva Deserialize privilege escalation
6186| [90261] Apache Archiva XML DTD Connection privilege escalation
6187| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
6188| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
6189| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
6190| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
6191| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
6192| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
6193| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
6194| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
6195| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
6196| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
6197| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
6198| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
6199| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
6200| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
6201| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
6202| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
6203| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
6204| [87765] Apache James Server 2.3.2 Command privilege escalation
6205| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
6206| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
6207| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
6208| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
6209| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
6210| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
6211| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
6212| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
6213| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
6214| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
6215| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
6216| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
6217| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
6218| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
6219| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
6220| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
6221| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
6222| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
6223| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
6224| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
6225| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
6226| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
6227| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
6228| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
6229| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
6230| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
6231| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
6232| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
6233| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
6234| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
6235| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
6236| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
6237| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
6238| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
6239| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
6240| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
6241| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
6242| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
6243| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
6244| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
6245| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
6246| [82076] Apache Ranger up to 0.5.1 privilege escalation
6247| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
6248| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
6249| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
6250| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
6251| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
6252| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
6253| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
6254| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
6255| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
6256| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
6257| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
6258| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
6259| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
6260| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
6261| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
6262| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
6263| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
6264| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
6265| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
6266| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
6267| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
6268| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
6269| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
6270| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
6271| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
6272| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
6273| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
6274| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
6275| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
6276| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
6277| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
6278| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
6279| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
6280| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
6281| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
6282| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
6283| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
6284| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
6285| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
6286| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
6287| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
6288| [79791] Cisco Products Apache Commons Collections Library privilege escalation
6289| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
6290| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
6291| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
6292| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
6293| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
6294| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
6295| [78989] Apache Ambari up to 2.1.1 Open Redirect
6296| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
6297| [78987] Apache Ambari up to 2.0.x cross site scripting
6298| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
6299| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
6300| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
6301| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
6302| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
6303| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
6304| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
6305| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
6306| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
6307| [77406] Apache Flex BlazeDS AMF Message XML External Entity
6308| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
6309| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
6310| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
6311| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
6312| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
6313| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
6314| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
6315| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
6316| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
6317| [76567] Apache Struts 2.3.20 unknown vulnerability
6318| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
6319| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
6320| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
6321| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
6322| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
6323| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
6324| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
6325| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
6326| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
6327| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
6328| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
6329| [74793] Apache Tomcat File Upload denial of service
6330| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
6331| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
6332| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
6333| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
6334| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
6335| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
6336| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
6337| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
6338| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
6339| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
6340| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
6341| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
6342| [74468] Apache Batik up to 1.6 denial of service
6343| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
6344| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
6345| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
6346| [74174] Apache WSS4J up to 2.0.0 privilege escalation
6347| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
6348| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
6349| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
6350| [73731] Apache XML Security unknown vulnerability
6351| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
6352| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
6353| [73593] Apache Traffic Server up to 5.1.0 denial of service
6354| [73511] Apache POI up to 3.10 Deadlock denial of service
6355| [73510] Apache Solr up to 4.3.0 cross site scripting
6356| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
6357| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
6358| [73173] Apache CloudStack Stack-Based unknown vulnerability
6359| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
6360| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
6361| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
6362| [72890] Apache Qpid 0.30 unknown vulnerability
6363| [72887] Apache Hive 0.13.0 File Permission privilege escalation
6364| [72878] Apache Cordova 3.5.0 cross site request forgery
6365| [72877] Apache Cordova 3.5.0 cross site request forgery
6366| [72876] Apache Cordova 3.5.0 cross site request forgery
6367| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
6368| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
6369| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
6370| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
6371| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
6372| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
6373| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
6374| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
6375| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
6376| [71629] Apache Axis2/C spoofing
6377| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
6378| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
6379| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
6380| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
6381| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
6382| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
6383| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
6384| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
6385| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
6386| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
6387| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
6388| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
6389| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
6390| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
6391| [70809] Apache POI up to 3.11 Crash denial of service
6392| [70808] Apache POI up to 3.10 unknown vulnerability
6393| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
6394| [70749] Apache Axis up to 1.4 getCN spoofing
6395| [70701] Apache Traffic Server up to 3.3.5 denial of service
6396| [70700] Apache OFBiz up to 12.04.03 cross site scripting
6397| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
6398| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
6399| [70661] Apache Subversion up to 1.6.17 denial of service
6400| [70660] Apache Subversion up to 1.6.17 spoofing
6401| [70659] Apache Subversion up to 1.6.17 spoofing
6402| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
6403| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
6404| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
6405| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
6406| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
6407| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
6408| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
6409| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
6410| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
6411| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
6412| [69846] Apache HBase up to 0.94.8 information disclosure
6413| [69783] Apache CouchDB up to 1.2.0 memory corruption
6414| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
6415| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
6416| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
6417| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
6418| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
6419| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
6420| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
6421| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
6422| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
6423| [69431] Apache Archiva up to 1.3.6 cross site scripting
6424| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
6425| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
6426| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
6427| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
6428| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
6429| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
6430| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
6431| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
6432| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
6433| [66739] Apache Camel up to 2.12.2 unknown vulnerability
6434| [66738] Apache Camel up to 2.12.2 unknown vulnerability
6435| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
6436| [66695] Apache CouchDB up to 1.2.0 cross site scripting
6437| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
6438| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
6439| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
6440| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
6441| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
6442| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
6443| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
6444| [66356] Apache Wicket up to 6.8.0 information disclosure
6445| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
6446| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
6447| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
6448| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
6449| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
6450| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
6451| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
6452| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
6453| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
6454| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
6455| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
6456| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
6457| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
6458| [65668] Apache Solr 4.0.0 Updater denial of service
6459| [65665] Apache Solr up to 4.3.0 denial of service
6460| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
6461| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
6462| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
6463| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
6464| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
6465| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
6466| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
6467| [65410] Apache Struts 2.3.15.3 cross site scripting
6468| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
6469| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
6470| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
6471| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
6472| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
6473| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
6474| [65340] Apache Shindig 2.5.0 information disclosure
6475| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
6476| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
6477| [10826] Apache Struts 2 File privilege escalation
6478| [65204] Apache Camel up to 2.10.1 unknown vulnerability
6479| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
6480| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
6481| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
6482| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
6483| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
6484| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
6485| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
6486| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
6487| [64722] Apache XML Security for C++ Heap-based memory corruption
6488| [64719] Apache XML Security for C++ Heap-based memory corruption
6489| [64718] Apache XML Security for C++ verify denial of service
6490| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
6491| [64716] Apache XML Security for C++ spoofing
6492| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
6493| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
6494| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
6495| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
6496| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
6497| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
6498| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
6499| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
6500| [64485] Apache Struts up to 2.2.3.0 privilege escalation
6501| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
6502| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
6503| [64467] Apache Geronimo 3.0 memory corruption
6504| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
6505| [64457] Apache Struts up to 2.2.3.0 cross site scripting
6506| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
6507| [9184] Apache Qpid up to 0.20 SSL misconfiguration
6508| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
6509| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
6510| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
6511| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
6512| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
6513| [8873] Apache Struts 2.3.14 privilege escalation
6514| [8872] Apache Struts 2.3.14 privilege escalation
6515| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
6516| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
6517| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
6518| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
6519| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
6520| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
6521| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
6522| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
6523| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
6524| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
6525| [64006] Apache ActiveMQ up to 5.7.0 denial of service
6526| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
6527| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
6528| [8427] Apache Tomcat Session Transaction weak authentication
6529| [63960] Apache Maven 3.0.4 Default Configuration spoofing
6530| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
6531| [63750] Apache qpid up to 0.20 checkAvailable denial of service
6532| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
6533| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
6534| [63747] Apache Rave up to 0.20 User Account information disclosure
6535| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
6536| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
6537| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
6538| [7687] Apache CXF up to 2.7.2 Token weak authentication
6539| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
6540| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
6541| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
6542| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
6543| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
6544| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
6545| [63090] Apache Tomcat up to 4.1.24 denial of service
6546| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
6547| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
6548| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
6549| [62833] Apache CXF -/2.6.0 spoofing
6550| [62832] Apache Axis2 up to 1.6.2 spoofing
6551| [62831] Apache Axis up to 1.4 Java Message Service spoofing
6552| [62830] Apache Commons-httpclient 3.0 Payments spoofing
6553| [62826] Apache Libcloud up to 0.11.0 spoofing
6554| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
6555| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
6556| [62661] Apache Axis2 unknown vulnerability
6557| [62658] Apache Axis2 unknown vulnerability
6558| [62467] Apache Qpid up to 0.17 denial of service
6559| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
6560| [6301] Apache HTTP Server mod_pagespeed cross site scripting
6561| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
6562| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
6563| [62035] Apache Struts up to 2.3.4 denial of service
6564| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
6565| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
6566| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
6567| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
6568| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
6569| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
6570| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
6571| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
6572| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
6573| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
6574| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
6575| [61229] Apache Sling up to 2.1.1 denial of service
6576| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
6577| [61094] Apache Roller up to 5.0 cross site scripting
6578| [61093] Apache Roller up to 5.0 cross site request forgery
6579| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
6580| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
6581| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
6582| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
6583| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
6584| [60708] Apache Qpid 0.12 unknown vulnerability
6585| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
6586| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
6587| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
6588| [4882] Apache Wicket up to 1.5.4 directory traversal
6589| [4881] Apache Wicket up to 1.4.19 cross site scripting
6590| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
6591| [60352] Apache Struts up to 2.2.3 memory corruption
6592| [60153] Apache Portable Runtime up to 1.4.3 denial of service
6593| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
6594| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
6595| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
6596| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
6597| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
6598| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
6599| [4571] Apache Struts up to 2.3.1.2 privilege escalation
6600| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
6601| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
6602| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
6603| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
6604| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
6605| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
6606| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
6607| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
6608| [59888] Apache Tomcat up to 6.0.6 denial of service
6609| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
6610| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
6611| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
6612| [59850] Apache Geronimo up to 2.2.1 denial of service
6613| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
6614| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
6615| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
6616| [58413] Apache Tomcat up to 6.0.10 spoofing
6617| [58381] Apache Wicket up to 1.4.17 cross site scripting
6618| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
6619| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
6620| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
6621| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
6622| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
6623| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
6624| [57568] Apache Archiva up to 1.3.4 cross site scripting
6625| [57567] Apache Archiva up to 1.3.4 cross site request forgery
6626| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
6627| [4355] Apache HTTP Server APR apr_fnmatch denial of service
6628| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
6629| [57425] Apache Struts up to 2.2.1.1 cross site scripting
6630| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
6631| [57025] Apache Tomcat up to 7.0.11 information disclosure
6632| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
6633| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
6634| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
6635| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
6636| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
6637| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
6638| [56512] Apache Continuum up to 1.4.0 cross site scripting
6639| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
6640| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
6641| [4283] Apache Tomcat 5.x ServletContect privilege escalation
6642| [56441] Apache Tomcat up to 7.0.6 denial of service
6643| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
6644| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
6645| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
6646| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
6647| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
6648| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
6649| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
6650| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
6651| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
6652| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
6653| [54693] Apache Traffic Server DNS Cache unknown vulnerability
6654| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
6655| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
6656| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
6657| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
6658| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
6659| [54012] Apache Tomcat up to 6.0.10 denial of service
6660| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
6661| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
6662| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
6663| [52894] Apache Tomcat up to 6.0.7 information disclosure
6664| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
6665| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
6666| [52786] Apache Open For Business Project up to 09.04 cross site scripting
6667| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
6668| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
6669| [52584] Apache CouchDB up to 0.10.1 information disclosure
6670| [51757] Apache HTTP Server 2.0.44 cross site scripting
6671| [51756] Apache HTTP Server 2.0.44 spoofing
6672| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
6673| [51690] Apache Tomcat up to 6.0 directory traversal
6674| [51689] Apache Tomcat up to 6.0 information disclosure
6675| [51688] Apache Tomcat up to 6.0 directory traversal
6676| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
6677| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
6678| [50626] Apache Solr 1.0.0 cross site scripting
6679| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
6680| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
6681| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
6682| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
6683| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
6684| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
6685| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
6686| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
6687| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
6688| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
6689| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
6690| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
6691| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
6692| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
6693| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
6694| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
6695| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
6696| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
6697| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
6698| [47214] Apachefriends xampp 1.6.8 spoofing
6699| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
6700| [47162] Apachefriends XAMPP 1.4.4 weak authentication
6701| [47065] Apache Tomcat 4.1.23 cross site scripting
6702| [46834] Apache Tomcat up to 5.5.20 cross site scripting
6703| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
6704| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
6705| [86625] Apache Struts directory traversal
6706| [44461] Apache Tomcat up to 5.5.0 information disclosure
6707| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
6708| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
6709| [43663] Apache Tomcat up to 6.0.16 directory traversal
6710| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
6711| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
6712| [43516] Apache Tomcat up to 4.1.20 directory traversal
6713| [43509] Apache Tomcat up to 6.0.13 cross site scripting
6714| [42637] Apache Tomcat up to 6.0.16 cross site scripting
6715| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
6716| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
6717| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
6718| [40924] Apache Tomcat up to 6.0.15 information disclosure
6719| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
6720| [40922] Apache Tomcat up to 6.0 information disclosure
6721| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
6722| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
6723| [40656] Apache Tomcat 5.5.20 information disclosure
6724| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
6725| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
6726| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
6727| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
6728| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
6729| [40234] Apache Tomcat up to 6.0.15 directory traversal
6730| [40221] Apache HTTP Server 2.2.6 information disclosure
6731| [40027] David Castro Apache Authcas 0.4 sql injection
6732| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
6733| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
6734| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
6735| [39489] Apache Jakarta Slide up to 2.1 directory traversal
6736| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
6737| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
6738| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
6739| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
6740| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
6741| [38524] Apache Geronimo 2.0 unknown vulnerability
6742| [3256] Apache Tomcat up to 6.0.13 cross site scripting
6743| [38331] Apache Tomcat 4.1.24 information disclosure
6744| [38330] Apache Tomcat 4.1.24 information disclosure
6745| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
6746| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
6747| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
6748| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
6749| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
6750| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
6751| [37292] Apache Tomcat up to 5.5.1 cross site scripting
6752| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
6753| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
6754| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
6755| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
6756| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
6757| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
6758| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
6759| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
6760| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
6761| [36225] XAMPP Apache Distribution 1.6.0a sql injection
6762| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
6763| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
6764| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
6765| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
6766| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
6767| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
6768| [34252] Apache HTTP Server denial of service
6769| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
6770| [33877] Apache Opentaps 0.9.3 cross site scripting
6771| [33876] Apache Open For Business Project unknown vulnerability
6772| [33875] Apache Open For Business Project cross site scripting
6773| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
6774| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
6775| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
6776| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
6777| [31663] vbPortal Apache HTTP Server index.php directory traversal
6778| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
6779| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
6780| [30623] Apache James 2.2.0 SMTP Server denial of service
6781| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
6782#######################################################################################################################################
6783| MITRE CVE - https://cve.mitre.org:
6784| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
6785| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
6786| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
6787| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
6788| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
6789| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
6790| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
6791| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
6792| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
6793| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
6794| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
6795| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
6796| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
6797| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
6798| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
6799| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
6800| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
6801| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
6802| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
6803| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
6804| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
6805| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
6806| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
6807| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
6808| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
6809| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
6810| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
6811| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
6812| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
6813| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
6814| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6815| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
6816| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
6817| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
6818| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
6819| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
6820| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
6821| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
6822| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
6823| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
6824| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
6825| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6826| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6827| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6828| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6829| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
6830| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
6831| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
6832| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
6833| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
6834| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
6835| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
6836| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
6837| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
6838| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
6839| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
6840| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
6841| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
6842| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
6843| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
6844| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
6845| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
6846| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
6847| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
6848| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6849| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
6850| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
6851| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
6852| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
6853| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
6854| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
6855| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
6856| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
6857| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
6858| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
6859| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
6860| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
6861| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
6862| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
6863| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
6864| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
6865| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
6866| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
6867| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
6868| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
6869| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
6870| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
6871| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
6872| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
6873| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
6874| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
6875| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
6876| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
6877| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
6878| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
6879| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
6880| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
6881| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
6882| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
6883| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
6884| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
6885| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
6886| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
6887| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
6888| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
6889| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
6890| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
6891| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
6892| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
6893| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
6894| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
6895| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
6896| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
6897| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
6898| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
6899| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
6900| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
6901| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
6902| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
6903| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
6904| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
6905| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
6906| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
6907| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
6908| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
6909| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
6910| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
6911| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
6912| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
6913| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
6914| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
6915| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
6916| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
6917| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
6918| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
6919| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
6920| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
6921| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
6922| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
6923| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
6924| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
6925| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
6926| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
6927| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
6928| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
6929| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
6930| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
6931| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
6932| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
6933| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
6934| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
6935| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
6936| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
6937| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
6938| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
6939| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
6940| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
6941| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
6942| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
6943| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
6944| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
6945| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
6946| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
6947| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6948| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
6949| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
6950| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
6951| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
6952| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
6953| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
6954| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
6955| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
6956| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
6957| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
6958| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
6959| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
6960| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
6961| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
6962| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
6963| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6964| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
6965| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
6966| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
6967| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
6968| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
6969| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
6970| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
6971| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
6972| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
6973| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
6974| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
6975| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
6976| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
6977| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
6978| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
6979| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
6980| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
6981| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
6982| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
6983| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
6984| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
6985| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
6986| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
6987| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
6988| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
6989| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
6990| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
6991| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
6992| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
6993| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
6994| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
6995| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
6996| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
6997| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
6998| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
6999| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
7000| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
7001| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
7002| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
7003| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
7004| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7005| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
7006| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
7007| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
7008| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
7009| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
7010| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
7011| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
7012| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
7013| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
7014| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
7015| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
7016| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
7017| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
7018| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
7019| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
7020| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
7021| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
7022| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
7023| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
7024| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
7025| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
7026| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
7027| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
7028| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
7029| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
7030| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
7031| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
7032| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
7033| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
7034| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
7035| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
7036| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
7037| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
7038| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
7039| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
7040| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
7041| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
7042| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
7043| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
7044| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
7045| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
7046| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
7047| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
7048| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
7049| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
7050| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
7051| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
7052| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
7053| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
7054| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
7055| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
7056| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
7057| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
7058| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
7059| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
7060| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
7061| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
7062| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
7063| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
7064| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
7065| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
7066| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
7067| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
7068| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
7069| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
7070| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
7071| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
7072| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
7073| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
7074| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
7075| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
7076| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
7077| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
7078| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
7079| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
7080| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
7081| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
7082| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
7083| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
7084| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
7085| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
7086| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
7087| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
7088| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
7089| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7090| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
7091| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
7092| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
7093| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
7094| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
7095| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
7096| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
7097| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
7098| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
7099| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
7100| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
7101| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
7102| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
7103| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7104| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
7105| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
7106| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
7107| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
7108| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
7109| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
7110| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
7111| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
7112| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
7113| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
7114| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
7115| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
7116| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
7117| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
7118| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
7119| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
7120| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
7121| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
7122| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
7123| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
7124| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
7125| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
7126| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
7127| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
7128| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
7129| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
7130| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
7131| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
7132| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
7133| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
7134| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
7135| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
7136| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
7137| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
7138| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
7139| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
7140| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
7141| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
7142| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
7143| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
7144| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
7145| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
7146| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
7147| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
7148| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
7149| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
7150| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
7151| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
7152| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
7153| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
7154| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
7155| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
7156| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
7157| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
7158| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
7159| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
7160| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
7161| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
7162| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
7163| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
7164| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
7165| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
7166| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
7167| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
7168| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
7169| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
7170| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
7171| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
7172| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
7173| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
7174| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
7175| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
7176| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
7177| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
7178| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
7179| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
7180| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
7181| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
7182| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
7183| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
7184| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
7185| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
7186| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
7187| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
7188| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
7189| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
7190| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
7191| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
7192| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
7193| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
7194| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
7195| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
7196| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
7197| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
7198| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
7199| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
7200| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
7201| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
7202| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
7203| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
7204| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
7205| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
7206| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
7207| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
7208| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
7209| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
7210| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
7211| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
7212| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
7213| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
7214| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
7215| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
7216| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
7217| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
7218| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
7219| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
7220| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
7221| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
7222| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
7223| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
7224| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
7225| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
7226| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
7227| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
7228| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
7229| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
7230| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
7231| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
7232| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
7233| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
7234| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
7235| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
7236| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
7237| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
7238| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
7239| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
7240| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
7241| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
7242| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
7243| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
7244| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
7245| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
7246| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
7247| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
7248| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
7249| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
7250| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
7251| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
7252| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
7253| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
7254| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
7255| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
7256| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
7257| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
7258| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
7259| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
7260| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
7261| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
7262| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
7263| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
7264| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
7265| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
7266| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
7267| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
7268| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
7269| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
7270| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
7271| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
7272| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
7273| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
7274| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
7275| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
7276| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
7277| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
7278| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
7279| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
7280| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
7281| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
7282| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
7283| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
7284| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
7285| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
7286| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
7287| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
7288| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
7289| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
7290| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
7291| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
7292| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
7293| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
7294| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
7295| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
7296| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
7297| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
7298| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
7299| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
7300| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
7301| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
7302| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
7303| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
7304| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
7305| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
7306| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
7307| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
7308| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
7309| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
7310| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
7311| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
7312| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
7313| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
7314| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
7315| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
7316| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
7317| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
7318| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
7319| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
7320| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
7321| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
7322| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
7323| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
7324| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
7325| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
7326| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
7327| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
7328| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
7329| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
7330| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
7331| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
7332| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
7333| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
7334| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
7335| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
7336| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
7337| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
7338| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
7339| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
7340| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
7341| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
7342| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
7343| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
7344| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
7345| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
7346| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
7347| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
7348| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
7349| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
7350| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
7351| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
7352| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
7353| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
7354| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
7355| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
7356| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
7357| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
7358| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
7359| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
7360| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
7361| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
7362| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
7363| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
7364| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
7365| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
7366| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
7367| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
7368| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
7369| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
7370| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
7371| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
7372| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
7373| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
7374| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
7375| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
7376| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
7377| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
7378| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
7379| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
7380| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
7381| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
7382| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
7383| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
7384| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
7385| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
7386| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
7387| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
7388| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
7389| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
7390| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
7391| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
7392| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
7393#######################################################################################################################################
7394| SecurityFocus - https://www.securityfocus.com/bid/:
7395| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
7396| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
7397| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
7398| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
7399| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
7400| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
7401| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
7402| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
7403| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
7404| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
7405| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
7406| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
7407| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
7408| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
7409| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
7410| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
7411| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
7412| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
7413| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
7414| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
7415| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
7416| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
7417| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
7418| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
7419| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
7420| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
7421| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
7422| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
7423| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
7424| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
7425| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
7426| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
7427| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
7428| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
7429| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
7430| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
7431| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
7432| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
7433| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
7434| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
7435| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
7436| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
7437| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
7438| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
7439| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
7440| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
7441| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
7442| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
7443| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
7444| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
7445| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
7446| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
7447| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
7448| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
7449| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
7450| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
7451| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
7452| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
7453| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
7454| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
7455| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
7456| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
7457| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
7458| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
7459| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
7460| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
7461| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
7462| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
7463| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
7464| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
7465| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
7466| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
7467| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
7468| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
7469| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
7470| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
7471| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
7472| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
7473| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
7474| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
7475| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
7476| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
7477| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
7478| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
7479| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
7480| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
7481| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
7482| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
7483| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
7484| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
7485| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
7486| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
7487| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
7488| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
7489| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
7490| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
7491| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
7492| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
7493| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
7494| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
7495| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
7496| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
7497| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
7498| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
7499| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
7500| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
7501| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
7502| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
7503| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
7504| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
7505| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
7506| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
7507| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
7508| [100447] Apache2Triad Multiple Security Vulnerabilities
7509| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
7510| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
7511| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
7512| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
7513| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
7514| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
7515| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
7516| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
7517| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
7518| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
7519| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
7520| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
7521| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
7522| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
7523| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
7524| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
7525| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
7526| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
7527| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
7528| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
7529| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
7530| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
7531| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
7532| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
7533| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
7534| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
7535| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
7536| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
7537| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
7538| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
7539| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
7540| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
7541| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
7542| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
7543| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
7544| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
7545| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
7546| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
7547| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
7548| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
7549| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
7550| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
7551| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
7552| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
7553| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
7554| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
7555| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
7556| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
7557| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
7558| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
7559| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
7560| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
7561| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
7562| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
7563| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
7564| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
7565| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
7566| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
7567| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
7568| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
7569| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
7570| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
7571| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
7572| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
7573| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
7574| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
7575| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
7576| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
7577| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
7578| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
7579| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
7580| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
7581| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
7582| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
7583| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
7584| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
7585| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
7586| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
7587| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
7588| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
7589| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
7590| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
7591| [95675] Apache Struts Remote Code Execution Vulnerability
7592| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
7593| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
7594| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
7595| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
7596| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
7597| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
7598| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
7599| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
7600| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
7601| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
7602| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
7603| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
7604| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
7605| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
7606| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
7607| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
7608| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
7609| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
7610| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
7611| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
7612| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
7613| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
7614| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
7615| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
7616| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
7617| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
7618| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
7619| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
7620| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
7621| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
7622| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
7623| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
7624| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
7625| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
7626| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
7627| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
7628| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
7629| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
7630| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
7631| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
7632| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
7633| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
7634| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
7635| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
7636| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
7637| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
7638| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
7639| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
7640| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
7641| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
7642| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
7643| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
7644| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
7645| [91736] Apache XML-RPC Multiple Security Vulnerabilities
7646| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
7647| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
7648| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
7649| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
7650| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
7651| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
7652| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
7653| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
7654| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
7655| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
7656| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
7657| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
7658| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
7659| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
7660| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
7661| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
7662| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
7663| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
7664| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
7665| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
7666| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
7667| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
7668| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
7669| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
7670| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
7671| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
7672| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
7673| [90482] Apache CVE-2004-1387 Local Security Vulnerability
7674| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
7675| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
7676| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
7677| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
7678| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
7679| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
7680| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
7681| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
7682| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
7683| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
7684| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
7685| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
7686| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
7687| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
7688| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
7689| [86399] Apache CVE-2007-1743 Local Security Vulnerability
7690| [86397] Apache CVE-2007-1742 Local Security Vulnerability
7691| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
7692| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
7693| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
7694| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
7695| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
7696| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
7697| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
7698| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
7699| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
7700| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
7701| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
7702| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
7703| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
7704| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
7705| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
7706| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
7707| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
7708| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
7709| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
7710| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
7711| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
7712| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
7713| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
7714| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
7715| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
7716| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
7717| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
7718| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
7719| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
7720| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
7721| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
7722| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
7723| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
7724| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
7725| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
7726| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
7727| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
7728| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
7729| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
7730| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
7731| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
7732| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
7733| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
7734| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
7735| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
7736| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
7737| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
7738| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
7739| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
7740| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
7741| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
7742| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
7743| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
7744| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
7745| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
7746| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
7747| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
7748| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
7749| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
7750| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
7751| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
7752| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
7753| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
7754| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
7755| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
7756| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
7757| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
7758| [76933] Apache James Server Unspecified Command Execution Vulnerability
7759| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
7760| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
7761| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
7762| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
7763| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
7764| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
7765| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
7766| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
7767| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
7768| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
7769| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
7770| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
7771| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
7772| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
7773| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
7774| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
7775| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
7776| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
7777| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
7778| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
7779| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
7780| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
7781| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
7782| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
7783| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
7784| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
7785| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
7786| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
7787| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
7788| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
7789| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
7790| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
7791| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
7792| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
7793| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
7794| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
7795| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
7796| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
7797| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
7798| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
7799| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
7800| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
7801| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
7802| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
7803| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
7804| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
7805| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
7806| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
7807| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
7808| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
7809| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
7810| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
7811| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
7812| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
7813| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
7814| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
7815| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
7816| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
7817| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
7818| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
7819| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
7820| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
7821| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
7822| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
7823| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
7824| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
7825| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
7826| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
7827| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
7828| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
7829| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
7830| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
7831| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
7832| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
7833| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
7834| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
7835| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
7836| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
7837| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
7838| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
7839| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
7840| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
7841| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
7842| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
7843| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
7844| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
7845| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
7846| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
7847| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
7848| [68229] Apache Harmony PRNG Entropy Weakness
7849| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
7850| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
7851| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
7852| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
7853| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
7854| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
7855| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
7856| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
7857| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
7858| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
7859| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
7860| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
7861| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
7862| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
7863| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
7864| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
7865| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
7866| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
7867| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
7868| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
7869| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
7870| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
7871| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
7872| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
7873| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
7874| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
7875| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
7876| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
7877| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
7878| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
7879| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
7880| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
7881| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
7882| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
7883| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
7884| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
7885| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
7886| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
7887| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
7888| [64780] Apache CloudStack Unauthorized Access Vulnerability
7889| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
7890| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
7891| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
7892| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
7893| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
7894| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
7895| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
7896| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
7897| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
7898| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
7899| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
7900| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
7901| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
7902| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
7903| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
7904| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
7905| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
7906| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
7907| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
7908| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
7909| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
7910| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
7911| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
7912| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
7913| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
7914| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
7915| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
7916| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
7917| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
7918| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
7919| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
7920| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
7921| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
7922| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
7923| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
7924| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
7925| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
7926| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
7927| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
7928| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
7929| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
7930| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
7931| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
7932| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
7933| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
7934| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
7935| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
7936| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
7937| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
7938| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
7939| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
7940| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
7941| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
7942| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
7943| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
7944| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
7945| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
7946| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
7947| [59670] Apache VCL Multiple Input Validation Vulnerabilities
7948| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
7949| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
7950| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
7951| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
7952| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
7953| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
7954| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
7955| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
7956| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
7957| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
7958| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
7959| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
7960| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
7961| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
7962| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
7963| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
7964| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
7965| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
7966| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
7967| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
7968| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
7969| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
7970| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
7971| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
7972| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
7973| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
7974| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
7975| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
7976| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
7977| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
7978| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
7979| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
7980| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
7981| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
7982| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
7983| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
7984| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
7985| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
7986| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
7987| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
7988| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
7989| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
7990| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
7991| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
7992| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
7993| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
7994| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
7995| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
7996| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
7997| [54798] Apache Libcloud Man In The Middle Vulnerability
7998| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
7999| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
8000| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
8001| [54189] Apache Roller Cross Site Request Forgery Vulnerability
8002| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
8003| [53880] Apache CXF Child Policies Security Bypass Vulnerability
8004| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
8005| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
8006| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
8007| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
8008| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
8009| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
8010| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
8011| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
8012| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
8013| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
8014| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
8015| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
8016| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
8017| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
8018| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
8019| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
8020| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
8021| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
8022| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
8023| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
8024| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
8025| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
8026| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
8027| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
8028| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
8029| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
8030| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
8031| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
8032| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
8033| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
8034| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
8035| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
8036| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
8037| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
8038| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
8039| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
8040| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
8041| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
8042| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
8043| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
8044| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
8045| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
8046| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
8047| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
8048| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
8049| [49290] Apache Wicket Cross Site Scripting Vulnerability
8050| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
8051| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
8052| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
8053| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
8054| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
8055| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
8056| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
8057| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
8058| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
8059| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
8060| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
8061| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
8062| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
8063| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
8064| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
8065| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
8066| [46953] Apache MPM-ITK Module Security Weakness
8067| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
8068| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
8069| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
8070| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
8071| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
8072| [46166] Apache Tomcat JVM Denial of Service Vulnerability
8073| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
8074| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
8075| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
8076| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
8077| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
8078| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
8079| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
8080| [44616] Apache Shiro Directory Traversal Vulnerability
8081| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
8082| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
8083| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
8084| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
8085| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
8086| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
8087| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
8088| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
8089| [42492] Apache CXF XML DTD Processing Security Vulnerability
8090| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
8091| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
8092| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
8093| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
8094| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
8095| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
8096| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
8097| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
8098| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
8099| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
8100| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
8101| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
8102| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
8103| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
8104| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
8105| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
8106| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
8107| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
8108| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
8109| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
8110| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
8111| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
8112| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
8113| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
8114| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
8115| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
8116| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
8117| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
8118| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
8119| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
8120| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
8121| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
8122| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
8123| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
8124| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
8125| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
8126| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
8127| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
8128| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
8129| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
8130| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
8131| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
8132| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
8133| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
8134| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
8135| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
8136| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
8137| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
8138| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
8139| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8140| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
8141| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
8142| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
8143| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
8144| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
8145| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
8146| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
8147| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
8148| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
8149| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
8150| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
8151| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
8152| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
8153| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
8154| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
8155| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
8156| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
8157| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
8158| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
8159| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
8160| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
8161| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
8162| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
8163| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
8164| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
8165| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
8166| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
8167| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
8168| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
8169| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
8170| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
8171| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
8172| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
8173| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
8174| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
8175| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
8176| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
8177| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
8178| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
8179| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
8180| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
8181| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
8182| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
8183| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
8184| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
8185| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
8186| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
8187| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
8188| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
8189| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
8190| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
8191| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
8192| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
8193| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
8194| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
8195| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
8196| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
8197| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
8198| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
8199| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
8200| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
8201| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
8202| [20527] Apache Mod_TCL Remote Format String Vulnerability
8203| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
8204| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
8205| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
8206| [19106] Apache Tomcat Information Disclosure Vulnerability
8207| [18138] Apache James SMTP Denial Of Service Vulnerability
8208| [17342] Apache Struts Multiple Remote Vulnerabilities
8209| [17095] Apache Log4Net Denial Of Service Vulnerability
8210| [16916] Apache mod_python FileSession Code Execution Vulnerability
8211| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
8212| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
8213| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
8214| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
8215| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
8216| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
8217| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
8218| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
8219| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
8220| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
8221| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
8222| [15177] PHP Apache 2 Local Denial of Service Vulnerability
8223| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
8224| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
8225| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
8226| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
8227| [14106] Apache HTTP Request Smuggling Vulnerability
8228| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
8229| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
8230| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
8231| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
8232| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
8233| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
8234| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
8235| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
8236| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
8237| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
8238| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
8239| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
8240| [11471] Apache mod_include Local Buffer Overflow Vulnerability
8241| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
8242| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
8243| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
8244| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
8245| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
8246| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
8247| [11094] Apache mod_ssl Denial Of Service Vulnerability
8248| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
8249| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
8250| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
8251| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
8252| [10478] ClueCentral Apache Suexec Patch Security Weakness
8253| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
8254| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
8255| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
8256| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
8257| [9921] Apache Connection Blocking Denial Of Service Vulnerability
8258| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
8259| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
8260| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
8261| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
8262| [9733] Apache Cygwin Directory Traversal Vulnerability
8263| [9599] Apache mod_php Global Variables Information Disclosure Weakness
8264| [9590] Apache-SSL Client Certificate Forging Vulnerability
8265| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
8266| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
8267| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
8268| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
8269| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
8270| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
8271| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
8272| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
8273| [8898] Red Hat Apache Directory Index Default Configuration Error
8274| [8883] Apache Cocoon Directory Traversal Vulnerability
8275| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
8276| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
8277| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
8278| [8707] Apache htpasswd Password Entropy Weakness
8279| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
8280| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
8281| [8226] Apache HTTP Server Multiple Vulnerabilities
8282| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
8283| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
8284| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
8285| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
8286| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
8287| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
8288| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
8289| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
8290| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
8291| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
8292| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
8293| [7255] Apache Web Server File Descriptor Leakage Vulnerability
8294| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
8295| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
8296| [6939] Apache Web Server ETag Header Information Disclosure Weakness
8297| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
8298| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
8299| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
8300| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
8301| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
8302| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
8303| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
8304| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
8305| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
8306| [6117] Apache mod_php File Descriptor Leakage Vulnerability
8307| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
8308| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
8309| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
8310| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
8311| [5992] Apache HTDigest Insecure Temporary File Vulnerability
8312| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
8313| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
8314| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
8315| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
8316| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
8317| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
8318| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
8319| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
8320| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
8321| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
8322| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
8323| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
8324| [5485] Apache 2.0 Path Disclosure Vulnerability
8325| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
8326| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
8327| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
8328| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
8329| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
8330| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
8331| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
8332| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
8333| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
8334| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
8335| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
8336| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
8337| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
8338| [4437] Apache Error Message Cross-Site Scripting Vulnerability
8339| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
8340| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
8341| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
8342| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
8343| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
8344| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
8345| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
8346| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
8347| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
8348| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
8349| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
8350| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
8351| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
8352| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
8353| [3596] Apache Split-Logfile File Append Vulnerability
8354| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
8355| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
8356| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
8357| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
8358| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
8359| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
8360| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
8361| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
8362| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
8363| [3169] Apache Server Address Disclosure Vulnerability
8364| [3009] Apache Possible Directory Index Disclosure Vulnerability
8365| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
8366| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
8367| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
8368| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
8369| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
8370| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
8371| [2216] Apache Web Server DoS Vulnerability
8372| [2182] Apache /tmp File Race Vulnerability
8373| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
8374| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
8375| [1821] Apache mod_cookies Buffer Overflow Vulnerability
8376| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
8377| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
8378| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
8379| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
8380| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
8381| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
8382| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
8383| [1457] Apache::ASP source.asp Example Script Vulnerability
8384| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
8385| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
8386#######################################################################################################################################
8387| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8388| [86258] Apache CloudStack text fields cross-site scripting
8389| [85983] Apache Subversion mod_dav_svn module denial of service
8390| [85875] Apache OFBiz UEL code execution
8391| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
8392| [85871] Apache HTTP Server mod_session_dbd unspecified
8393| [85756] Apache Struts OGNL expression command execution
8394| [85755] Apache Struts DefaultActionMapper class open redirect
8395| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
8396| [85574] Apache HTTP Server mod_dav denial of service
8397| [85573] Apache Struts Showcase App OGNL code execution
8398| [85496] Apache CXF denial of service
8399| [85423] Apache Geronimo RMI classloader code execution
8400| [85326] Apache Santuario XML Security for C++ buffer overflow
8401| [85323] Apache Santuario XML Security for Java spoofing
8402| [85319] Apache Qpid Python client SSL spoofing
8403| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
8404| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
8405| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
8406| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
8407| [84952] Apache Tomcat CVE-2012-3544 denial of service
8408| [84763] Apache Struts CVE-2013-2135 security bypass
8409| [84762] Apache Struts CVE-2013-2134 security bypass
8410| [84719] Apache Subversion CVE-2013-2088 command execution
8411| [84718] Apache Subversion CVE-2013-2112 denial of service
8412| [84717] Apache Subversion CVE-2013-1968 denial of service
8413| [84577] Apache Tomcat security bypass
8414| [84576] Apache Tomcat symlink
8415| [84543] Apache Struts CVE-2013-2115 security bypass
8416| [84542] Apache Struts CVE-2013-1966 security bypass
8417| [84154] Apache Tomcat session hijacking
8418| [84144] Apache Tomcat denial of service
8419| [84143] Apache Tomcat information disclosure
8420| [84111] Apache HTTP Server command execution
8421| [84043] Apache Virtual Computing Lab cross-site scripting
8422| [84042] Apache Virtual Computing Lab cross-site scripting
8423| [83782] Apache CloudStack information disclosure
8424| [83781] Apache CloudStack security bypass
8425| [83720] Apache ActiveMQ cross-site scripting
8426| [83719] Apache ActiveMQ denial of service
8427| [83718] Apache ActiveMQ denial of service
8428| [83263] Apache Subversion denial of service
8429| [83262] Apache Subversion denial of service
8430| [83261] Apache Subversion denial of service
8431| [83259] Apache Subversion denial of service
8432| [83035] Apache mod_ruid2 security bypass
8433| [82852] Apache Qpid federation_tag security bypass
8434| [82851] Apache Qpid qpid::framing::Buffer denial of service
8435| [82758] Apache Rave User RPC API information disclosure
8436| [82663] Apache Subversion svn_fs_file_length() denial of service
8437| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
8438| [82641] Apache Qpid AMQP denial of service
8439| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
8440| [82618] Apache Commons FileUpload symlink
8441| [82360] Apache HTTP Server manager interface cross-site scripting
8442| [82359] Apache HTTP Server hostnames cross-site scripting
8443| [82338] Apache Tomcat log/logdir information disclosure
8444| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
8445| [82268] Apache OpenJPA deserialization command execution
8446| [81981] Apache CXF UsernameTokens security bypass
8447| [81980] Apache CXF WS-Security security bypass
8448| [81398] Apache OFBiz cross-site scripting
8449| [81240] Apache CouchDB directory traversal
8450| [81226] Apache CouchDB JSONP code execution
8451| [81225] Apache CouchDB Futon user interface cross-site scripting
8452| [81211] Apache Axis2/C SSL spoofing
8453| [81167] Apache CloudStack DeployVM information disclosure
8454| [81166] Apache CloudStack AddHost API information disclosure
8455| [81165] Apache CloudStack createSSHKeyPair API information disclosure
8456| [80518] Apache Tomcat cross-site request forgery security bypass
8457| [80517] Apache Tomcat FormAuthenticator security bypass
8458| [80516] Apache Tomcat NIO denial of service
8459| [80408] Apache Tomcat replay-countermeasure security bypass
8460| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
8461| [80317] Apache Tomcat slowloris denial of service
8462| [79984] Apache Commons HttpClient SSL spoofing
8463| [79983] Apache CXF SSL spoofing
8464| [79830] Apache Axis2/Java SSL spoofing
8465| [79829] Apache Axis SSL spoofing
8466| [79809] Apache Tomcat DIGEST security bypass
8467| [79806] Apache Tomcat parseHeaders() denial of service
8468| [79540] Apache OFBiz unspecified
8469| [79487] Apache Axis2 SAML security bypass
8470| [79212] Apache Cloudstack code execution
8471| [78734] Apache CXF SOAP Action security bypass
8472| [78730] Apache Qpid broker denial of service
8473| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
8474| [78563] Apache mod_pagespeed module unspecified cross-site scripting
8475| [78562] Apache mod_pagespeed module security bypass
8476| [78454] Apache Axis2 security bypass
8477| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
8478| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
8479| [78321] Apache Wicket unspecified cross-site scripting
8480| [78183] Apache Struts parameters denial of service
8481| [78182] Apache Struts cross-site request forgery
8482| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
8483| [77987] mod_rpaf module for Apache denial of service
8484| [77958] Apache Struts skill name code execution
8485| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
8486| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
8487| [77568] Apache Qpid broker security bypass
8488| [77421] Apache Libcloud spoofing
8489| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
8490| [77046] Oracle Solaris Apache HTTP Server information disclosure
8491| [76837] Apache Hadoop information disclosure
8492| [76802] Apache Sling CopyFrom denial of service
8493| [76692] Apache Hadoop symlink
8494| [76535] Apache Roller console cross-site request forgery
8495| [76534] Apache Roller weblog cross-site scripting
8496| [76152] Apache CXF elements security bypass
8497| [76151] Apache CXF child policies security bypass
8498| [75983] MapServer for Windows Apache file include
8499| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
8500| [75558] Apache POI denial of service
8501| [75545] PHP apache_request_headers() buffer overflow
8502| [75302] Apache Qpid SASL security bypass
8503| [75211] Debian GNU/Linux apache 2 cross-site scripting
8504| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
8505| [74871] Apache OFBiz FlexibleStringExpander code execution
8506| [74870] Apache OFBiz multiple cross-site scripting
8507| [74750] Apache Hadoop unspecified spoofing
8508| [74319] Apache Struts XSLTResult.java file upload
8509| [74313] Apache Traffic Server header buffer overflow
8510| [74276] Apache Wicket directory traversal
8511| [74273] Apache Wicket unspecified cross-site scripting
8512| [74181] Apache HTTP Server mod_fcgid module denial of service
8513| [73690] Apache Struts OGNL code execution
8514| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
8515| [73100] Apache MyFaces in directory traversal
8516| [73096] Apache APR hash denial of service
8517| [73052] Apache Struts name cross-site scripting
8518| [73030] Apache CXF UsernameToken security bypass
8519| [72888] Apache Struts lastName cross-site scripting
8520| [72758] Apache HTTP Server httpOnly information disclosure
8521| [72757] Apache HTTP Server MPM denial of service
8522| [72585] Apache Struts ParameterInterceptor security bypass
8523| [72438] Apache Tomcat Digest security bypass
8524| [72437] Apache Tomcat Digest security bypass
8525| [72436] Apache Tomcat DIGEST security bypass
8526| [72425] Apache Tomcat parameter denial of service
8527| [72422] Apache Tomcat request object information disclosure
8528| [72377] Apache HTTP Server scoreboard security bypass
8529| [72345] Apache HTTP Server HTTP request denial of service
8530| [72229] Apache Struts ExceptionDelegator command execution
8531| [72089] Apache Struts ParameterInterceptor directory traversal
8532| [72088] Apache Struts CookieInterceptor command execution
8533| [72047] Apache Geronimo hash denial of service
8534| [72016] Apache Tomcat hash denial of service
8535| [71711] Apache Struts OGNL expression code execution
8536| [71654] Apache Struts interfaces security bypass
8537| [71620] Apache ActiveMQ failover denial of service
8538| [71617] Apache HTTP Server mod_proxy module information disclosure
8539| [71508] Apache MyFaces EL security bypass
8540| [71445] Apache HTTP Server mod_proxy security bypass
8541| [71203] Apache Tomcat servlets privilege escalation
8542| [71181] Apache HTTP Server ap_pregsub() denial of service
8543| [71093] Apache HTTP Server ap_pregsub() buffer overflow
8544| [70336] Apache HTTP Server mod_proxy information disclosure
8545| [69804] Apache HTTP Server mod_proxy_ajp denial of service
8546| [69472] Apache Tomcat AJP security bypass
8547| [69396] Apache HTTP Server ByteRange filter denial of service
8548| [69394] Apache Wicket multi window support cross-site scripting
8549| [69176] Apache Tomcat XML information disclosure
8550| [69161] Apache Tomcat jsvc information disclosure
8551| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
8552| [68541] Apache Tomcat sendfile information disclosure
8553| [68420] Apache XML Security denial of service
8554| [68238] Apache Tomcat JMX information disclosure
8555| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
8556| [67804] Apache Subversion control rules information disclosure
8557| [67803] Apache Subversion control rules denial of service
8558| [67802] Apache Subversion baselined denial of service
8559| [67672] Apache Archiva multiple cross-site scripting
8560| [67671] Apache Archiva multiple cross-site request forgery
8561| [67564] Apache APR apr_fnmatch() denial of service
8562| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
8563| [67515] Apache Tomcat annotations security bypass
8564| [67480] Apache Struts s:submit information disclosure
8565| [67414] Apache APR apr_fnmatch() denial of service
8566| [67356] Apache Struts javatemplates cross-site scripting
8567| [67354] Apache Struts Xwork cross-site scripting
8568| [66676] Apache Tomcat HTTP BIO information disclosure
8569| [66675] Apache Tomcat web.xml security bypass
8570| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
8571| [66241] Apache HttpComponents information disclosure
8572| [66154] Apache Tomcat ServletSecurity security bypass
8573| [65971] Apache Tomcat ServletSecurity security bypass
8574| [65876] Apache Subversion mod_dav_svn denial of service
8575| [65343] Apache Continuum unspecified cross-site scripting
8576| [65162] Apache Tomcat NIO connector denial of service
8577| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
8578| [65160] Apache Tomcat HTML Manager interface cross-site scripting
8579| [65159] Apache Tomcat ServletContect security bypass
8580| [65050] Apache CouchDB web-based administration UI cross-site scripting
8581| [64773] Oracle HTTP Server Apache Plugin unauthorized access
8582| [64473] Apache Subversion blame -g denial of service
8583| [64472] Apache Subversion walk() denial of service
8584| [64407] Apache Axis2 CVE-2010-0219 code execution
8585| [63926] Apache Archiva password privilege escalation
8586| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
8587| [63493] Apache Archiva credentials cross-site request forgery
8588| [63477] Apache Tomcat HttpOnly session hijacking
8589| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
8590| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
8591| [62959] Apache Shiro filters security bypass
8592| [62790] Apache Perl cgi module denial of service
8593| [62576] Apache Qpid exchange denial of service
8594| [62575] Apache Qpid AMQP denial of service
8595| [62354] Apache Qpid SSL denial of service
8596| [62235] Apache APR-util apr_brigade_split_line() denial of service
8597| [62181] Apache XML-RPC SAX Parser information disclosure
8598| [61721] Apache Traffic Server cache poisoning
8599| [61202] Apache Derby BUILTIN authentication functionality information disclosure
8600| [61186] Apache CouchDB Futon cross-site request forgery
8601| [61169] Apache CXF DTD denial of service
8602| [61070] Apache Jackrabbit search.jsp SQL injection
8603| [61006] Apache SLMS Quoting cross-site request forgery
8604| [60962] Apache Tomcat time cross-site scripting
8605| [60883] Apache mod_proxy_http information disclosure
8606| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
8607| [60264] Apache Tomcat Transfer-Encoding denial of service
8608| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
8609| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
8610| [59413] Apache mod_proxy_http timeout information disclosure
8611| [59058] Apache MyFaces unencrypted view state cross-site scripting
8612| [58827] Apache Axis2 xsd file include
8613| [58790] Apache Axis2 modules cross-site scripting
8614| [58299] Apache ActiveMQ queueBrowse cross-site scripting
8615| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
8616| [58056] Apache ActiveMQ .jsp source code disclosure
8617| [58055] Apache Tomcat realm name information disclosure
8618| [58046] Apache HTTP Server mod_auth_shadow security bypass
8619| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
8620| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
8621| [57429] Apache CouchDB algorithms information disclosure
8622| [57398] Apache ActiveMQ Web console cross-site request forgery
8623| [57397] Apache ActiveMQ createDestination.action cross-site scripting
8624| [56653] Apache HTTP Server DNS spoofing
8625| [56652] Apache HTTP Server DNS cross-site scripting
8626| [56625] Apache HTTP Server request header information disclosure
8627| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
8628| [56623] Apache HTTP Server mod_proxy_ajp denial of service
8629| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
8630| [55857] Apache Tomcat WAR files directory traversal
8631| [55856] Apache Tomcat autoDeploy attribute security bypass
8632| [55855] Apache Tomcat WAR directory traversal
8633| [55210] Intuit component for Joomla! Apache information disclosure
8634| [54533] Apache Tomcat 404 error page cross-site scripting
8635| [54182] Apache Tomcat admin default password
8636| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
8637| [53666] Apache HTTP Server Solaris pollset support denial of service
8638| [53650] Apache HTTP Server HTTP basic-auth module security bypass
8639| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
8640| [53041] mod_proxy_ftp module for Apache denial of service
8641| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
8642| [51953] Apache Tomcat Path Disclosure
8643| [51952] Apache Tomcat Path Traversal
8644| [51951] Apache stronghold-status Information Disclosure
8645| [51950] Apache stronghold-info Information Disclosure
8646| [51949] Apache PHP Source Code Disclosure
8647| [51948] Apache Multiviews Attack
8648| [51946] Apache JServ Environment Status Information Disclosure
8649| [51945] Apache error_log Information Disclosure
8650| [51944] Apache Default Installation Page Pattern Found
8651| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
8652| [51942] Apache AXIS XML External Entity File Retrieval
8653| [51941] Apache AXIS Sample Servlet Information Leak
8654| [51940] Apache access_log Information Disclosure
8655| [51626] Apache mod_deflate denial of service
8656| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
8657| [51365] Apache Tomcat RequestDispatcher security bypass
8658| [51273] Apache HTTP Server Incomplete Request denial of service
8659| [51195] Apache Tomcat XML information disclosure
8660| [50994] Apache APR-util xml/apr_xml.c denial of service
8661| [50993] Apache APR-util apr_brigade_vprintf denial of service
8662| [50964] Apache APR-util apr_strmatch_precompile() denial of service
8663| [50930] Apache Tomcat j_security_check information disclosure
8664| [50928] Apache Tomcat AJP denial of service
8665| [50884] Apache HTTP Server XML ENTITY denial of service
8666| [50808] Apache HTTP Server AllowOverride privilege escalation
8667| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
8668| [50059] Apache mod_proxy_ajp information disclosure
8669| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
8670| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
8671| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
8672| [49921] Apache ActiveMQ Web interface cross-site scripting
8673| [49898] Apache Geronimo Services/Repository directory traversal
8674| [49725] Apache Tomcat mod_jk module information disclosure
8675| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
8676| [49712] Apache Struts unspecified cross-site scripting
8677| [49213] Apache Tomcat cal2.jsp cross-site scripting
8678| [48934] Apache Tomcat POST doRead method information disclosure
8679| [48211] Apache Tomcat header HTTP request smuggling
8680| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
8681| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
8682| [47709] Apache Roller "
8683| [47104] Novell Netware ApacheAdmin console security bypass
8684| [47086] Apache HTTP Server OS fingerprinting unspecified
8685| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
8686| [45791] Apache Tomcat RemoteFilterValve security bypass
8687| [44435] Oracle WebLogic Apache Connector buffer overflow
8688| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
8689| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
8690| [44156] Apache Tomcat RequestDispatcher directory traversal
8691| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
8692| [43885] Oracle WebLogic Server Apache Connector buffer overflow
8693| [42987] Apache HTTP Server mod_proxy module denial of service
8694| [42915] Apache Tomcat JSP files path disclosure
8695| [42914] Apache Tomcat MS-DOS path disclosure
8696| [42892] Apache Tomcat unspecified unauthorized access
8697| [42816] Apache Tomcat Host Manager cross-site scripting
8698| [42303] Apache 403 error cross-site scripting
8699| [41618] Apache-SSL ExpandCert() authentication bypass
8700| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
8701| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
8702| [40614] Apache mod_jk2 HTTP Host header buffer overflow
8703| [40562] Apache Geronimo init information disclosure
8704| [40478] Novell Web Manager webadmin-apache.conf security bypass
8705| [40411] Apache Tomcat exception handling information disclosure
8706| [40409] Apache Tomcat native (APR based) connector weak security
8707| [40403] Apache Tomcat quotes and %5C cookie information disclosure
8708| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
8709| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
8710| [39867] Apache HTTP Server mod_negotiation cross-site scripting
8711| [39804] Apache Tomcat SingleSignOn information disclosure
8712| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
8713| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
8714| [39608] Apache HTTP Server balancer manager cross-site request forgery
8715| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
8716| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
8717| [39472] Apache HTTP Server mod_status cross-site scripting
8718| [39201] Apache Tomcat JULI logging weak security
8719| [39158] Apache HTTP Server Windows SMB shares information disclosure
8720| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
8721| [38951] Apache::AuthCAS Perl module cookie SQL injection
8722| [38800] Apache HTTP Server 413 error page cross-site scripting
8723| [38211] Apache Geronimo SQLLoginModule authentication bypass
8724| [37243] Apache Tomcat WebDAV directory traversal
8725| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
8726| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
8727| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
8728| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
8729| [36782] Apache Geronimo MEJB unauthorized access
8730| [36586] Apache HTTP Server UTF-7 cross-site scripting
8731| [36468] Apache Geronimo LoginModule security bypass
8732| [36467] Apache Tomcat functions.jsp cross-site scripting
8733| [36402] Apache Tomcat calendar cross-site request forgery
8734| [36354] Apache HTTP Server mod_proxy module denial of service
8735| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
8736| [36336] Apache Derby lock table privilege escalation
8737| [36335] Apache Derby schema privilege escalation
8738| [36006] Apache Tomcat "
8739| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
8740| [35999] Apache Tomcat \"
8741| [35795] Apache Tomcat CookieExample cross-site scripting
8742| [35536] Apache Tomcat SendMailServlet example cross-site scripting
8743| [35384] Apache HTTP Server mod_cache module denial of service
8744| [35097] Apache HTTP Server mod_status module cross-site scripting
8745| [35095] Apache HTTP Server Prefork MPM module denial of service
8746| [34984] Apache HTTP Server recall_headers information disclosure
8747| [34966] Apache HTTP Server MPM content spoofing
8748| [34965] Apache HTTP Server MPM information disclosure
8749| [34963] Apache HTTP Server MPM multiple denial of service
8750| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
8751| [34869] Apache Tomcat JSP example Web application cross-site scripting
8752| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
8753| [34496] Apache Tomcat JK Connector security bypass
8754| [34377] Apache Tomcat hello.jsp cross-site scripting
8755| [34212] Apache Tomcat SSL configuration security bypass
8756| [34210] Apache Tomcat Accept-Language cross-site scripting
8757| [34209] Apache Tomcat calendar application cross-site scripting
8758| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
8759| [34167] Apache Axis WSDL file path disclosure
8760| [34068] Apache Tomcat AJP connector information disclosure
8761| [33584] Apache HTTP Server suEXEC privilege escalation
8762| [32988] Apache Tomcat proxy module directory traversal
8763| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
8764| [32708] Debian Apache tty privilege escalation
8765| [32441] ApacheStats extract() PHP call unspecified
8766| [32128] Apache Tomcat default account
8767| [31680] Apache Tomcat RequestParamExample cross-site scripting
8768| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
8769| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
8770| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
8771| [30456] Apache mod_auth_kerb off-by-one buffer overflow
8772| [29550] Apache mod_tcl set_var() format string
8773| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
8774| [28357] Apache HTTP Server mod_alias script source information disclosure
8775| [28063] Apache mod_rewrite off-by-one buffer overflow
8776| [27902] Apache Tomcat URL information disclosure
8777| [26786] Apache James SMTP server denial of service
8778| [25680] libapache2 /tmp/svn file upload
8779| [25614] Apache Struts lookupMap cross-site scripting
8780| [25613] Apache Struts ActionForm denial of service
8781| [25612] Apache Struts isCancelled() security bypass
8782| [24965] Apache mod_python FileSession command execution
8783| [24716] Apache James spooler memory leak denial of service
8784| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
8785| [24158] Apache Geronimo jsp-examples cross-site scripting
8786| [24030] Apache auth_ldap module multiple format strings
8787| [24008] Apache mod_ssl custom error message denial of service
8788| [24003] Apache mod_auth_pgsql module multiple syslog format strings
8789| [23612] Apache mod_imap referer field cross-site scripting
8790| [23173] Apache Struts error message cross-site scripting
8791| [22942] Apache Tomcat directory listing denial of service
8792| [22858] Apache Multi-Processing Module code allows denial of service
8793| [22602] RHSA-2005:582 updates for Apache httpd not installed
8794| [22520] Apache mod-auth-shadow "
8795| [22466] ApacheTop symlink
8796| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
8797| [22006] Apache HTTP Server byte-range filter denial of service
8798| [21567] Apache mod_ssl off-by-one buffer overflow
8799| [21195] Apache HTTP Server header HTTP request smuggling
8800| [20383] Apache HTTP Server htdigest buffer overflow
8801| [19681] Apache Tomcat AJP12 request denial of service
8802| [18993] Apache HTTP server check_forensic symlink attack
8803| [18790] Apache Tomcat Manager cross-site scripting
8804| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
8805| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
8806| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
8807| [17961] Apache Web server ServerTokens has not been set
8808| [17930] Apache HTTP Server HTTP GET request denial of service
8809| [17785] Apache mod_include module buffer overflow
8810| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
8811| [17473] Apache HTTP Server Satisfy directive allows access to resources
8812| [17413] Apache htpasswd buffer overflow
8813| [17384] Apache HTTP Server environment variable configuration file buffer overflow
8814| [17382] Apache HTTP Server IPv6 apr_util denial of service
8815| [17366] Apache HTTP Server mod_dav module LOCK denial of service
8816| [17273] Apache HTTP Server speculative mode denial of service
8817| [17200] Apache HTTP Server mod_ssl denial of service
8818| [16890] Apache HTTP Server server-info request has been detected
8819| [16889] Apache HTTP Server server-status request has been detected
8820| [16705] Apache mod_ssl format string attack
8821| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
8822| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
8823| [16230] Apache HTTP Server PHP denial of service
8824| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
8825| [15958] Apache HTTP Server authentication modules memory corruption
8826| [15547] Apache HTTP Server mod_disk_cache local information disclosure
8827| [15540] Apache HTTP Server socket starvation denial of service
8828| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
8829| [15422] Apache HTTP Server mod_access information disclosure
8830| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
8831| [15293] Apache for Cygwin "
8832| [15065] Apache-SSL has a default password
8833| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
8834| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
8835| [14751] Apache Mod_python output filter information disclosure
8836| [14125] Apache HTTP Server mod_userdir module information disclosure
8837| [14075] Apache HTTP Server mod_php file descriptor leak
8838| [13703] Apache HTTP Server account
8839| [13689] Apache HTTP Server configuration allows symlinks
8840| [13688] Apache HTTP Server configuration allows SSI
8841| [13687] Apache HTTP Server Server: header value
8842| [13685] Apache HTTP Server ServerTokens value
8843| [13684] Apache HTTP Server ServerSignature value
8844| [13672] Apache HTTP Server config allows directory autoindexing
8845| [13671] Apache HTTP Server default content
8846| [13670] Apache HTTP Server config file directive references outside content root
8847| [13668] Apache HTTP Server httpd not running in chroot environment
8848| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
8849| [13664] Apache HTTP Server config file contains ScriptAlias entry
8850| [13663] Apache HTTP Server CGI support modules loaded
8851| [13661] Apache HTTP Server config file contains AddHandler entry
8852| [13660] Apache HTTP Server 500 error page not CGI script
8853| [13659] Apache HTTP Server 413 error page not CGI script
8854| [13658] Apache HTTP Server 403 error page not CGI script
8855| [13657] Apache HTTP Server 401 error page not CGI script
8856| [13552] Apache HTTP Server mod_cgid module information disclosure
8857| [13550] Apache GET request directory traversal
8858| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
8859| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
8860| [13429] Apache Tomcat non-HTTP request denial of service
8861| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
8862| [13295] Apache weak password encryption
8863| [13254] Apache Tomcat .jsp cross-site scripting
8864| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
8865| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
8866| [12681] Apache HTTP Server mod_proxy could allow mail relaying
8867| [12662] Apache HTTP Server rotatelogs denial of service
8868| [12554] Apache Tomcat stores password in plain text
8869| [12553] Apache HTTP Server redirects and subrequests denial of service
8870| [12552] Apache HTTP Server FTP proxy server denial of service
8871| [12551] Apache HTTP Server prefork MPM denial of service
8872| [12550] Apache HTTP Server weaker than expected encryption
8873| [12549] Apache HTTP Server type-map file denial of service
8874| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
8875| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
8876| [12091] Apache HTTP Server apr_password_validate denial of service
8877| [12090] Apache HTTP Server apr_psprintf code execution
8878| [11804] Apache HTTP Server mod_access_referer denial of service
8879| [11750] Apache HTTP Server could leak sensitive file descriptors
8880| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
8881| [11703] Apache long slash path allows directory listing
8882| [11695] Apache HTTP Server LF (Line Feed) denial of service
8883| [11694] Apache HTTP Server filestat.c denial of service
8884| [11438] Apache HTTP Server MIME message boundaries information disclosure
8885| [11412] Apache HTTP Server error log terminal escape sequence injection
8886| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
8887| [11195] Apache Tomcat web.xml could be used to read files
8888| [11194] Apache Tomcat URL appended with a null character could list directories
8889| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
8890| [11126] Apache HTTP Server illegal character file disclosure
8891| [11125] Apache HTTP Server DOS device name HTTP POST code execution
8892| [11124] Apache HTTP Server DOS device name denial of service
8893| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
8894| [10938] Apache HTTP Server printenv test CGI cross-site scripting
8895| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
8896| [10575] Apache mod_php module could allow an attacker to take over the httpd process
8897| [10499] Apache HTTP Server WebDAV HTTP POST view source
8898| [10457] Apache HTTP Server mod_ssl "
8899| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
8900| [10414] Apache HTTP Server htdigest multiple buffer overflows
8901| [10413] Apache HTTP Server htdigest temporary file race condition
8902| [10412] Apache HTTP Server htpasswd temporary file race condition
8903| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
8904| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
8905| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
8906| [10280] Apache HTTP Server shared memory scorecard overwrite
8907| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
8908| [10241] Apache HTTP Server Host: header cross-site scripting
8909| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
8910| [10208] Apache HTTP Server mod_dav denial of service
8911| [10206] HP VVOS Apache mod_ssl denial of service
8912| [10200] Apache HTTP Server stderr denial of service
8913| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
8914| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
8915| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
8916| [10098] Slapper worm targets OpenSSL/Apache systems
8917| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
8918| [9875] Apache HTTP Server .var file request could disclose installation path
8919| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
8920| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
8921| [9623] Apache HTTP Server ap_log_rerror() path disclosure
8922| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
8923| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
8924| [9396] Apache Tomcat null character to threads denial of service
8925| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
8926| [9249] Apache HTTP Server chunked encoding heap buffer overflow
8927| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
8928| [8932] Apache Tomcat example class information disclosure
8929| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
8930| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
8931| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
8932| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
8933| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
8934| [8400] Apache HTTP Server mod_frontpage buffer overflows
8935| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
8936| [8308] Apache "
8937| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
8938| [8119] Apache and PHP OPTIONS request reveals "
8939| [8054] Apache is running on the system
8940| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
8941| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
8942| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
8943| [7836] Apache HTTP Server log directory denial of service
8944| [7815] Apache for Windows "
8945| [7810] Apache HTTP request could result in unexpected behavior
8946| [7599] Apache Tomcat reveals installation path
8947| [7494] Apache "
8948| [7419] Apache Web Server could allow remote attackers to overwrite .log files
8949| [7363] Apache Web Server hidden HTTP requests
8950| [7249] Apache mod_proxy denial of service
8951| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
8952| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
8953| [7059] Apache "
8954| [7057] Apache "
8955| [7056] Apache "
8956| [7055] Apache "
8957| [7054] Apache "
8958| [6997] Apache Jakarta Tomcat error message may reveal information
8959| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
8960| [6970] Apache crafted HTTP request could reveal the internal IP address
8961| [6921] Apache long slash path allows directory listing
8962| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
8963| [6527] Apache Web Server for Windows and OS2 denial of service
8964| [6316] Apache Jakarta Tomcat may reveal JSP source code
8965| [6305] Apache Jakarta Tomcat directory traversal
8966| [5926] Linux Apache symbolic link
8967| [5659] Apache Web server discloses files when used with php script
8968| [5310] Apache mod_rewrite allows attacker to view arbitrary files
8969| [5204] Apache WebDAV directory listings
8970| [5197] Apache Web server reveals CGI script source code
8971| [5160] Apache Jakarta Tomcat default installation
8972| [5099] Trustix Secure Linux installs Apache with world writable access
8973| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
8974| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
8975| [4931] Apache source.asp example file allows users to write to files
8976| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
8977| [4205] Apache Jakarta Tomcat delivers file contents
8978| [2084] Apache on Debian by default serves the /usr/doc directory
8979| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
8980| [697] Apache HTTP server beck exploit
8981| [331] Apache cookies buffer overflo
8982#######################################################################################################################################
8983| Exploit-DB - https://www.exploit-db.com:
8984| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
8985| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
8986| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
8987| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
8988| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
8989| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
8990| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
8991| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
8992| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
8993| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
8994| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
8995| [29859] Apache Roller OGNL Injection
8996| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
8997| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
8998| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
8999| [29290] Apache / PHP 5.x Remote Code Execution Exploit
9000| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
9001| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
9002| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
9003| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
9004| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
9005| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
9006| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
9007| [27096] Apache Geronimo 1.0 Error Page XSS
9008| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
9009| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
9010| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
9011| [25986] Plesk Apache Zeroday Remote Exploit
9012| [25980] Apache Struts includeParams Remote Code Execution
9013| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
9014| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
9015| [24874] Apache Struts ParametersInterceptor Remote Code Execution
9016| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
9017| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
9018| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
9019| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
9020| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
9021| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
9022| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
9023| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
9024| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
9025| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
9026| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
9027| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
9028| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
9029| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
9030| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
9031| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
9032| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
9033| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
9034| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
9035| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
9036| [21719] Apache 2.0 Path Disclosure Vulnerability
9037| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9038| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
9039| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
9040| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
9041| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
9042| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
9043| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
9044| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
9045| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
9046| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
9047| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
9048| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
9049| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
9050| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
9051| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
9052| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
9053| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
9054| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
9055| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
9056| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
9057| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
9058| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
9059| [20558] Apache 1.2 Web Server DoS Vulnerability
9060| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
9061| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
9062| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
9063| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
9064| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
9065| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
9066| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
9067| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
9068| [19231] PHP apache_request_headers Function Buffer Overflow
9069| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
9070| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
9071| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
9072| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
9073| [18442] Apache httpOnly Cookie Disclosure
9074| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
9075| [18221] Apache HTTP Server Denial of Service
9076| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
9077| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
9078| [17691] Apache Struts < 2.2.0 - Remote Command Execution
9079| [16798] Apache mod_jk 1.2.20 Buffer Overflow
9080| [16782] Apache Win32 Chunked Encoding
9081| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
9082| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
9083| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
9084| [15319] Apache 2.2 (Windows) Local Denial of Service
9085| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
9086| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
9087| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
9088| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
9089| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
9090| [12330] Apache OFBiz - Multiple XSS
9091| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
9092| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
9093| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
9094| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
9095| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
9096| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
9097| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
9098| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9099| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9100| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
9101| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
9102| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
9103| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
9104| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
9105| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
9106| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
9107| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
9108| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
9109| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
9110| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
9111| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
9112| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
9113| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
9114| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
9115| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
9116| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
9117| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
9118| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
9119| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
9120| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
9121| [466] htpasswd Apache 1.3.31 - Local Exploit
9122| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
9123| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
9124| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
9125| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
9126| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
9127| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
9128| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
9129| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
9130| [9] Apache HTTP Server 2.x Memory Leak Exploit
9131#######################################################################################################################################
9132| OpenVAS (Nessus) - http://www.openvas.org:
9133| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
9134| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
9135| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9136| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
9137| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
9138| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9139| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9140| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
9141| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
9142| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
9143| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
9144| [900571] Apache APR-Utils Version Detection
9145| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
9146| [900496] Apache Tiles Multiple XSS Vulnerability
9147| [900493] Apache Tiles Version Detection
9148| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
9149| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
9150| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
9151| [870175] RedHat Update for apache RHSA-2008:0004-01
9152| [864591] Fedora Update for apache-poi FEDORA-2012-10835
9153| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
9154| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
9155| [864250] Fedora Update for apache-poi FEDORA-2012-7683
9156| [864249] Fedora Update for apache-poi FEDORA-2012-7686
9157| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
9158| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
9159| [855821] Solaris Update for Apache 1.3 122912-19
9160| [855812] Solaris Update for Apache 1.3 122911-19
9161| [855737] Solaris Update for Apache 1.3 122911-17
9162| [855731] Solaris Update for Apache 1.3 122912-17
9163| [855695] Solaris Update for Apache 1.3 122911-16
9164| [855645] Solaris Update for Apache 1.3 122912-16
9165| [855587] Solaris Update for kernel update and Apache 108529-29
9166| [855566] Solaris Update for Apache 116973-07
9167| [855531] Solaris Update for Apache 116974-07
9168| [855524] Solaris Update for Apache 2 120544-14
9169| [855494] Solaris Update for Apache 1.3 122911-15
9170| [855478] Solaris Update for Apache Security 114145-11
9171| [855472] Solaris Update for Apache Security 113146-12
9172| [855179] Solaris Update for Apache 1.3 122912-15
9173| [855147] Solaris Update for kernel update and Apache 108528-29
9174| [855077] Solaris Update for Apache 2 120543-14
9175| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
9176| [850088] SuSE Update for apache2 SUSE-SA:2007:061
9177| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
9178| [841209] Ubuntu Update for apache2 USN-1627-1
9179| [840900] Ubuntu Update for apache2 USN-1368-1
9180| [840798] Ubuntu Update for apache2 USN-1259-1
9181| [840734] Ubuntu Update for apache2 USN-1199-1
9182| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
9183| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
9184| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
9185| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
9186| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
9187| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
9188| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
9189| [835253] HP-UX Update for Apache Web Server HPSBUX02645
9190| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
9191| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
9192| [835236] HP-UX Update for Apache with PHP HPSBUX02543
9193| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
9194| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
9195| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
9196| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
9197| [835188] HP-UX Update for Apache HPSBUX02308
9198| [835181] HP-UX Update for Apache With PHP HPSBUX02332
9199| [835180] HP-UX Update for Apache with PHP HPSBUX02342
9200| [835172] HP-UX Update for Apache HPSBUX02365
9201| [835168] HP-UX Update for Apache HPSBUX02313
9202| [835148] HP-UX Update for Apache HPSBUX01064
9203| [835139] HP-UX Update for Apache with PHP HPSBUX01090
9204| [835131] HP-UX Update for Apache HPSBUX00256
9205| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
9206| [835104] HP-UX Update for Apache HPSBUX00224
9207| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
9208| [835101] HP-UX Update for Apache HPSBUX01232
9209| [835080] HP-UX Update for Apache HPSBUX02273
9210| [835078] HP-UX Update for ApacheStrong HPSBUX00255
9211| [835044] HP-UX Update for Apache HPSBUX01019
9212| [835040] HP-UX Update for Apache PHP HPSBUX00207
9213| [835025] HP-UX Update for Apache HPSBUX00197
9214| [835023] HP-UX Update for Apache HPSBUX01022
9215| [835022] HP-UX Update for Apache HPSBUX02292
9216| [835005] HP-UX Update for Apache HPSBUX02262
9217| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
9218| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
9219| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
9220| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
9221| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
9222| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
9223| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
9224| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
9225| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
9226| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
9227| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
9228| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
9229| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
9230| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
9231| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
9232| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
9233| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
9234| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
9235| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
9236| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
9237| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
9238| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
9239| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
9240| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
9241| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
9242| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
9243| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
9244| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
9245| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
9246| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
9247| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9248| [801942] Apache Archiva Multiple Vulnerabilities
9249| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
9250| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
9251| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
9252| [801284] Apache Derby Information Disclosure Vulnerability
9253| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
9254| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
9255| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
9256| [800680] Apache APR Version Detection
9257| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9258| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9259| [800677] Apache Roller Version Detection
9260| [800279] Apache mod_jk Module Version Detection
9261| [800278] Apache Struts Cross Site Scripting Vulnerability
9262| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
9263| [800276] Apache Struts Version Detection
9264| [800271] Apache Struts Directory Traversal Vulnerability
9265| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
9266| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9267| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9268| [103122] Apache Web Server ETag Header Information Disclosure Weakness
9269| [103074] Apache Continuum Cross Site Scripting Vulnerability
9270| [103073] Apache Continuum Detection
9271| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9272| [101023] Apache Open For Business Weak Password security check
9273| [101020] Apache Open For Business HTML injection vulnerability
9274| [101019] Apache Open For Business service detection
9275| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
9276| [100923] Apache Archiva Detection
9277| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9278| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9279| [100813] Apache Axis2 Detection
9280| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9281| [100795] Apache Derby Detection
9282| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
9283| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9284| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9285| [100514] Apache Multiple Security Vulnerabilities
9286| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9287| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9288| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
9289| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9290| [72626] Debian Security Advisory DSA 2579-1 (apache2)
9291| [72612] FreeBSD Ports: apache22
9292| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
9293| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
9294| [71512] FreeBSD Ports: apache
9295| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
9296| [71256] Debian Security Advisory DSA 2452-1 (apache2)
9297| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
9298| [70737] FreeBSD Ports: apache
9299| [70724] Debian Security Advisory DSA 2405-1 (apache2)
9300| [70600] FreeBSD Ports: apache
9301| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
9302| [70235] Debian Security Advisory DSA 2298-2 (apache2)
9303| [70233] Debian Security Advisory DSA 2298-1 (apache2)
9304| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
9305| [69338] Debian Security Advisory DSA 2202-1 (apache2)
9306| [67868] FreeBSD Ports: apache
9307| [66816] FreeBSD Ports: apache
9308| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
9309| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
9310| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
9311| [66081] SLES11: Security update for Apache 2
9312| [66074] SLES10: Security update for Apache 2
9313| [66070] SLES9: Security update for Apache 2
9314| [65998] SLES10: Security update for apache2-mod_python
9315| [65893] SLES10: Security update for Apache 2
9316| [65888] SLES10: Security update for Apache 2
9317| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
9318| [65510] SLES9: Security update for Apache 2
9319| [65472] SLES9: Security update for Apache
9320| [65467] SLES9: Security update for Apache
9321| [65450] SLES9: Security update for apache2
9322| [65390] SLES9: Security update for Apache2
9323| [65363] SLES9: Security update for Apache2
9324| [65309] SLES9: Security update for Apache and mod_ssl
9325| [65296] SLES9: Security update for webdav apache module
9326| [65283] SLES9: Security update for Apache2
9327| [65249] SLES9: Security update for Apache 2
9328| [65230] SLES9: Security update for Apache 2
9329| [65228] SLES9: Security update for Apache 2
9330| [65212] SLES9: Security update for apache2-mod_python
9331| [65209] SLES9: Security update for apache2-worker
9332| [65207] SLES9: Security update for Apache 2
9333| [65168] SLES9: Security update for apache2-mod_python
9334| [65142] SLES9: Security update for Apache2
9335| [65136] SLES9: Security update for Apache 2
9336| [65132] SLES9: Security update for apache
9337| [65131] SLES9: Security update for Apache 2 oes/CORE
9338| [65113] SLES9: Security update for apache2
9339| [65072] SLES9: Security update for apache and mod_ssl
9340| [65017] SLES9: Security update for Apache 2
9341| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
9342| [64783] FreeBSD Ports: apache
9343| [64774] Ubuntu USN-802-2 (apache2)
9344| [64653] Ubuntu USN-813-2 (apache2)
9345| [64559] Debian Security Advisory DSA 1834-2 (apache2)
9346| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
9347| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
9348| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
9349| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
9350| [64443] Ubuntu USN-802-1 (apache2)
9351| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
9352| [64423] Debian Security Advisory DSA 1834-1 (apache2)
9353| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
9354| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
9355| [64251] Debian Security Advisory DSA 1816-1 (apache2)
9356| [64201] Ubuntu USN-787-1 (apache2)
9357| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
9358| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
9359| [63565] FreeBSD Ports: apache
9360| [63562] Ubuntu USN-731-1 (apache2)
9361| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
9362| [61185] FreeBSD Ports: apache
9363| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
9364| [60387] Slackware Advisory SSA:2008-045-02 apache
9365| [58826] FreeBSD Ports: apache-tomcat
9366| [58825] FreeBSD Ports: apache-tomcat
9367| [58804] FreeBSD Ports: apache
9368| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
9369| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
9370| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
9371| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
9372| [57335] Debian Security Advisory DSA 1167-1 (apache)
9373| [57201] Debian Security Advisory DSA 1131-1 (apache)
9374| [57200] Debian Security Advisory DSA 1132-1 (apache2)
9375| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
9376| [57145] FreeBSD Ports: apache
9377| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
9378| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
9379| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
9380| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
9381| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
9382| [56067] FreeBSD Ports: apache
9383| [55803] Slackware Advisory SSA:2005-310-04 apache
9384| [55519] Debian Security Advisory DSA 839-1 (apachetop)
9385| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
9386| [55355] FreeBSD Ports: apache
9387| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
9388| [55261] Debian Security Advisory DSA 805-1 (apache2)
9389| [55259] Debian Security Advisory DSA 803-1 (apache)
9390| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
9391| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
9392| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
9393| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
9394| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
9395| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
9396| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
9397| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
9398| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
9399| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
9400| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
9401| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
9402| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
9403| [54439] FreeBSD Ports: apache
9404| [53931] Slackware Advisory SSA:2004-133-01 apache
9405| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
9406| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
9407| [53878] Slackware Advisory SSA:2003-308-01 apache security update
9408| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
9409| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
9410| [53848] Debian Security Advisory DSA 131-1 (apache)
9411| [53784] Debian Security Advisory DSA 021-1 (apache)
9412| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
9413| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
9414| [53735] Debian Security Advisory DSA 187-1 (apache)
9415| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
9416| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
9417| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
9418| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
9419| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
9420| [53282] Debian Security Advisory DSA 594-1 (apache)
9421| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
9422| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
9423| [53215] Debian Security Advisory DSA 525-1 (apache)
9424| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
9425| [52529] FreeBSD Ports: apache+ssl
9426| [52501] FreeBSD Ports: apache
9427| [52461] FreeBSD Ports: apache
9428| [52390] FreeBSD Ports: apache
9429| [52389] FreeBSD Ports: apache
9430| [52388] FreeBSD Ports: apache
9431| [52383] FreeBSD Ports: apache
9432| [52339] FreeBSD Ports: apache+mod_ssl
9433| [52331] FreeBSD Ports: apache
9434| [52329] FreeBSD Ports: ru-apache+mod_ssl
9435| [52314] FreeBSD Ports: apache
9436| [52310] FreeBSD Ports: apache
9437| [15588] Detect Apache HTTPS
9438| [15555] Apache mod_proxy content-length buffer overflow
9439| [15554] Apache mod_include priviledge escalation
9440| [14771] Apache <= 1.3.33 htpasswd local overflow
9441| [14177] Apache mod_access rule bypass
9442| [13644] Apache mod_rootme Backdoor
9443| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
9444| [12280] Apache Connection Blocking Denial of Service
9445| [12239] Apache Error Log Escape Sequence Injection
9446| [12123] Apache Tomcat source.jsp malformed request information disclosure
9447| [12085] Apache Tomcat servlet/JSP container default files
9448| [11438] Apache Tomcat Directory Listing and File disclosure
9449| [11204] Apache Tomcat Default Accounts
9450| [11092] Apache 2.0.39 Win32 directory traversal
9451| [11046] Apache Tomcat TroubleShooter Servlet Installed
9452| [11042] Apache Tomcat DOS Device Name XSS
9453| [11041] Apache Tomcat /servlet Cross Site Scripting
9454| [10938] Apache Remote Command Execution via .bat files
9455| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
9456| [10773] MacOS X Finder reveals contents of Apache Web files
9457| [10766] Apache UserDir Sensitive Information Disclosure
9458| [10756] MacOS X Finder reveals contents of Apache Web directories
9459| [10752] Apache Auth Module SQL Insertion Attack
9460| [10704] Apache Directory Listing
9461| [10678] Apache /server-info accessible
9462| [10677] Apache /server-status accessible
9463| [10440] Check for Apache Multiple / vulnerability
9464#######################################################################################################################################
9465| SecurityTracker - https://www.securitytracker.com:
9466| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
9467| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
9468| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
9469| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
9470| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
9471| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
9472| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
9473| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
9474| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
9475| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
9476| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
9477| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
9478| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
9479| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
9480| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
9481| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
9482| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
9483| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
9484| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
9485| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
9486| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
9487| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
9488| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
9489| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
9490| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
9491| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
9492| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
9493| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
9494| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
9495| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
9496| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
9497| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
9498| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
9499| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
9500| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
9501| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
9502| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
9503| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
9504| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
9505| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
9506| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
9507| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
9508| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
9509| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
9510| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
9511| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
9512| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
9513| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
9514| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
9515| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
9516| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
9517| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
9518| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
9519| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
9520| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
9521| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
9522| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
9523| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
9524| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
9525| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
9526| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
9527| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
9528| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
9529| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
9530| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
9531| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
9532| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
9533| [1024096] Apache mod_proxy_http May Return Results for a Different Request
9534| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
9535| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
9536| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
9537| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
9538| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
9539| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
9540| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
9541| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
9542| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
9543| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
9544| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
9545| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
9546| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
9547| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
9548| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
9549| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
9550| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
9551| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
9552| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
9553| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
9554| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
9555| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
9556| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
9557| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
9558| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
9559| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
9560| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
9561| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
9562| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
9563| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
9564| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
9565| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
9566| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
9567| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
9568| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
9569| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
9570| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
9571| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
9572| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
9573| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
9574| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
9575| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
9576| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
9577| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
9578| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
9579| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
9580| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
9581| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
9582| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
9583| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
9584| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
9585| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
9586| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
9587| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
9588| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
9589| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
9590| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
9591| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
9592| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
9593| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
9594| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
9595| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
9596| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
9597| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
9598| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
9599| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
9600| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
9601| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
9602| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
9603| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
9604| [1008920] Apache mod_digest May Validate Replayed Client Responses
9605| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
9606| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
9607| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
9608| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
9609| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
9610| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
9611| [1008030] Apache mod_rewrite Contains a Buffer Overflow
9612| [1008029] Apache mod_alias Contains a Buffer Overflow
9613| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
9614| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
9615| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
9616| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
9617| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
9618| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
9619| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
9620| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
9621| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
9622| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
9623| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
9624| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
9625| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
9626| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
9627| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
9628| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
9629| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
9630| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
9631| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
9632| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
9633| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
9634| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
9635| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
9636| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
9637| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
9638| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
9639| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
9640| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
9641| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
9642| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
9643| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
9644| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
9645| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
9646| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
9647| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
9648| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
9649| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
9650| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
9651| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
9652| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
9653| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
9654| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
9655| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
9656| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
9657| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
9658| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
9659| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
9660| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
9661| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
9662| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
9663| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
9664| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
9665| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
9666| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
9667| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
9668| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
9669|
9670| OSVDB - http://www.osvdb.org:
9671| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
9672| [96077] Apache CloudStack Global Settings Multiple Field XSS
9673| [96076] Apache CloudStack Instances Menu Display Name Field XSS
9674| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
9675| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
9676| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
9677| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
9678| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
9679| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
9680| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
9681| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
9682| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
9683| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
9684| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
9685| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
9686| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
9687| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
9688| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
9689| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
9690| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
9691| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
9692| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
9693| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
9694| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
9695| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
9696| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
9697| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
9698| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
9699| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
9700| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
9701| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
9702| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
9703| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
9704| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
9705| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
9706| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
9707| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
9708| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
9709| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
9710| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
9711| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
9712| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
9713| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
9714| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
9715| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
9716| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
9717| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
9718| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
9719| [94279] Apache Qpid CA Certificate Validation Bypass
9720| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
9721| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
9722| [94042] Apache Axis JAX-WS Java Unspecified Exposure
9723| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
9724| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
9725| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
9726| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
9727| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
9728| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
9729| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
9730| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
9731| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
9732| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
9733| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
9734| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
9735| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
9736| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
9737| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
9738| [93541] Apache Solr json.wrf Callback XSS
9739| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
9740| [93521] Apache jUDDI Security API Token Session Persistence Weakness
9741| [93520] Apache CloudStack Default SSL Key Weakness
9742| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
9743| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
9744| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
9745| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
9746| [93515] Apache HBase table.jsp name Parameter XSS
9747| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
9748| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
9749| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
9750| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
9751| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
9752| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
9753| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
9754| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
9755| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
9756| [93252] Apache Tomcat FORM Authenticator Session Fixation
9757| [93172] Apache Camel camel/endpoints/ Endpoint XSS
9758| [93171] Apache Sling HtmlResponse Error Message XSS
9759| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
9760| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
9761| [93168] Apache Click ErrorReport.java id Parameter XSS
9762| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
9763| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
9764| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
9765| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
9766| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
9767| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
9768| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
9769| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
9770| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
9771| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
9772| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
9773| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
9774| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
9775| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
9776| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
9777| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
9778| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
9779| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
9780| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
9781| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
9782| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
9783| [93144] Apache Solr Admin Command Execution CSRF
9784| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
9785| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
9786| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
9787| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
9788| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
9789| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
9790| [92748] Apache CloudStack VM Console Access Restriction Bypass
9791| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
9792| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
9793| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
9794| [92706] Apache ActiveMQ Debug Log Rendering XSS
9795| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
9796| [92270] Apache Tomcat Unspecified CSRF
9797| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
9798| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
9799| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
9800| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
9801| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
9802| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
9803| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
9804| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
9805| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
9806| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
9807| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
9808| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
9809| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
9810| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
9811| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
9812| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
9813| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
9814| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
9815| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
9816| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
9817| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
9818| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
9819| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
9820| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
9821| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
9822| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
9823| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
9824| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
9825| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
9826| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
9827| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
9828| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
9829| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
9830| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
9831| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
9832| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
9833| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
9834| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
9835| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
9836| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
9837| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
9838| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
9839| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
9840| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
9841| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
9842| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
9843| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
9844| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
9845| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
9846| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
9847| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
9848| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
9849| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
9850| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
9851| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
9852| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
9853| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
9854| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
9855| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
9856| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
9857| [86901] Apache Tomcat Error Message Path Disclosure
9858| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
9859| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
9860| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
9861| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
9862| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
9863| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
9864| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
9865| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
9866| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
9867| [85430] Apache mod_pagespeed Module Unspecified XSS
9868| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
9869| [85249] Apache Wicket Unspecified XSS
9870| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
9871| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
9872| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
9873| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
9874| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
9875| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
9876| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
9877| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
9878| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
9879| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
9880| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
9881| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
9882| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
9883| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
9884| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
9885| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
9886| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
9887| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
9888| [83339] Apache Roller Blogger Roll Unspecified XSS
9889| [83270] Apache Roller Unspecified Admin Action CSRF
9890| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
9891| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
9892| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
9893| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
9894| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
9895| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
9896| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
9897| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
9898| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
9899| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
9900| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
9901| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
9902| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
9903| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
9904| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
9905| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
9906| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
9907| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
9908| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
9909| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
9910| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
9911| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
9912| [80300] Apache Wicket wicket:pageMapName Parameter XSS
9913| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
9914| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
9915| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
9916| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
9917| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
9918| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
9919| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
9920| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
9921| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
9922| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
9923| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
9924| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
9925| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
9926| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
9927| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
9928| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
9929| [78331] Apache Tomcat Request Object Recycling Information Disclosure
9930| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
9931| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
9932| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
9933| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
9934| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
9935| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
9936| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
9937| [77593] Apache Struts Conversion Error OGNL Expression Injection
9938| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
9939| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
9940| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
9941| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
9942| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
9943| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
9944| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
9945| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
9946| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
9947| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
9948| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
9949| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
9950| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
9951| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
9952| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
9953| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
9954| [74725] Apache Wicket Multi Window Support Unspecified XSS
9955| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
9956| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
9957| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
9958| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
9959| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
9960| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
9961| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
9962| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
9963| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
9964| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
9965| [73644] Apache XML Security Signature Key Parsing Overflow DoS
9966| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
9967| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
9968| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
9969| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
9970| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
9971| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
9972| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
9973| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
9974| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
9975| [73154] Apache Archiva Multiple Unspecified CSRF
9976| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
9977| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
9978| [72238] Apache Struts Action / Method Names <
9979| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
9980| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
9981| [71557] Apache Tomcat HTML Manager Multiple XSS
9982| [71075] Apache Archiva User Management Page XSS
9983| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
9984| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
9985| [70924] Apache Continuum Multiple Admin Function CSRF
9986| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
9987| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
9988| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
9989| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
9990| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
9991| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
9992| [69520] Apache Archiva Administrator Credential Manipulation CSRF
9993| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
9994| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
9995| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
9996| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
9997| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
9998| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
9999| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
10000| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
10001| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
10002| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
10003| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
10004| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
10005| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
10006| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
10007| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
10008| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
10009| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
10010| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
10011| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
10012| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
10013| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
10014| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
10015| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
10016| [65054] Apache ActiveMQ Jetty Error Handler XSS
10017| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
10018| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
10019| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
10020| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
10021| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
10022| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
10023| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
10024| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
10025| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
10026| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
10027| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
10028| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
10029| [63895] Apache HTTP Server mod_headers Unspecified Issue
10030| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
10031| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
10032| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
10033| [63140] Apache Thrift Service Malformed Data Remote DoS
10034| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
10035| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
10036| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
10037| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
10038| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
10039| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
10040| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
10041| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
10042| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
10043| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
10044| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
10045| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
10046| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
10047| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
10048| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
10049| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
10050| [60678] Apache Roller Comment Email Notification Manipulation DoS
10051| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
10052| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
10053| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
10054| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
10055| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
10056| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
10057| [60232] PHP on Apache php.exe Direct Request Remote DoS
10058| [60176] Apache Tomcat Windows Installer Admin Default Password
10059| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
10060| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
10061| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
10062| [59944] Apache Hadoop jobhistory.jsp XSS
10063| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
10064| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
10065| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
10066| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
10067| [59019] Apache mod_python Cookie Salting Weakness
10068| [59018] Apache Harmony Error Message Handling Overflow
10069| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
10070| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
10071| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
10072| [59010] Apache Solr get-file.jsp XSS
10073| [59009] Apache Solr action.jsp XSS
10074| [59008] Apache Solr analysis.jsp XSS
10075| [59007] Apache Solr schema.jsp Multiple Parameter XSS
10076| [59006] Apache Beehive select / checkbox Tag XSS
10077| [59005] Apache Beehive jpfScopeID Global Parameter XSS
10078| [59004] Apache Beehive Error Message XSS
10079| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
10080| [59002] Apache Jetspeed default-page.psml URI XSS
10081| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
10082| [59000] Apache CXF Unsigned Message Policy Bypass
10083| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
10084| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
10085| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
10086| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
10087| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
10088| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
10089| [58993] Apache Hadoop browseBlock.jsp XSS
10090| [58991] Apache Hadoop browseDirectory.jsp XSS
10091| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
10092| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
10093| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
10094| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
10095| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
10096| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
10097| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
10098| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
10099| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
10100| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
10101| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
10102| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
10103| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
10104| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
10105| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
10106| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
10107| [58974] Apache Sling /apps Script User Session Management Access Weakness
10108| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
10109| [58931] Apache Geronimo Cookie Parameters Validation Weakness
10110| [58930] Apache Xalan-C++ XPath Handling Remote DoS
10111| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
10112| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
10113| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
10114| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
10115| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
10116| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
10117| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
10118| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
10119| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
10120| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
10121| [58805] Apache Derby Unauthenticated Database / Admin Access
10122| [58804] Apache Wicket Header Contribution Unspecified Issue
10123| [58803] Apache Wicket Session Fixation
10124| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
10125| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
10126| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
10127| [58799] Apache Tapestry Logging Cleartext Password Disclosure
10128| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
10129| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
10130| [58796] Apache Jetspeed Unsalted Password Storage Weakness
10131| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
10132| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
10133| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
10134| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
10135| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
10136| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
10137| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
10138| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
10139| [58775] Apache JSPWiki preview.jsp action Parameter XSS
10140| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
10141| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
10142| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
10143| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
10144| [58770] Apache JSPWiki Group.jsp group Parameter XSS
10145| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
10146| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
10147| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
10148| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
10149| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
10150| [58763] Apache JSPWiki Include Tag Multiple Script XSS
10151| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
10152| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
10153| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
10154| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
10155| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
10156| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
10157| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
10158| [58755] Apache Harmony DRLVM Non-public Class Member Access
10159| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
10160| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
10161| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
10162| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
10163| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
10164| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
10165| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
10166| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
10167| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
10168| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
10169| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
10170| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
10171| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
10172| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
10173| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
10174| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
10175| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
10176| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
10177| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
10178| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
10179| [58725] Apache Tapestry Basic String ACL Bypass Weakness
10180| [58724] Apache Roller Logout Functionality Failure Session Persistence
10181| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
10182| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
10183| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
10184| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
10185| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
10186| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
10187| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
10188| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
10189| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
10190| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
10191| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
10192| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
10193| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
10194| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
10195| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
10196| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
10197| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
10198| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
10199| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
10200| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
10201| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
10202| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
10203| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
10204| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
10205| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
10206| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
10207| [58687] Apache Axis Invalid wsdl Request XSS
10208| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
10209| [58685] Apache Velocity Template Designer Privileged Code Execution
10210| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
10211| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
10212| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
10213| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
10214| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
10215| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
10216| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
10217| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
10218| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
10219| [58667] Apache Roller Database Cleartext Passwords Disclosure
10220| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
10221| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
10222| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
10223| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
10224| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
10225| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
10226| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
10227| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
10228| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
10229| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
10230| [56984] Apache Xerces2 Java Malformed XML Input DoS
10231| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
10232| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
10233| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
10234| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
10235| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
10236| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
10237| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
10238| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
10239| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
10240| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
10241| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
10242| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
10243| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
10244| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
10245| [55056] Apache Tomcat Cross-application TLD File Manipulation
10246| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
10247| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
10248| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
10249| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
10250| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
10251| [54589] Apache Jserv Nonexistent JSP Request XSS
10252| [54122] Apache Struts s:a / s:url Tag href Element XSS
10253| [54093] Apache ActiveMQ Web Console JMS Message XSS
10254| [53932] Apache Geronimo Multiple Admin Function CSRF
10255| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
10256| [53930] Apache Geronimo /console/portal/ URI XSS
10257| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
10258| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
10259| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
10260| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
10261| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
10262| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
10263| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
10264| [53380] Apache Struts Unspecified XSS
10265| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
10266| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
10267| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
10268| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
10269| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
10270| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
10271| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
10272| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
10273| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
10274| [51151] Apache Roller Search Function q Parameter XSS
10275| [50482] PHP with Apache php_value Order Unspecified Issue
10276| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
10277| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
10278| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
10279| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
10280| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
10281| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
10282| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
10283| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
10284| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
10285| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
10286| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
10287| [47096] Oracle Weblogic Apache Connector POST Request Overflow
10288| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
10289| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
10290| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
10291| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
10292| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
10293| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
10294| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
10295| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
10296| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
10297| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
10298| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
10299| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
10300| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
10301| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
10302| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
10303| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
10304| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
10305| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
10306| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
10307| [43452] Apache Tomcat HTTP Request Smuggling
10308| [43309] Apache Geronimo LoginModule Login Method Bypass
10309| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
10310| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
10311| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
10312| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
10313| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
10314| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
10315| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
10316| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
10317| [42091] Apache Maven Site Plugin Installation Permission Weakness
10318| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
10319| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
10320| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
10321| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
10322| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
10323| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
10324| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
10325| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
10326| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
10327| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
10328| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
10329| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
10330| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
10331| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
10332| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
10333| [40262] Apache HTTP Server mod_status refresh XSS
10334| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
10335| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
10336| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
10337| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
10338| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
10339| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
10340| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
10341| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
10342| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
10343| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
10344| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
10345| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
10346| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
10347| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
10348| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
10349| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
10350| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
10351| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
10352| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
10353| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
10354| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
10355| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
10356| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
10357| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
10358| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
10359| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
10360| [36080] Apache Tomcat JSP Examples Crafted URI XSS
10361| [36079] Apache Tomcat Manager Uploaded Filename XSS
10362| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
10363| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
10364| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
10365| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
10366| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
10367| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
10368| [34881] Apache Tomcat Malformed Accept-Language Header XSS
10369| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
10370| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
10371| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
10372| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
10373| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
10374| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
10375| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
10376| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
10377| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
10378| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
10379| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
10380| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
10381| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
10382| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
10383| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
10384| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
10385| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
10386| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
10387| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
10388| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
10389| [32724] Apache mod_python _filter_read Freed Memory Disclosure
10390| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
10391| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
10392| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
10393| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
10394| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
10395| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
10396| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
10397| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
10398| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
10399| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
10400| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
10401| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
10402| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
10403| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
10404| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
10405| [24365] Apache Struts Multiple Function Error Message XSS
10406| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
10407| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
10408| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
10409| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
10410| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
10411| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
10412| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
10413| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
10414| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
10415| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
10416| [22459] Apache Geronimo Error Page XSS
10417| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
10418| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
10419| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
10420| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
10421| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
10422| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
10423| [21021] Apache Struts Error Message XSS
10424| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
10425| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
10426| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
10427| [20439] Apache Tomcat Directory Listing Saturation DoS
10428| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
10429| [20285] Apache HTTP Server Log File Control Character Injection
10430| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
10431| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
10432| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
10433| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
10434| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
10435| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
10436| [19821] Apache Tomcat Malformed Post Request Information Disclosure
10437| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
10438| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
10439| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
10440| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
10441| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
10442| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
10443| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
10444| [18233] Apache HTTP Server htdigest user Variable Overfow
10445| [17738] Apache HTTP Server HTTP Request Smuggling
10446| [16586] Apache HTTP Server Win32 GET Overflow DoS
10447| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
10448| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
10449| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
10450| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
10451| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
10452| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
10453| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
10454| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
10455| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
10456| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
10457| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
10458| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
10459| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
10460| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
10461| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
10462| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
10463| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
10464| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
10465| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
10466| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
10467| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
10468| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
10469| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
10470| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
10471| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
10472| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
10473| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
10474| [13304] Apache Tomcat realPath.jsp Path Disclosure
10475| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
10476| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
10477| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
10478| [12848] Apache HTTP Server htdigest realm Variable Overflow
10479| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
10480| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
10481| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
10482| [12557] Apache HTTP Server prefork MPM accept Error DoS
10483| [12233] Apache Tomcat MS-DOS Device Name Request DoS
10484| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
10485| [12231] Apache Tomcat web.xml Arbitrary File Access
10486| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
10487| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
10488| [12178] Apache Jakarta Lucene results.jsp XSS
10489| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
10490| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
10491| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
10492| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
10493| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
10494| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
10495| [10471] Apache Xerces-C++ XML Parser DoS
10496| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
10497| [10068] Apache HTTP Server htpasswd Local Overflow
10498| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
10499| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
10500| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
10501| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
10502| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
10503| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
10504| [9717] Apache HTTP Server mod_cookies Cookie Overflow
10505| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
10506| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
10507| [9714] Apache Authentication Module Threaded MPM DoS
10508| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
10509| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
10510| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
10511| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
10512| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
10513| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
10514| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
10515| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
10516| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
10517| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
10518| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
10519| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
10520| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
10521| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
10522| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
10523| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
10524| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
10525| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
10526| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
10527| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
10528| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
10529| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
10530| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
10531| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
10532| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
10533| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
10534| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
10535| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
10536| [9208] Apache Tomcat .jsp Encoded Newline XSS
10537| [9204] Apache Tomcat ROOT Application XSS
10538| [9203] Apache Tomcat examples Application XSS
10539| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
10540| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
10541| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
10542| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
10543| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
10544| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
10545| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
10546| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
10547| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
10548| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
10549| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
10550| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
10551| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
10552| [7611] Apache HTTP Server mod_alias Local Overflow
10553| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
10554| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
10555| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
10556| [6882] Apache mod_python Malformed Query String Variant DoS
10557| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
10558| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
10559| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
10560| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
10561| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
10562| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
10563| [5526] Apache Tomcat Long .JSP URI Path Disclosure
10564| [5278] Apache Tomcat web.xml Restriction Bypass
10565| [5051] Apache Tomcat Null Character DoS
10566| [4973] Apache Tomcat servlet Mapping XSS
10567| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
10568| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
10569| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
10570| [4568] mod_survey For Apache ENV Tags SQL Injection
10571| [4553] Apache HTTP Server ApacheBench Overflow DoS
10572| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
10573| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
10574| [4383] Apache HTTP Server Socket Race Condition DoS
10575| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
10576| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
10577| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
10578| [4231] Apache Cocoon Error Page Server Path Disclosure
10579| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
10580| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
10581| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
10582| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
10583| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
10584| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
10585| [3322] mod_php for Apache HTTP Server Process Hijack
10586| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
10587| [2885] Apache mod_python Malformed Query String DoS
10588| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
10589| [2733] Apache HTTP Server mod_rewrite Local Overflow
10590| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
10591| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
10592| [2149] Apache::Gallery Privilege Escalation
10593| [2107] Apache HTTP Server mod_ssl Host: Header XSS
10594| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
10595| [1833] Apache HTTP Server Multiple Slash GET Request DoS
10596| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
10597| [872] Apache Tomcat Multiple Default Accounts
10598| [862] Apache HTTP Server SSI Error Page XSS
10599| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
10600| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
10601| [845] Apache Tomcat MSDOS Device XSS
10602| [844] Apache Tomcat Java Servlet Error Page XSS
10603| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
10604| [838] Apache HTTP Server Chunked Encoding Remote Overflow
10605| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
10606| [775] Apache mod_python Module Importing Privilege Function Execution
10607| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
10608| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
10609| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
10610| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
10611| [637] Apache HTTP Server UserDir Directive Username Enumeration
10612| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
10613| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
10614| [562] Apache HTTP Server mod_info /server-info Information Disclosure
10615| [561] Apache Web Servers mod_status /server-status Information Disclosure
10616| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
10617| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
10618| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
10619| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
10620| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
10621| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
10622| [376] Apache Tomcat contextAdmin Arbitrary File Access
10623| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
10624| [222] Apache HTTP Server test-cgi Arbitrary File Access
10625| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
10626| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
10627|_
10628Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
10629Aggressive OS guesses: Linux 4.10 (92%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%), Android 4.1.1 (86%), Linux 3.10 - 4.11 (86%)
10630No exact OS matches for host (test conditions non-ideal).
10631Network Distance: 19 hops
10632
10633TRACEROUTE (using port 80/tcp)
10634HOP RTT ADDRESS
106351 27.69 ms 10.244.200.1
106362 31.50 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
106373 23.31 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
106384 23.31 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
106395 23.28 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
106406 195.55 ms if-ae-30-2.tcore2.ct8-chicago.as6453.net (66.198.96.24)
106417 204.59 ms if-ae-22-2.tcore1.ct8-chicago.as6453.net (64.86.79.2)
106428 202.20 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104)
106439 202.25 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
1064410 199.49 ms if-ae-18-2.tcore2.sv1-santa-clara.as6453.net (63.243.205.73)
1064511 ...
1064612 197.13 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
1064713 199.07 ms 120.29.217.2
1064814 195.26 ms 133.208.55.50
1064915 244.53 ms unused-133-130-015-093.interq.or.jp (133.130.15.93)
1065016 244.22 ms unused-133-130-012-058.interq.or.jp (133.130.12.58)
1065117 246.16 ms g-o-p-4ee-a01-1-e-1-1.interq.or.jp (210.157.9.210)
1065218 250.80 ms unused-157-7-041-162.interq.or.jp (157.7.41.162)
1065319 251.11 ms 157-7-107-254.virt.lolipop.jp (157.7.107.254)
10654
10655#######################################################################################################################################
10656
10657wig - WebApp Information Gatherer
10658
10659
10660Scanning http://157.7.107.254...
10661_____________________ SITE INFO ______________________
10662IP Title
10663157.7.107.254 403 Error - Forbidden
10664
10665______________________ VERSION _______________________
10666Name Versions Type
10667Apache Platform
10668
10669____________________ INTERESTING _____________________
10670URL Note Type
10671/readme.html Readme file Interesting
10672/install.php Installation file Interesting
10673/test.php Test file Interesting
10674
10675______________________________________________________
10676Time: 34.0 sec Urls: 599 Fingerprints: 40401
10677#######################################################################################################################################
10678HTTP/1.1 403 Forbidden
10679Date: Tue, 09 Jul 2019 05:37:18 GMT
10680Content-Type: text/html
10681Content-Length: 1422
10682Connection: keep-alive
10683ETag: "5bb4298b-58e"
10684Server: Apache
10685
10686HTTP/1.1 403 Forbidden
10687Date: Tue, 09 Jul 2019 05:37:19 GMT
10688Content-Type: text/html
10689Content-Length: 1422
10690Connection: keep-alive
10691ETag: "591e5e7a-58e"
10692Server: Apache
10693#######################################################################################################################################
10694Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:37 EDT
10695Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
10696Host is up (0.25s latency).
10697
10698PORT STATE SERVICE VERSION
10699123/udp open|filtered ntp
10700Too many fingerprints match this host to give specific OS details
10701Network Distance: 19 hops
10702
10703TRACEROUTE (using proto 1/icmp)
10704HOP RTT ADDRESS
107051 26.93 ms 10.244.200.1
107062 27.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
107073 48.74 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
107084 43.10 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
107095 27.11 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
107106 194.23 ms if-ae-30-2.tcore2.ct8-chicago.as6453.net (66.198.96.24)
107117 203.20 ms if-ae-22-2.tcore1.ct8-chicago.as6453.net (64.86.79.2)
107128 201.03 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104)
107139 200.66 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
1071410 ...
1071511 205.88 ms if-et-5-2.hcore1.kv8-chiba.as6453.net (209.58.86.143)
1071612 197.03 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
1071713 197.10 ms 120.29.217.2
1071814 196.45 ms 133.208.55.50
1071915 246.04 ms unused-133-130-015-093.interq.or.jp (133.130.15.93)
1072016 248.30 ms unused-133-130-012-058.interq.or.jp (133.130.12.58)
1072117 245.05 ms g-o-p-4ee-a01-1-e-1-1.interq.or.jp (210.157.9.210)
1072218 250.47 ms unused-157-7-041-162.interq.or.jp (157.7.41.162)
1072319 250.15 ms 157-7-107-254.virt.lolipop.jp (157.7.107.254)
10724#######################################################################################################################################
10725Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:38 EDT
10726NSE: Loaded 45 scripts for scanning.
10727NSE: Script Pre-scanning.
10728NSE: Starting runlevel 1 (of 2) scan.
10729Initiating NSE at 01:38
10730Completed NSE at 01:38, 0.00s elapsed
10731NSE: Starting runlevel 2 (of 2) scan.
10732Initiating NSE at 01:38
10733Completed NSE at 01:38, 0.00s elapsed
10734Initiating Ping Scan at 01:38
10735Scanning 157.7.107.254 [4 ports]
10736Completed Ping Scan at 01:38, 0.28s elapsed (1 total hosts)
10737Initiating Parallel DNS resolution of 1 host. at 01:38
10738Completed Parallel DNS resolution of 1 host. at 01:38, 0.02s elapsed
10739Initiating Connect Scan at 01:38
10740Scanning 157-7-107-254.virt.lolipop.jp (157.7.107.254) [65535 ports]
10741Discovered open port 443/tcp on 157.7.107.254
10742Discovered open port 80/tcp on 157.7.107.254
10743Connect Scan Timing: About 4.16% done; ETC: 01:51 (0:11:53 remaining)
10744Connect Scan Timing: About 12.47% done; ETC: 01:46 (0:07:08 remaining)
10745Connect Scan Timing: About 25.61% done; ETC: 01:44 (0:04:24 remaining)
10746Connect Scan Timing: About 35.71% done; ETC: 01:44 (0:03:38 remaining)
10747Connect Scan Timing: About 51.59% done; ETC: 01:43 (0:02:22 remaining)
10748Connect Scan Timing: About 64.51% done; ETC: 01:43 (0:01:40 remaining)
10749Connect Scan Timing: About 81.29% done; ETC: 01:43 (0:00:49 remaining)
10750Completed Connect Scan at 01:42, 238.67s elapsed (65535 total ports)
10751Initiating Service scan at 01:42
10752Scanning 2 services on 157-7-107-254.virt.lolipop.jp (157.7.107.254)
10753Completed Service scan at 01:43, 14.49s elapsed (2 services on 1 host)
10754Initiating OS detection (try #1) against 157-7-107-254.virt.lolipop.jp (157.7.107.254)
10755Retrying OS detection (try #2) against 157-7-107-254.virt.lolipop.jp (157.7.107.254)
10756Initiating Traceroute at 01:43
10757Completed Traceroute at 01:43, 3.04s elapsed
10758Initiating Parallel DNS resolution of 17 hosts. at 01:43
10759Completed Parallel DNS resolution of 17 hosts. at 01:43, 0.12s elapsed
10760NSE: Script scanning 157.7.107.254.
10761NSE: Starting runlevel 1 (of 2) scan.
10762Initiating NSE at 01:43
10763Completed NSE at 01:43, 4.64s elapsed
10764NSE: Starting runlevel 2 (of 2) scan.
10765Initiating NSE at 01:43
10766Completed NSE at 01:43, 0.00s elapsed
10767Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
10768Host is up, received reset ttl 42 (0.22s latency).
10769Scanned at 2019-07-09 01:38:48 EDT for 268s
10770Not shown: 65530 filtered ports
10771Reason: 65099 no-responses and 431 host-unreaches
10772PORT STATE SERVICE REASON VERSION
1077325/tcp closed smtp conn-refused
1077480/tcp open http syn-ack Apache httpd
10775|_http-server-header: Apache
10776| vulscan: VulDB - https://vuldb.com:
10777| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
10778| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
10779| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
10780| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
10781| [134416] Apache Sanselan 0.97-incubator Loop denial of service
10782| [134415] Apache Sanselan 0.97-incubator Hang denial of service
10783| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
10784| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
10785| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
10786| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
10787| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
10788| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
10789| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
10790| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
10791| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
10792| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
10793| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
10794| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
10795| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
10796| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
10797| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
10798| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
10799| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
10800| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
10801| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
10802| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
10803| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
10804| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
10805| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
10806| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
10807| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
10808| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
10809| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
10810| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
10811| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
10812| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
10813| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
10814| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
10815| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
10816| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
10817| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
10818| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
10819| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
10820| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
10821| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
10822| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
10823| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
10824| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
10825| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
10826| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
10827| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
10828| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
10829| [131859] Apache Hadoop up to 2.9.1 privilege escalation
10830| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
10831| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
10832| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
10833| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
10834| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
10835| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
10836| [130629] Apache Guacamole Cookie Flag weak encryption
10837| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
10838| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
10839| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
10840| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
10841| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
10842| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
10843| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
10844| [130123] Apache Airflow up to 1.8.2 information disclosure
10845| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
10846| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
10847| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
10848| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
10849| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
10850| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
10851| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
10852| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
10853| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
10854| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
10855| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
10856| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
10857| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
10858| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
10859| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
10860| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
10861| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
10862| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
10863| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
10864| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
10865| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
10866| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
10867| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
10868| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
10869| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
10870| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
10871| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
10872| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
10873| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
10874| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
10875| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
10876| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
10877| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
10878| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
10879| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
10880| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
10881| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
10882| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
10883| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
10884| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
10885| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
10886| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
10887| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
10888| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
10889| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
10890| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
10891| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
10892| [127007] Apache Spark Request Code Execution
10893| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
10894| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
10895| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
10896| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
10897| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
10898| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
10899| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
10900| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
10901| [126346] Apache Tomcat Path privilege escalation
10902| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
10903| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
10904| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
10905| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
10906| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
10907| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
10908| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
10909| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
10910| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
10911| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
10912| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
10913| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
10914| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
10915| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
10916| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
10917| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
10918| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
10919| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
10920| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
10921| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
10922| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
10923| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
10924| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
10925| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
10926| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
10927| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
10928| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
10929| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
10930| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
10931| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
10932| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
10933| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
10934| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
10935| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
10936| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
10937| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
10938| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
10939| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
10940| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
10941| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
10942| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
10943| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
10944| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
10945| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
10946| [123197] Apache Sentry up to 2.0.0 privilege escalation
10947| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
10948| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
10949| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
10950| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
10951| [122800] Apache Spark 1.3.0 REST API weak authentication
10952| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
10953| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
10954| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
10955| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
10956| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
10957| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
10958| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
10959| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
10960| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
10961| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
10962| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
10963| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
10964| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
10965| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
10966| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
10967| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
10968| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
10969| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
10970| [121354] Apache CouchDB HTTP API Code Execution
10971| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
10972| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
10973| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
10974| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
10975| [120168] Apache CXF weak authentication
10976| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
10977| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
10978| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
10979| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
10980| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
10981| [119306] Apache MXNet Network Interface privilege escalation
10982| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
10983| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
10984| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
10985| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
10986| [118143] Apache NiFi activemq-client Library Deserialization denial of service
10987| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
10988| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
10989| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
10990| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
10991| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
10992| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
10993| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
10994| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
10995| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
10996| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
10997| [117115] Apache Tika up to 1.17 tika-server command injection
10998| [116929] Apache Fineract getReportType Parameter privilege escalation
10999| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
11000| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
11001| [116926] Apache Fineract REST Hand Parameter privilege escalation
11002| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
11003| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
11004| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
11005| [115883] Apache Hive up to 2.3.2 privilege escalation
11006| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
11007| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
11008| [115518] Apache Ignite 2.3 Deserialization privilege escalation
11009| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
11010| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
11011| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
11012| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
11013| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
11014| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
11015| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
11016| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
11017| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
11018| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
11019| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
11020| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
11021| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
11022| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
11023| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
11024| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
11025| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
11026| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
11027| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
11028| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
11029| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
11030| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
11031| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
11032| [113895] Apache Geode up to 1.3.x Code Execution
11033| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
11034| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
11035| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
11036| [113747] Apache Tomcat Servlets privilege escalation
11037| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
11038| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
11039| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
11040| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
11041| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
11042| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
11043| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
11044| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
11045| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
11046| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
11047| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
11048| [112885] Apache Allura up to 1.8.0 File information disclosure
11049| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
11050| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
11051| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
11052| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
11053| [112625] Apache POI up to 3.16 Loop denial of service
11054| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
11055| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
11056| [112339] Apache NiFi 1.5.0 Header privilege escalation
11057| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
11058| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
11059| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
11060| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
11061| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
11062| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
11063| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
11064| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
11065| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
11066| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
11067| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
11068| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
11069| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
11070| [112114] Oracle 9.1 Apache Log4j privilege escalation
11071| [112113] Oracle 9.1 Apache Log4j privilege escalation
11072| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
11073| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
11074| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
11075| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
11076| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
11077| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
11078| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
11079| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
11080| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
11081| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
11082| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
11083| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
11084| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
11085| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
11086| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
11087| [110701] Apache Fineract Query Parameter sql injection
11088| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
11089| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
11090| [110393] Apple macOS up to 10.13.2 apache information disclosure
11091| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
11092| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
11093| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
11094| [110106] Apache CXF Fediz Spring cross site request forgery
11095| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
11096| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
11097| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
11098| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
11099| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
11100| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
11101| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
11102| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
11103| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
11104| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
11105| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
11106| [108938] Apple macOS up to 10.13.1 apache denial of service
11107| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
11108| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
11109| [108935] Apple macOS up to 10.13.1 apache denial of service
11110| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
11111| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
11112| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
11113| [108931] Apple macOS up to 10.13.1 apache denial of service
11114| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
11115| [108929] Apple macOS up to 10.13.1 apache denial of service
11116| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
11117| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
11118| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
11119| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
11120| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
11121| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
11122| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
11123| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
11124| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
11125| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
11126| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
11127| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
11128| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
11129| [108782] Apache Xerces2 XML Service denial of service
11130| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
11131| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
11132| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
11133| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
11134| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
11135| [108629] Apache OFBiz up to 10.04.01 privilege escalation
11136| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
11137| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
11138| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
11139| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
11140| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
11141| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
11142| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
11143| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
11144| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
11145| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
11146| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
11147| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
11148| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
11149| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
11150| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
11151| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
11152| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
11153| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
11154| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
11155| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
11156| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
11157| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
11158| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
11159| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
11160| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
11161| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
11162| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
11163| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
11164| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
11165| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
11166| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
11167| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
11168| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
11169| [107639] Apache NiFi 1.4.0 XML External Entity
11170| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
11171| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
11172| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
11173| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
11174| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
11175| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
11176| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
11177| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
11178| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
11179| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
11180| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
11181| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
11182| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
11183| [107197] Apache Xerces Jelly Parser XML File XML External Entity
11184| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
11185| [107084] Apache Struts up to 2.3.19 cross site scripting
11186| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
11187| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
11188| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
11189| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
11190| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
11191| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
11192| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
11193| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
11194| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
11195| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
11196| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
11197| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
11198| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
11199| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
11200| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
11201| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
11202| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
11203| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
11204| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
11205| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
11206| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
11207| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
11208| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
11209| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
11210| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
11211| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
11212| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
11213| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
11214| [105878] Apache Struts up to 2.3.24.0 privilege escalation
11215| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
11216| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
11217| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
11218| [105643] Apache Pony Mail up to 0.8b weak authentication
11219| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
11220| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
11221| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
11222| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
11223| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
11224| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
11225| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
11226| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
11227| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
11228| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
11229| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
11230| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
11231| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
11232| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
11233| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
11234| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
11235| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
11236| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
11237| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
11238| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
11239| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
11240| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
11241| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
11242| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
11243| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
11244| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
11245| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
11246| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
11247| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
11248| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
11249| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
11250| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
11251| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
11252| [103690] Apache OpenMeetings 1.0.0 sql injection
11253| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
11254| [103688] Apache OpenMeetings 1.0.0 weak encryption
11255| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
11256| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
11257| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
11258| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
11259| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
11260| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
11261| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
11262| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
11263| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
11264| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
11265| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
11266| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
11267| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
11268| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
11269| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
11270| [103352] Apache Solr Node weak authentication
11271| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
11272| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
11273| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
11274| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
11275| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
11276| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
11277| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
11278| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
11279| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
11280| [102536] Apache Ranger up to 0.6 Stored cross site scripting
11281| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
11282| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
11283| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
11284| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
11285| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
11286| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
11287| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
11288| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
11289| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
11290| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
11291| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
11292| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
11293| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
11294| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
11295| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
11296| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
11297| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
11298| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
11299| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
11300| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
11301| [99937] Apache Batik up to 1.8 privilege escalation
11302| [99936] Apache FOP up to 2.1 privilege escalation
11303| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
11304| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
11305| [99930] Apache Traffic Server up to 6.2.0 denial of service
11306| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
11307| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
11308| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
11309| [117569] Apache Hadoop up to 2.7.3 privilege escalation
11310| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
11311| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
11312| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
11313| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
11314| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
11315| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
11316| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
11317| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
11318| [99014] Apache Camel Jackson/JacksonXML privilege escalation
11319| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
11320| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
11321| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
11322| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
11323| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
11324| [98605] Apple macOS up to 10.12.3 Apache denial of service
11325| [98604] Apple macOS up to 10.12.3 Apache denial of service
11326| [98603] Apple macOS up to 10.12.3 Apache denial of service
11327| [98602] Apple macOS up to 10.12.3 Apache denial of service
11328| [98601] Apple macOS up to 10.12.3 Apache denial of service
11329| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
11330| [98405] Apache Hadoop up to 0.23.10 privilege escalation
11331| [98199] Apache Camel Validation XML External Entity
11332| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
11333| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
11334| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
11335| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
11336| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
11337| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
11338| [97081] Apache Tomcat HTTPS Request denial of service
11339| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
11340| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
11341| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
11342| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
11343| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
11344| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
11345| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
11346| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
11347| [95311] Apache storm UI Daemon privilege escalation
11348| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
11349| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
11350| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
11351| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
11352| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
11353| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
11354| [94540] Apache Tika 1.9 tika-server File information disclosure
11355| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
11356| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
11357| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
11358| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
11359| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
11360| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
11361| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
11362| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
11363| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
11364| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
11365| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
11366| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
11367| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
11368| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
11369| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
11370| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
11371| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
11372| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
11373| [93532] Apache Commons Collections Library Java privilege escalation
11374| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
11375| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
11376| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
11377| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
11378| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
11379| [93098] Apache Commons FileUpload privilege escalation
11380| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
11381| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
11382| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
11383| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
11384| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
11385| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
11386| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
11387| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
11388| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
11389| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
11390| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
11391| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
11392| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
11393| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
11394| [92549] Apache Tomcat on Red Hat privilege escalation
11395| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
11396| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
11397| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
11398| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
11399| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
11400| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
11401| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
11402| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
11403| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
11404| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
11405| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
11406| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
11407| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
11408| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
11409| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
11410| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
11411| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
11412| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
11413| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
11414| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
11415| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
11416| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
11417| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
11418| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
11419| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
11420| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
11421| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
11422| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
11423| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
11424| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
11425| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
11426| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
11427| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
11428| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
11429| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
11430| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
11431| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
11432| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
11433| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
11434| [90263] Apache Archiva Header denial of service
11435| [90262] Apache Archiva Deserialize privilege escalation
11436| [90261] Apache Archiva XML DTD Connection privilege escalation
11437| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
11438| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
11439| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
11440| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
11441| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
11442| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
11443| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
11444| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
11445| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
11446| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
11447| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
11448| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
11449| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
11450| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
11451| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
11452| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
11453| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
11454| [87765] Apache James Server 2.3.2 Command privilege escalation
11455| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
11456| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
11457| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
11458| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
11459| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
11460| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
11461| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
11462| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
11463| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
11464| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11465| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11466| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
11467| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
11468| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
11469| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11470| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11471| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
11472| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
11473| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
11474| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
11475| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
11476| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
11477| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
11478| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
11479| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
11480| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
11481| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
11482| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
11483| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
11484| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
11485| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
11486| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
11487| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
11488| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
11489| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
11490| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
11491| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
11492| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
11493| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
11494| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
11495| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
11496| [82076] Apache Ranger up to 0.5.1 privilege escalation
11497| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
11498| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
11499| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
11500| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
11501| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
11502| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
11503| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
11504| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
11505| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
11506| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
11507| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
11508| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
11509| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
11510| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
11511| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
11512| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
11513| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
11514| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
11515| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
11516| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
11517| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
11518| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
11519| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
11520| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
11521| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
11522| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
11523| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
11524| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
11525| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
11526| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
11527| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
11528| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
11529| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
11530| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
11531| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
11532| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
11533| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
11534| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
11535| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
11536| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
11537| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
11538| [79791] Cisco Products Apache Commons Collections Library privilege escalation
11539| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
11540| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
11541| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
11542| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
11543| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
11544| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
11545| [78989] Apache Ambari up to 2.1.1 Open Redirect
11546| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
11547| [78987] Apache Ambari up to 2.0.x cross site scripting
11548| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
11549| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
11550| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
11551| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11552| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11553| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11554| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11555| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11556| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
11557| [77406] Apache Flex BlazeDS AMF Message XML External Entity
11558| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
11559| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
11560| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
11561| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
11562| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
11563| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
11564| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
11565| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
11566| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
11567| [76567] Apache Struts 2.3.20 unknown vulnerability
11568| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
11569| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
11570| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
11571| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
11572| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
11573| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
11574| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
11575| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
11576| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
11577| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
11578| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
11579| [74793] Apache Tomcat File Upload denial of service
11580| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
11581| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
11582| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
11583| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
11584| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
11585| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
11586| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
11587| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
11588| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
11589| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
11590| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
11591| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
11592| [74468] Apache Batik up to 1.6 denial of service
11593| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
11594| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
11595| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
11596| [74174] Apache WSS4J up to 2.0.0 privilege escalation
11597| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
11598| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
11599| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
11600| [73731] Apache XML Security unknown vulnerability
11601| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
11602| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
11603| [73593] Apache Traffic Server up to 5.1.0 denial of service
11604| [73511] Apache POI up to 3.10 Deadlock denial of service
11605| [73510] Apache Solr up to 4.3.0 cross site scripting
11606| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
11607| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
11608| [73173] Apache CloudStack Stack-Based unknown vulnerability
11609| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
11610| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
11611| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
11612| [72890] Apache Qpid 0.30 unknown vulnerability
11613| [72887] Apache Hive 0.13.0 File Permission privilege escalation
11614| [72878] Apache Cordova 3.5.0 cross site request forgery
11615| [72877] Apache Cordova 3.5.0 cross site request forgery
11616| [72876] Apache Cordova 3.5.0 cross site request forgery
11617| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
11618| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
11619| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
11620| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
11621| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
11622| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
11623| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
11624| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
11625| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
11626| [71629] Apache Axis2/C spoofing
11627| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
11628| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
11629| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
11630| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
11631| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
11632| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
11633| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
11634| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
11635| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
11636| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
11637| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
11638| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
11639| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
11640| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
11641| [70809] Apache POI up to 3.11 Crash denial of service
11642| [70808] Apache POI up to 3.10 unknown vulnerability
11643| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
11644| [70749] Apache Axis up to 1.4 getCN spoofing
11645| [70701] Apache Traffic Server up to 3.3.5 denial of service
11646| [70700] Apache OFBiz up to 12.04.03 cross site scripting
11647| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
11648| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
11649| [70661] Apache Subversion up to 1.6.17 denial of service
11650| [70660] Apache Subversion up to 1.6.17 spoofing
11651| [70659] Apache Subversion up to 1.6.17 spoofing
11652| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
11653| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
11654| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
11655| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
11656| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
11657| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
11658| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
11659| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
11660| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
11661| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
11662| [69846] Apache HBase up to 0.94.8 information disclosure
11663| [69783] Apache CouchDB up to 1.2.0 memory corruption
11664| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
11665| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
11666| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
11667| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
11668| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
11669| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
11670| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
11671| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
11672| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
11673| [69431] Apache Archiva up to 1.3.6 cross site scripting
11674| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
11675| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
11676| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
11677| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
11678| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
11679| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
11680| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
11681| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
11682| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
11683| [66739] Apache Camel up to 2.12.2 unknown vulnerability
11684| [66738] Apache Camel up to 2.12.2 unknown vulnerability
11685| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
11686| [66695] Apache CouchDB up to 1.2.0 cross site scripting
11687| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
11688| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
11689| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
11690| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
11691| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
11692| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
11693| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
11694| [66356] Apache Wicket up to 6.8.0 information disclosure
11695| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
11696| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
11697| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
11698| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
11699| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
11700| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
11701| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
11702| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
11703| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
11704| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
11705| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
11706| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
11707| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
11708| [65668] Apache Solr 4.0.0 Updater denial of service
11709| [65665] Apache Solr up to 4.3.0 denial of service
11710| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
11711| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
11712| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
11713| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
11714| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
11715| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
11716| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
11717| [65410] Apache Struts 2.3.15.3 cross site scripting
11718| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
11719| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
11720| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
11721| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
11722| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
11723| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
11724| [65340] Apache Shindig 2.5.0 information disclosure
11725| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
11726| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
11727| [10826] Apache Struts 2 File privilege escalation
11728| [65204] Apache Camel up to 2.10.1 unknown vulnerability
11729| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
11730| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
11731| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
11732| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
11733| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
11734| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
11735| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
11736| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
11737| [64722] Apache XML Security for C++ Heap-based memory corruption
11738| [64719] Apache XML Security for C++ Heap-based memory corruption
11739| [64718] Apache XML Security for C++ verify denial of service
11740| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
11741| [64716] Apache XML Security for C++ spoofing
11742| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
11743| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
11744| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
11745| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
11746| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
11747| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
11748| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
11749| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
11750| [64485] Apache Struts up to 2.2.3.0 privilege escalation
11751| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
11752| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
11753| [64467] Apache Geronimo 3.0 memory corruption
11754| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
11755| [64457] Apache Struts up to 2.2.3.0 cross site scripting
11756| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
11757| [9184] Apache Qpid up to 0.20 SSL misconfiguration
11758| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
11759| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
11760| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
11761| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
11762| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
11763| [8873] Apache Struts 2.3.14 privilege escalation
11764| [8872] Apache Struts 2.3.14 privilege escalation
11765| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
11766| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
11767| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
11768| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
11769| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
11770| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
11771| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
11772| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
11773| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
11774| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
11775| [64006] Apache ActiveMQ up to 5.7.0 denial of service
11776| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
11777| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
11778| [8427] Apache Tomcat Session Transaction weak authentication
11779| [63960] Apache Maven 3.0.4 Default Configuration spoofing
11780| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
11781| [63750] Apache qpid up to 0.20 checkAvailable denial of service
11782| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
11783| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
11784| [63747] Apache Rave up to 0.20 User Account information disclosure
11785| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
11786| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
11787| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
11788| [7687] Apache CXF up to 2.7.2 Token weak authentication
11789| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
11790| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
11791| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
11792| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
11793| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
11794| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
11795| [63090] Apache Tomcat up to 4.1.24 denial of service
11796| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
11797| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
11798| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
11799| [62833] Apache CXF -/2.6.0 spoofing
11800| [62832] Apache Axis2 up to 1.6.2 spoofing
11801| [62831] Apache Axis up to 1.4 Java Message Service spoofing
11802| [62830] Apache Commons-httpclient 3.0 Payments spoofing
11803| [62826] Apache Libcloud up to 0.11.0 spoofing
11804| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
11805| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
11806| [62661] Apache Axis2 unknown vulnerability
11807| [62658] Apache Axis2 unknown vulnerability
11808| [62467] Apache Qpid up to 0.17 denial of service
11809| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
11810| [6301] Apache HTTP Server mod_pagespeed cross site scripting
11811| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
11812| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
11813| [62035] Apache Struts up to 2.3.4 denial of service
11814| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
11815| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
11816| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
11817| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
11818| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
11819| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
11820| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
11821| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
11822| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
11823| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
11824| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
11825| [61229] Apache Sling up to 2.1.1 denial of service
11826| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
11827| [61094] Apache Roller up to 5.0 cross site scripting
11828| [61093] Apache Roller up to 5.0 cross site request forgery
11829| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
11830| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
11831| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
11832| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
11833| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
11834| [60708] Apache Qpid 0.12 unknown vulnerability
11835| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
11836| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
11837| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
11838| [4882] Apache Wicket up to 1.5.4 directory traversal
11839| [4881] Apache Wicket up to 1.4.19 cross site scripting
11840| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
11841| [60352] Apache Struts up to 2.2.3 memory corruption
11842| [60153] Apache Portable Runtime up to 1.4.3 denial of service
11843| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
11844| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
11845| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
11846| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
11847| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
11848| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
11849| [4571] Apache Struts up to 2.3.1.2 privilege escalation
11850| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
11851| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
11852| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
11853| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
11854| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
11855| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
11856| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
11857| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
11858| [59888] Apache Tomcat up to 6.0.6 denial of service
11859| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
11860| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
11861| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
11862| [59850] Apache Geronimo up to 2.2.1 denial of service
11863| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
11864| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
11865| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
11866| [58413] Apache Tomcat up to 6.0.10 spoofing
11867| [58381] Apache Wicket up to 1.4.17 cross site scripting
11868| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
11869| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
11870| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
11871| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
11872| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
11873| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
11874| [57568] Apache Archiva up to 1.3.4 cross site scripting
11875| [57567] Apache Archiva up to 1.3.4 cross site request forgery
11876| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
11877| [4355] Apache HTTP Server APR apr_fnmatch denial of service
11878| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
11879| [57425] Apache Struts up to 2.2.1.1 cross site scripting
11880| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
11881| [57025] Apache Tomcat up to 7.0.11 information disclosure
11882| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
11883| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
11884| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
11885| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
11886| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
11887| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
11888| [56512] Apache Continuum up to 1.4.0 cross site scripting
11889| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
11890| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
11891| [4283] Apache Tomcat 5.x ServletContect privilege escalation
11892| [56441] Apache Tomcat up to 7.0.6 denial of service
11893| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
11894| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
11895| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
11896| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
11897| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
11898| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
11899| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
11900| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
11901| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
11902| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
11903| [54693] Apache Traffic Server DNS Cache unknown vulnerability
11904| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
11905| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
11906| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
11907| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
11908| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
11909| [54012] Apache Tomcat up to 6.0.10 denial of service
11910| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
11911| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
11912| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
11913| [52894] Apache Tomcat up to 6.0.7 information disclosure
11914| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
11915| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
11916| [52786] Apache Open For Business Project up to 09.04 cross site scripting
11917| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
11918| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
11919| [52584] Apache CouchDB up to 0.10.1 information disclosure
11920| [51757] Apache HTTP Server 2.0.44 cross site scripting
11921| [51756] Apache HTTP Server 2.0.44 spoofing
11922| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
11923| [51690] Apache Tomcat up to 6.0 directory traversal
11924| [51689] Apache Tomcat up to 6.0 information disclosure
11925| [51688] Apache Tomcat up to 6.0 directory traversal
11926| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
11927| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
11928| [50626] Apache Solr 1.0.0 cross site scripting
11929| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
11930| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
11931| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
11932| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
11933| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
11934| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
11935| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
11936| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
11937| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
11938| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
11939| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
11940| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
11941| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
11942| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
11943| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
11944| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
11945| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
11946| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
11947| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
11948| [47214] Apachefriends xampp 1.6.8 spoofing
11949| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
11950| [47162] Apachefriends XAMPP 1.4.4 weak authentication
11951| [47065] Apache Tomcat 4.1.23 cross site scripting
11952| [46834] Apache Tomcat up to 5.5.20 cross site scripting
11953| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
11954| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
11955| [86625] Apache Struts directory traversal
11956| [44461] Apache Tomcat up to 5.5.0 information disclosure
11957| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
11958| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
11959| [43663] Apache Tomcat up to 6.0.16 directory traversal
11960| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
11961| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
11962| [43516] Apache Tomcat up to 4.1.20 directory traversal
11963| [43509] Apache Tomcat up to 6.0.13 cross site scripting
11964| [42637] Apache Tomcat up to 6.0.16 cross site scripting
11965| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
11966| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
11967| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
11968| [40924] Apache Tomcat up to 6.0.15 information disclosure
11969| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
11970| [40922] Apache Tomcat up to 6.0 information disclosure
11971| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
11972| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
11973| [40656] Apache Tomcat 5.5.20 information disclosure
11974| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
11975| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
11976| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
11977| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
11978| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
11979| [40234] Apache Tomcat up to 6.0.15 directory traversal
11980| [40221] Apache HTTP Server 2.2.6 information disclosure
11981| [40027] David Castro Apache Authcas 0.4 sql injection
11982| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
11983| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
11984| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
11985| [39489] Apache Jakarta Slide up to 2.1 directory traversal
11986| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
11987| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
11988| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
11989| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
11990| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
11991| [38524] Apache Geronimo 2.0 unknown vulnerability
11992| [3256] Apache Tomcat up to 6.0.13 cross site scripting
11993| [38331] Apache Tomcat 4.1.24 information disclosure
11994| [38330] Apache Tomcat 4.1.24 information disclosure
11995| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
11996| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
11997| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
11998| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
11999| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
12000| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
12001| [37292] Apache Tomcat up to 5.5.1 cross site scripting
12002| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
12003| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
12004| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
12005| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
12006| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
12007| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
12008| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
12009| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
12010| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
12011| [36225] XAMPP Apache Distribution 1.6.0a sql injection
12012| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
12013| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
12014| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
12015| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
12016| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
12017| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
12018| [34252] Apache HTTP Server denial of service
12019| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
12020| [33877] Apache Opentaps 0.9.3 cross site scripting
12021| [33876] Apache Open For Business Project unknown vulnerability
12022| [33875] Apache Open For Business Project cross site scripting
12023| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
12024| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
12025| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
12026| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
12027| [31663] vbPortal Apache HTTP Server index.php directory traversal
12028| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
12029| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
12030| [30623] Apache James 2.2.0 SMTP Server denial of service
12031| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
12032#######################################################################################################################################
12033| MITRE CVE - https://cve.mitre.org:
12034| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
12035| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
12036| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
12037| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
12038| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
12039| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
12040| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
12041| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
12042| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
12043| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
12044| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
12045| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
12046| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
12047| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
12048| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
12049| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
12050| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
12051| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
12052| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
12053| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
12054| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
12055| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
12056| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
12057| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
12058| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
12059| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
12060| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
12061| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
12062| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
12063| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
12064| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12065| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
12066| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
12067| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
12068| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
12069| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
12070| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
12071| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
12072| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
12073| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
12074| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
12075| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12076| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12077| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12078| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12079| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
12080| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
12081| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
12082| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
12083| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
12084| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
12085| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
12086| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
12087| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
12088| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
12089| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
12090| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
12091| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
12092| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
12093| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
12094| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
12095| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
12096| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
12097| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
12098| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12099| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
12100| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
12101| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
12102| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
12103| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
12104| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
12105| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
12106| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
12107| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
12108| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
12109| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
12110| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
12111| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
12112| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
12113| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
12114| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
12115| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
12116| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
12117| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
12118| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
12119| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
12120| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
12121| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
12122| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
12123| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
12124| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
12125| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
12126| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
12127| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
12128| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
12129| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
12130| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
12131| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
12132| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
12133| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
12134| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
12135| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
12136| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
12137| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
12138| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
12139| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
12140| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
12141| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
12142| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
12143| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
12144| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
12145| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
12146| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
12147| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
12148| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
12149| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
12150| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
12151| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
12152| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
12153| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
12154| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
12155| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
12156| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
12157| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
12158| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
12159| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
12160| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
12161| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
12162| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
12163| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
12164| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
12165| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
12166| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
12167| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
12168| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
12169| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
12170| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
12171| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
12172| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
12173| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
12174| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
12175| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
12176| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
12177| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
12178| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
12179| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
12180| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
12181| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
12182| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
12183| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
12184| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
12185| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
12186| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
12187| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
12188| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
12189| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
12190| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
12191| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
12192| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
12193| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
12194| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
12195| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
12196| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
12197| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12198| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
12199| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
12200| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
12201| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
12202| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
12203| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
12204| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
12205| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
12206| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
12207| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
12208| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
12209| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
12210| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
12211| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
12212| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
12213| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12214| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
12215| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
12216| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
12217| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
12218| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
12219| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
12220| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
12221| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
12222| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
12223| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
12224| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
12225| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
12226| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
12227| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
12228| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
12229| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
12230| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
12231| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
12232| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
12233| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
12234| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
12235| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
12236| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
12237| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
12238| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
12239| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
12240| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
12241| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
12242| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
12243| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
12244| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
12245| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
12246| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
12247| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
12248| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
12249| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
12250| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
12251| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
12252| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
12253| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
12254| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12255| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
12256| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
12257| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
12258| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
12259| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
12260| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
12261| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
12262| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
12263| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
12264| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
12265| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
12266| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
12267| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
12268| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
12269| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
12270| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
12271| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
12272| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
12273| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
12274| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
12275| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
12276| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
12277| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
12278| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
12279| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
12280| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
12281| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
12282| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
12283| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
12284| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
12285| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
12286| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
12287| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
12288| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
12289| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
12290| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
12291| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
12292| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
12293| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
12294| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
12295| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
12296| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
12297| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
12298| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
12299| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
12300| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
12301| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
12302| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
12303| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
12304| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
12305| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
12306| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
12307| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
12308| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
12309| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
12310| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
12311| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
12312| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
12313| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
12314| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
12315| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
12316| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
12317| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
12318| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
12319| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
12320| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
12321| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
12322| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
12323| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
12324| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
12325| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
12326| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
12327| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
12328| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
12329| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
12330| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
12331| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
12332| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
12333| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
12334| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
12335| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
12336| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
12337| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
12338| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
12339| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12340| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
12341| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
12342| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
12343| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
12344| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
12345| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
12346| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
12347| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
12348| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
12349| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
12350| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
12351| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
12352| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
12353| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12354| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
12355| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
12356| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
12357| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
12358| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
12359| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
12360| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
12361| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
12362| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
12363| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
12364| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
12365| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
12366| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
12367| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
12368| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
12369| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
12370| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
12371| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
12372| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
12373| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
12374| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
12375| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
12376| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
12377| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
12378| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
12379| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
12380| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
12381| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
12382| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
12383| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
12384| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
12385| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
12386| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12387| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
12388| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
12389| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
12390| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
12391| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
12392| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
12393| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
12394| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
12395| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
12396| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
12397| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
12398| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
12399| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
12400| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12401| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
12402| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
12403| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
12404| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
12405| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
12406| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
12407| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
12408| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
12409| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
12410| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
12411| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
12412| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
12413| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
12414| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
12415| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
12416| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
12417| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12418| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
12419| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
12420| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
12421| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
12422| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
12423| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
12424| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
12425| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
12426| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
12427| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
12428| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
12429| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12430| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
12431| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
12432| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
12433| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
12434| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
12435| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
12436| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
12437| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
12438| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
12439| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
12440| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
12441| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
12442| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
12443| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
12444| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
12445| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
12446| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
12447| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
12448| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
12449| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
12450| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
12451| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
12452| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
12453| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
12454| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
12455| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
12456| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
12457| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
12458| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
12459| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
12460| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
12461| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
12462| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
12463| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
12464| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
12465| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
12466| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
12467| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
12468| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
12469| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
12470| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
12471| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
12472| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
12473| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
12474| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
12475| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
12476| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
12477| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
12478| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
12479| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
12480| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
12481| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
12482| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
12483| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
12484| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
12485| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
12486| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
12487| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
12488| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
12489| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
12490| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
12491| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
12492| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
12493| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
12494| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
12495| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
12496| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
12497| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
12498| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
12499| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
12500| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
12501| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
12502| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
12503| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
12504| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
12505| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
12506| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
12507| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
12508| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
12509| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
12510| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
12511| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
12512| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
12513| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
12514| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
12515| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
12516| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
12517| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
12518| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
12519| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
12520| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
12521| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
12522| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
12523| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
12524| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
12525| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
12526| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
12527| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
12528| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
12529| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
12530| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
12531| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
12532| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
12533| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
12534| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
12535| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
12536| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
12537| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
12538| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
12539| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
12540| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
12541| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
12542| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
12543| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
12544| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
12545| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
12546| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
12547| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
12548| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
12549| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
12550| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
12551| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
12552| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
12553| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
12554| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
12555| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
12556| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
12557| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
12558| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
12559| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
12560| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
12561| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
12562| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
12563| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
12564| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
12565| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
12566| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
12567| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
12568| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
12569| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
12570| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
12571| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
12572| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
12573| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
12574| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
12575| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
12576| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
12577| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
12578| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
12579| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
12580| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
12581| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
12582| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
12583| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
12584| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
12585| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
12586| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
12587| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
12588| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
12589| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
12590| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
12591| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
12592| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
12593| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
12594| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
12595| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
12596| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
12597| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
12598| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
12599| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
12600| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
12601| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
12602| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
12603| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
12604| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
12605| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
12606| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
12607| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
12608| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
12609| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
12610| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
12611| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
12612| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
12613| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
12614| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
12615| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
12616| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
12617| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
12618| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
12619| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
12620| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
12621| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
12622| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
12623| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
12624| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
12625| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
12626| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
12627| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
12628| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
12629| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
12630| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
12631| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
12632| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
12633| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
12634| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
12635| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
12636| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
12637| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
12638| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
12639| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
12640| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
12641| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
12642| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
12643#######################################################################################################################################
12644| SecurityFocus - https://www.securityfocus.com/bid/:
12645| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
12646| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
12647| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
12648| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
12649| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
12650| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
12651| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
12652| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
12653| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
12654| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
12655| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
12656| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
12657| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
12658| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
12659| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
12660| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
12661| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
12662| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
12663| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
12664| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
12665| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
12666| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
12667| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
12668| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
12669| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
12670| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
12671| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
12672| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
12673| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
12674| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
12675| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
12676| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
12677| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
12678| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
12679| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
12680| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
12681| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
12682| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
12683| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
12684| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
12685| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
12686| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
12687| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
12688| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
12689| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
12690| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
12691| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
12692| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
12693| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
12694| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
12695| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
12696| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
12697| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
12698| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
12699| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
12700| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
12701| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
12702| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
12703| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
12704| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
12705| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
12706| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
12707| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
12708| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
12709| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
12710| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
12711| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
12712| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
12713| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
12714| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
12715| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
12716| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
12717| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
12718| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
12719| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
12720| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
12721| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
12722| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
12723| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
12724| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
12725| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
12726| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
12727| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
12728| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
12729| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
12730| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
12731| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
12732| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
12733| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
12734| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
12735| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
12736| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
12737| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
12738| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
12739| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
12740| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
12741| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
12742| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
12743| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
12744| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
12745| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
12746| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
12747| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
12748| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
12749| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
12750| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
12751| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
12752| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
12753| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
12754| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
12755| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
12756| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
12757| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
12758| [100447] Apache2Triad Multiple Security Vulnerabilities
12759| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
12760| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
12761| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
12762| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
12763| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
12764| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
12765| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
12766| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
12767| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
12768| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
12769| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
12770| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
12771| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
12772| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
12773| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
12774| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
12775| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
12776| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
12777| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
12778| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
12779| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
12780| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
12781| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
12782| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
12783| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
12784| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
12785| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
12786| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
12787| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
12788| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
12789| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
12790| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
12791| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
12792| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
12793| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
12794| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
12795| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
12796| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
12797| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
12798| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
12799| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
12800| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
12801| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
12802| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
12803| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
12804| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
12805| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
12806| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
12807| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
12808| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
12809| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
12810| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
12811| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
12812| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
12813| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
12814| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
12815| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
12816| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
12817| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
12818| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
12819| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
12820| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
12821| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
12822| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
12823| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
12824| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
12825| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
12826| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
12827| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
12828| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
12829| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
12830| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
12831| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
12832| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
12833| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
12834| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
12835| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
12836| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
12837| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
12838| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
12839| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
12840| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
12841| [95675] Apache Struts Remote Code Execution Vulnerability
12842| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
12843| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
12844| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
12845| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
12846| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
12847| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
12848| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
12849| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
12850| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
12851| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
12852| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
12853| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
12854| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
12855| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
12856| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
12857| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
12858| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
12859| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
12860| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
12861| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
12862| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
12863| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
12864| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
12865| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
12866| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
12867| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
12868| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
12869| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
12870| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
12871| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
12872| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
12873| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
12874| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
12875| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
12876| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
12877| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
12878| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
12879| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
12880| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
12881| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
12882| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
12883| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
12884| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
12885| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
12886| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
12887| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
12888| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
12889| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
12890| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
12891| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
12892| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
12893| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
12894| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
12895| [91736] Apache XML-RPC Multiple Security Vulnerabilities
12896| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
12897| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
12898| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
12899| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
12900| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
12901| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
12902| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
12903| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
12904| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
12905| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
12906| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
12907| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
12908| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
12909| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
12910| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
12911| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
12912| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
12913| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
12914| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
12915| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
12916| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
12917| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
12918| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
12919| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
12920| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
12921| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
12922| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
12923| [90482] Apache CVE-2004-1387 Local Security Vulnerability
12924| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
12925| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
12926| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
12927| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
12928| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
12929| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
12930| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
12931| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
12932| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
12933| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
12934| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
12935| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
12936| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
12937| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
12938| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
12939| [86399] Apache CVE-2007-1743 Local Security Vulnerability
12940| [86397] Apache CVE-2007-1742 Local Security Vulnerability
12941| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
12942| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
12943| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
12944| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
12945| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
12946| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
12947| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
12948| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
12949| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
12950| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
12951| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
12952| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
12953| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
12954| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
12955| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
12956| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
12957| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
12958| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
12959| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
12960| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
12961| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
12962| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
12963| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
12964| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
12965| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
12966| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
12967| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
12968| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
12969| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
12970| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
12971| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
12972| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
12973| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
12974| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
12975| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
12976| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
12977| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
12978| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
12979| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
12980| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
12981| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
12982| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
12983| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
12984| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
12985| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
12986| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
12987| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
12988| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
12989| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
12990| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
12991| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
12992| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
12993| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
12994| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
12995| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
12996| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
12997| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
12998| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
12999| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
13000| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
13001| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
13002| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
13003| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
13004| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
13005| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
13006| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
13007| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
13008| [76933] Apache James Server Unspecified Command Execution Vulnerability
13009| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
13010| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
13011| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
13012| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
13013| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
13014| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
13015| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
13016| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
13017| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
13018| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
13019| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
13020| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
13021| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
13022| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
13023| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
13024| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
13025| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
13026| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
13027| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
13028| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
13029| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
13030| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
13031| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
13032| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
13033| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
13034| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
13035| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
13036| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
13037| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
13038| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
13039| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
13040| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
13041| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
13042| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
13043| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
13044| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
13045| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
13046| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
13047| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
13048| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
13049| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
13050| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
13051| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
13052| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
13053| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
13054| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
13055| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
13056| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
13057| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
13058| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
13059| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
13060| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
13061| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
13062| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
13063| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
13064| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
13065| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
13066| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
13067| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
13068| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
13069| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
13070| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
13071| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
13072| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
13073| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
13074| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
13075| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
13076| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
13077| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
13078| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
13079| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
13080| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
13081| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
13082| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
13083| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
13084| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
13085| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
13086| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
13087| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
13088| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
13089| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
13090| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
13091| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
13092| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
13093| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
13094| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
13095| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
13096| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
13097| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
13098| [68229] Apache Harmony PRNG Entropy Weakness
13099| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
13100| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
13101| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
13102| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
13103| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
13104| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
13105| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
13106| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
13107| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
13108| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
13109| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
13110| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
13111| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
13112| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
13113| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
13114| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
13115| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
13116| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
13117| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
13118| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
13119| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
13120| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
13121| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
13122| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
13123| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
13124| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
13125| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
13126| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
13127| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
13128| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
13129| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
13130| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
13131| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
13132| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
13133| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
13134| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
13135| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
13136| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
13137| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
13138| [64780] Apache CloudStack Unauthorized Access Vulnerability
13139| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
13140| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
13141| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
13142| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
13143| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
13144| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
13145| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
13146| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
13147| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
13148| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
13149| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
13150| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
13151| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
13152| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
13153| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
13154| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
13155| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
13156| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
13157| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
13158| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
13159| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
13160| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
13161| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
13162| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
13163| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
13164| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
13165| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
13166| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
13167| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
13168| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
13169| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
13170| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
13171| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
13172| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
13173| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
13174| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
13175| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
13176| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
13177| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
13178| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
13179| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
13180| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
13181| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
13182| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
13183| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
13184| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
13185| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
13186| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
13187| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
13188| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
13189| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
13190| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
13191| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
13192| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
13193| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
13194| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
13195| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
13196| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
13197| [59670] Apache VCL Multiple Input Validation Vulnerabilities
13198| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
13199| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
13200| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
13201| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
13202| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
13203| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
13204| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
13205| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
13206| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
13207| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
13208| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
13209| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
13210| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
13211| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
13212| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
13213| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
13214| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
13215| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
13216| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
13217| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
13218| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
13219| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
13220| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
13221| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
13222| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
13223| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
13224| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
13225| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
13226| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
13227| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
13228| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
13229| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
13230| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
13231| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
13232| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
13233| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
13234| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
13235| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
13236| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
13237| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
13238| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
13239| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
13240| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
13241| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
13242| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
13243| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
13244| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
13245| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
13246| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
13247| [54798] Apache Libcloud Man In The Middle Vulnerability
13248| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
13249| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
13250| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
13251| [54189] Apache Roller Cross Site Request Forgery Vulnerability
13252| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
13253| [53880] Apache CXF Child Policies Security Bypass Vulnerability
13254| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
13255| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
13256| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
13257| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
13258| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
13259| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
13260| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
13261| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
13262| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
13263| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
13264| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
13265| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
13266| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
13267| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
13268| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
13269| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
13270| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
13271| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
13272| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
13273| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
13274| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
13275| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
13276| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
13277| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
13278| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
13279| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
13280| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
13281| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
13282| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
13283| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
13284| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
13285| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
13286| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
13287| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
13288| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
13289| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
13290| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
13291| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
13292| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
13293| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
13294| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
13295| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
13296| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
13297| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
13298| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
13299| [49290] Apache Wicket Cross Site Scripting Vulnerability
13300| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
13301| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
13302| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
13303| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
13304| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
13305| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
13306| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
13307| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
13308| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
13309| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
13310| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
13311| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
13312| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
13313| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
13314| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
13315| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
13316| [46953] Apache MPM-ITK Module Security Weakness
13317| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
13318| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
13319| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
13320| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
13321| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
13322| [46166] Apache Tomcat JVM Denial of Service Vulnerability
13323| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
13324| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
13325| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
13326| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
13327| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
13328| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
13329| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
13330| [44616] Apache Shiro Directory Traversal Vulnerability
13331| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
13332| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
13333| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
13334| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
13335| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
13336| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
13337| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
13338| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
13339| [42492] Apache CXF XML DTD Processing Security Vulnerability
13340| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
13341| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
13342| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
13343| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
13344| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
13345| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
13346| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
13347| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
13348| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
13349| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
13350| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
13351| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
13352| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
13353| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
13354| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
13355| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
13356| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
13357| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
13358| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
13359| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
13360| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
13361| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
13362| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
13363| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
13364| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
13365| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
13366| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
13367| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
13368| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
13369| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
13370| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
13371| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
13372| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
13373| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
13374| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
13375| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
13376| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
13377| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
13378| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
13379| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
13380| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
13381| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
13382| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
13383| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
13384| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
13385| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
13386| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
13387| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
13388| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
13389| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13390| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
13391| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
13392| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
13393| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
13394| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
13395| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
13396| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
13397| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
13398| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
13399| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
13400| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
13401| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
13402| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
13403| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
13404| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
13405| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
13406| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
13407| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
13408| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
13409| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
13410| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
13411| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
13412| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
13413| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
13414| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
13415| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
13416| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
13417| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
13418| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
13419| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
13420| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
13421| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
13422| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
13423| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
13424| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
13425| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
13426| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
13427| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
13428| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
13429| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
13430| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
13431| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
13432| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
13433| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
13434| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
13435| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
13436| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
13437| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
13438| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
13439| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
13440| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
13441| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
13442| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
13443| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
13444| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
13445| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
13446| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
13447| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
13448| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
13449| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
13450| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
13451| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
13452| [20527] Apache Mod_TCL Remote Format String Vulnerability
13453| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
13454| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
13455| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
13456| [19106] Apache Tomcat Information Disclosure Vulnerability
13457| [18138] Apache James SMTP Denial Of Service Vulnerability
13458| [17342] Apache Struts Multiple Remote Vulnerabilities
13459| [17095] Apache Log4Net Denial Of Service Vulnerability
13460| [16916] Apache mod_python FileSession Code Execution Vulnerability
13461| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
13462| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
13463| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
13464| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
13465| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
13466| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
13467| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
13468| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
13469| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
13470| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
13471| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
13472| [15177] PHP Apache 2 Local Denial of Service Vulnerability
13473| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
13474| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
13475| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
13476| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
13477| [14106] Apache HTTP Request Smuggling Vulnerability
13478| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
13479| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
13480| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
13481| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
13482| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
13483| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
13484| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
13485| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
13486| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
13487| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
13488| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
13489| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
13490| [11471] Apache mod_include Local Buffer Overflow Vulnerability
13491| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
13492| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
13493| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
13494| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
13495| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
13496| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
13497| [11094] Apache mod_ssl Denial Of Service Vulnerability
13498| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
13499| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
13500| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
13501| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
13502| [10478] ClueCentral Apache Suexec Patch Security Weakness
13503| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
13504| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
13505| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
13506| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
13507| [9921] Apache Connection Blocking Denial Of Service Vulnerability
13508| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
13509| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
13510| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
13511| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
13512| [9733] Apache Cygwin Directory Traversal Vulnerability
13513| [9599] Apache mod_php Global Variables Information Disclosure Weakness
13514| [9590] Apache-SSL Client Certificate Forging Vulnerability
13515| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
13516| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
13517| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
13518| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
13519| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
13520| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
13521| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
13522| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
13523| [8898] Red Hat Apache Directory Index Default Configuration Error
13524| [8883] Apache Cocoon Directory Traversal Vulnerability
13525| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
13526| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
13527| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
13528| [8707] Apache htpasswd Password Entropy Weakness
13529| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
13530| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
13531| [8226] Apache HTTP Server Multiple Vulnerabilities
13532| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
13533| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
13534| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
13535| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
13536| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
13537| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
13538| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
13539| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
13540| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
13541| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
13542| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
13543| [7255] Apache Web Server File Descriptor Leakage Vulnerability
13544| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
13545| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
13546| [6939] Apache Web Server ETag Header Information Disclosure Weakness
13547| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
13548| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
13549| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
13550| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
13551| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
13552| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
13553| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
13554| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
13555| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
13556| [6117] Apache mod_php File Descriptor Leakage Vulnerability
13557| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
13558| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
13559| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
13560| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
13561| [5992] Apache HTDigest Insecure Temporary File Vulnerability
13562| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
13563| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
13564| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
13565| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
13566| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
13567| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
13568| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
13569| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
13570| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
13571| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
13572| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
13573| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
13574| [5485] Apache 2.0 Path Disclosure Vulnerability
13575| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
13576| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
13577| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
13578| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
13579| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
13580| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
13581| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
13582| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
13583| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
13584| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
13585| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
13586| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
13587| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
13588| [4437] Apache Error Message Cross-Site Scripting Vulnerability
13589| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
13590| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
13591| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
13592| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
13593| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
13594| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
13595| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
13596| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
13597| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
13598| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
13599| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
13600| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
13601| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
13602| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
13603| [3596] Apache Split-Logfile File Append Vulnerability
13604| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
13605| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
13606| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
13607| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
13608| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
13609| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
13610| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
13611| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
13612| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
13613| [3169] Apache Server Address Disclosure Vulnerability
13614| [3009] Apache Possible Directory Index Disclosure Vulnerability
13615| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
13616| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
13617| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
13618| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
13619| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
13620| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
13621| [2216] Apache Web Server DoS Vulnerability
13622| [2182] Apache /tmp File Race Vulnerability
13623| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
13624| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
13625| [1821] Apache mod_cookies Buffer Overflow Vulnerability
13626| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
13627| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
13628| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
13629| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
13630| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
13631| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
13632| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
13633| [1457] Apache::ASP source.asp Example Script Vulnerability
13634| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
13635| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
13636#######################################################################################################################################
13637| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13638| [86258] Apache CloudStack text fields cross-site scripting
13639| [85983] Apache Subversion mod_dav_svn module denial of service
13640| [85875] Apache OFBiz UEL code execution
13641| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
13642| [85871] Apache HTTP Server mod_session_dbd unspecified
13643| [85756] Apache Struts OGNL expression command execution
13644| [85755] Apache Struts DefaultActionMapper class open redirect
13645| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
13646| [85574] Apache HTTP Server mod_dav denial of service
13647| [85573] Apache Struts Showcase App OGNL code execution
13648| [85496] Apache CXF denial of service
13649| [85423] Apache Geronimo RMI classloader code execution
13650| [85326] Apache Santuario XML Security for C++ buffer overflow
13651| [85323] Apache Santuario XML Security for Java spoofing
13652| [85319] Apache Qpid Python client SSL spoofing
13653| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
13654| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
13655| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
13656| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
13657| [84952] Apache Tomcat CVE-2012-3544 denial of service
13658| [84763] Apache Struts CVE-2013-2135 security bypass
13659| [84762] Apache Struts CVE-2013-2134 security bypass
13660| [84719] Apache Subversion CVE-2013-2088 command execution
13661| [84718] Apache Subversion CVE-2013-2112 denial of service
13662| [84717] Apache Subversion CVE-2013-1968 denial of service
13663| [84577] Apache Tomcat security bypass
13664| [84576] Apache Tomcat symlink
13665| [84543] Apache Struts CVE-2013-2115 security bypass
13666| [84542] Apache Struts CVE-2013-1966 security bypass
13667| [84154] Apache Tomcat session hijacking
13668| [84144] Apache Tomcat denial of service
13669| [84143] Apache Tomcat information disclosure
13670| [84111] Apache HTTP Server command execution
13671| [84043] Apache Virtual Computing Lab cross-site scripting
13672| [84042] Apache Virtual Computing Lab cross-site scripting
13673| [83782] Apache CloudStack information disclosure
13674| [83781] Apache CloudStack security bypass
13675| [83720] Apache ActiveMQ cross-site scripting
13676| [83719] Apache ActiveMQ denial of service
13677| [83718] Apache ActiveMQ denial of service
13678| [83263] Apache Subversion denial of service
13679| [83262] Apache Subversion denial of service
13680| [83261] Apache Subversion denial of service
13681| [83259] Apache Subversion denial of service
13682| [83035] Apache mod_ruid2 security bypass
13683| [82852] Apache Qpid federation_tag security bypass
13684| [82851] Apache Qpid qpid::framing::Buffer denial of service
13685| [82758] Apache Rave User RPC API information disclosure
13686| [82663] Apache Subversion svn_fs_file_length() denial of service
13687| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
13688| [82641] Apache Qpid AMQP denial of service
13689| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
13690| [82618] Apache Commons FileUpload symlink
13691| [82360] Apache HTTP Server manager interface cross-site scripting
13692| [82359] Apache HTTP Server hostnames cross-site scripting
13693| [82338] Apache Tomcat log/logdir information disclosure
13694| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
13695| [82268] Apache OpenJPA deserialization command execution
13696| [81981] Apache CXF UsernameTokens security bypass
13697| [81980] Apache CXF WS-Security security bypass
13698| [81398] Apache OFBiz cross-site scripting
13699| [81240] Apache CouchDB directory traversal
13700| [81226] Apache CouchDB JSONP code execution
13701| [81225] Apache CouchDB Futon user interface cross-site scripting
13702| [81211] Apache Axis2/C SSL spoofing
13703| [81167] Apache CloudStack DeployVM information disclosure
13704| [81166] Apache CloudStack AddHost API information disclosure
13705| [81165] Apache CloudStack createSSHKeyPair API information disclosure
13706| [80518] Apache Tomcat cross-site request forgery security bypass
13707| [80517] Apache Tomcat FormAuthenticator security bypass
13708| [80516] Apache Tomcat NIO denial of service
13709| [80408] Apache Tomcat replay-countermeasure security bypass
13710| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
13711| [80317] Apache Tomcat slowloris denial of service
13712| [79984] Apache Commons HttpClient SSL spoofing
13713| [79983] Apache CXF SSL spoofing
13714| [79830] Apache Axis2/Java SSL spoofing
13715| [79829] Apache Axis SSL spoofing
13716| [79809] Apache Tomcat DIGEST security bypass
13717| [79806] Apache Tomcat parseHeaders() denial of service
13718| [79540] Apache OFBiz unspecified
13719| [79487] Apache Axis2 SAML security bypass
13720| [79212] Apache Cloudstack code execution
13721| [78734] Apache CXF SOAP Action security bypass
13722| [78730] Apache Qpid broker denial of service
13723| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
13724| [78563] Apache mod_pagespeed module unspecified cross-site scripting
13725| [78562] Apache mod_pagespeed module security bypass
13726| [78454] Apache Axis2 security bypass
13727| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
13728| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
13729| [78321] Apache Wicket unspecified cross-site scripting
13730| [78183] Apache Struts parameters denial of service
13731| [78182] Apache Struts cross-site request forgery
13732| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
13733| [77987] mod_rpaf module for Apache denial of service
13734| [77958] Apache Struts skill name code execution
13735| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
13736| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
13737| [77568] Apache Qpid broker security bypass
13738| [77421] Apache Libcloud spoofing
13739| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
13740| [77046] Oracle Solaris Apache HTTP Server information disclosure
13741| [76837] Apache Hadoop information disclosure
13742| [76802] Apache Sling CopyFrom denial of service
13743| [76692] Apache Hadoop symlink
13744| [76535] Apache Roller console cross-site request forgery
13745| [76534] Apache Roller weblog cross-site scripting
13746| [76152] Apache CXF elements security bypass
13747| [76151] Apache CXF child policies security bypass
13748| [75983] MapServer for Windows Apache file include
13749| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
13750| [75558] Apache POI denial of service
13751| [75545] PHP apache_request_headers() buffer overflow
13752| [75302] Apache Qpid SASL security bypass
13753| [75211] Debian GNU/Linux apache 2 cross-site scripting
13754| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
13755| [74871] Apache OFBiz FlexibleStringExpander code execution
13756| [74870] Apache OFBiz multiple cross-site scripting
13757| [74750] Apache Hadoop unspecified spoofing
13758| [74319] Apache Struts XSLTResult.java file upload
13759| [74313] Apache Traffic Server header buffer overflow
13760| [74276] Apache Wicket directory traversal
13761| [74273] Apache Wicket unspecified cross-site scripting
13762| [74181] Apache HTTP Server mod_fcgid module denial of service
13763| [73690] Apache Struts OGNL code execution
13764| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
13765| [73100] Apache MyFaces in directory traversal
13766| [73096] Apache APR hash denial of service
13767| [73052] Apache Struts name cross-site scripting
13768| [73030] Apache CXF UsernameToken security bypass
13769| [72888] Apache Struts lastName cross-site scripting
13770| [72758] Apache HTTP Server httpOnly information disclosure
13771| [72757] Apache HTTP Server MPM denial of service
13772| [72585] Apache Struts ParameterInterceptor security bypass
13773| [72438] Apache Tomcat Digest security bypass
13774| [72437] Apache Tomcat Digest security bypass
13775| [72436] Apache Tomcat DIGEST security bypass
13776| [72425] Apache Tomcat parameter denial of service
13777| [72422] Apache Tomcat request object information disclosure
13778| [72377] Apache HTTP Server scoreboard security bypass
13779| [72345] Apache HTTP Server HTTP request denial of service
13780| [72229] Apache Struts ExceptionDelegator command execution
13781| [72089] Apache Struts ParameterInterceptor directory traversal
13782| [72088] Apache Struts CookieInterceptor command execution
13783| [72047] Apache Geronimo hash denial of service
13784| [72016] Apache Tomcat hash denial of service
13785| [71711] Apache Struts OGNL expression code execution
13786| [71654] Apache Struts interfaces security bypass
13787| [71620] Apache ActiveMQ failover denial of service
13788| [71617] Apache HTTP Server mod_proxy module information disclosure
13789| [71508] Apache MyFaces EL security bypass
13790| [71445] Apache HTTP Server mod_proxy security bypass
13791| [71203] Apache Tomcat servlets privilege escalation
13792| [71181] Apache HTTP Server ap_pregsub() denial of service
13793| [71093] Apache HTTP Server ap_pregsub() buffer overflow
13794| [70336] Apache HTTP Server mod_proxy information disclosure
13795| [69804] Apache HTTP Server mod_proxy_ajp denial of service
13796| [69472] Apache Tomcat AJP security bypass
13797| [69396] Apache HTTP Server ByteRange filter denial of service
13798| [69394] Apache Wicket multi window support cross-site scripting
13799| [69176] Apache Tomcat XML information disclosure
13800| [69161] Apache Tomcat jsvc information disclosure
13801| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
13802| [68541] Apache Tomcat sendfile information disclosure
13803| [68420] Apache XML Security denial of service
13804| [68238] Apache Tomcat JMX information disclosure
13805| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
13806| [67804] Apache Subversion control rules information disclosure
13807| [67803] Apache Subversion control rules denial of service
13808| [67802] Apache Subversion baselined denial of service
13809| [67672] Apache Archiva multiple cross-site scripting
13810| [67671] Apache Archiva multiple cross-site request forgery
13811| [67564] Apache APR apr_fnmatch() denial of service
13812| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
13813| [67515] Apache Tomcat annotations security bypass
13814| [67480] Apache Struts s:submit information disclosure
13815| [67414] Apache APR apr_fnmatch() denial of service
13816| [67356] Apache Struts javatemplates cross-site scripting
13817| [67354] Apache Struts Xwork cross-site scripting
13818| [66676] Apache Tomcat HTTP BIO information disclosure
13819| [66675] Apache Tomcat web.xml security bypass
13820| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
13821| [66241] Apache HttpComponents information disclosure
13822| [66154] Apache Tomcat ServletSecurity security bypass
13823| [65971] Apache Tomcat ServletSecurity security bypass
13824| [65876] Apache Subversion mod_dav_svn denial of service
13825| [65343] Apache Continuum unspecified cross-site scripting
13826| [65162] Apache Tomcat NIO connector denial of service
13827| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
13828| [65160] Apache Tomcat HTML Manager interface cross-site scripting
13829| [65159] Apache Tomcat ServletContect security bypass
13830| [65050] Apache CouchDB web-based administration UI cross-site scripting
13831| [64773] Oracle HTTP Server Apache Plugin unauthorized access
13832| [64473] Apache Subversion blame -g denial of service
13833| [64472] Apache Subversion walk() denial of service
13834| [64407] Apache Axis2 CVE-2010-0219 code execution
13835| [63926] Apache Archiva password privilege escalation
13836| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
13837| [63493] Apache Archiva credentials cross-site request forgery
13838| [63477] Apache Tomcat HttpOnly session hijacking
13839| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
13840| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
13841| [62959] Apache Shiro filters security bypass
13842| [62790] Apache Perl cgi module denial of service
13843| [62576] Apache Qpid exchange denial of service
13844| [62575] Apache Qpid AMQP denial of service
13845| [62354] Apache Qpid SSL denial of service
13846| [62235] Apache APR-util apr_brigade_split_line() denial of service
13847| [62181] Apache XML-RPC SAX Parser information disclosure
13848| [61721] Apache Traffic Server cache poisoning
13849| [61202] Apache Derby BUILTIN authentication functionality information disclosure
13850| [61186] Apache CouchDB Futon cross-site request forgery
13851| [61169] Apache CXF DTD denial of service
13852| [61070] Apache Jackrabbit search.jsp SQL injection
13853| [61006] Apache SLMS Quoting cross-site request forgery
13854| [60962] Apache Tomcat time cross-site scripting
13855| [60883] Apache mod_proxy_http information disclosure
13856| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
13857| [60264] Apache Tomcat Transfer-Encoding denial of service
13858| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
13859| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
13860| [59413] Apache mod_proxy_http timeout information disclosure
13861| [59058] Apache MyFaces unencrypted view state cross-site scripting
13862| [58827] Apache Axis2 xsd file include
13863| [58790] Apache Axis2 modules cross-site scripting
13864| [58299] Apache ActiveMQ queueBrowse cross-site scripting
13865| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
13866| [58056] Apache ActiveMQ .jsp source code disclosure
13867| [58055] Apache Tomcat realm name information disclosure
13868| [58046] Apache HTTP Server mod_auth_shadow security bypass
13869| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
13870| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
13871| [57429] Apache CouchDB algorithms information disclosure
13872| [57398] Apache ActiveMQ Web console cross-site request forgery
13873| [57397] Apache ActiveMQ createDestination.action cross-site scripting
13874| [56653] Apache HTTP Server DNS spoofing
13875| [56652] Apache HTTP Server DNS cross-site scripting
13876| [56625] Apache HTTP Server request header information disclosure
13877| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
13878| [56623] Apache HTTP Server mod_proxy_ajp denial of service
13879| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
13880| [55857] Apache Tomcat WAR files directory traversal
13881| [55856] Apache Tomcat autoDeploy attribute security bypass
13882| [55855] Apache Tomcat WAR directory traversal
13883| [55210] Intuit component for Joomla! Apache information disclosure
13884| [54533] Apache Tomcat 404 error page cross-site scripting
13885| [54182] Apache Tomcat admin default password
13886| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
13887| [53666] Apache HTTP Server Solaris pollset support denial of service
13888| [53650] Apache HTTP Server HTTP basic-auth module security bypass
13889| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
13890| [53041] mod_proxy_ftp module for Apache denial of service
13891| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
13892| [51953] Apache Tomcat Path Disclosure
13893| [51952] Apache Tomcat Path Traversal
13894| [51951] Apache stronghold-status Information Disclosure
13895| [51950] Apache stronghold-info Information Disclosure
13896| [51949] Apache PHP Source Code Disclosure
13897| [51948] Apache Multiviews Attack
13898| [51946] Apache JServ Environment Status Information Disclosure
13899| [51945] Apache error_log Information Disclosure
13900| [51944] Apache Default Installation Page Pattern Found
13901| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
13902| [51942] Apache AXIS XML External Entity File Retrieval
13903| [51941] Apache AXIS Sample Servlet Information Leak
13904| [51940] Apache access_log Information Disclosure
13905| [51626] Apache mod_deflate denial of service
13906| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
13907| [51365] Apache Tomcat RequestDispatcher security bypass
13908| [51273] Apache HTTP Server Incomplete Request denial of service
13909| [51195] Apache Tomcat XML information disclosure
13910| [50994] Apache APR-util xml/apr_xml.c denial of service
13911| [50993] Apache APR-util apr_brigade_vprintf denial of service
13912| [50964] Apache APR-util apr_strmatch_precompile() denial of service
13913| [50930] Apache Tomcat j_security_check information disclosure
13914| [50928] Apache Tomcat AJP denial of service
13915| [50884] Apache HTTP Server XML ENTITY denial of service
13916| [50808] Apache HTTP Server AllowOverride privilege escalation
13917| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
13918| [50059] Apache mod_proxy_ajp information disclosure
13919| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
13920| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
13921| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
13922| [49921] Apache ActiveMQ Web interface cross-site scripting
13923| [49898] Apache Geronimo Services/Repository directory traversal
13924| [49725] Apache Tomcat mod_jk module information disclosure
13925| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
13926| [49712] Apache Struts unspecified cross-site scripting
13927| [49213] Apache Tomcat cal2.jsp cross-site scripting
13928| [48934] Apache Tomcat POST doRead method information disclosure
13929| [48211] Apache Tomcat header HTTP request smuggling
13930| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
13931| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
13932| [47709] Apache Roller "
13933| [47104] Novell Netware ApacheAdmin console security bypass
13934| [47086] Apache HTTP Server OS fingerprinting unspecified
13935| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
13936| [45791] Apache Tomcat RemoteFilterValve security bypass
13937| [44435] Oracle WebLogic Apache Connector buffer overflow
13938| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
13939| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
13940| [44156] Apache Tomcat RequestDispatcher directory traversal
13941| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
13942| [43885] Oracle WebLogic Server Apache Connector buffer overflow
13943| [42987] Apache HTTP Server mod_proxy module denial of service
13944| [42915] Apache Tomcat JSP files path disclosure
13945| [42914] Apache Tomcat MS-DOS path disclosure
13946| [42892] Apache Tomcat unspecified unauthorized access
13947| [42816] Apache Tomcat Host Manager cross-site scripting
13948| [42303] Apache 403 error cross-site scripting
13949| [41618] Apache-SSL ExpandCert() authentication bypass
13950| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
13951| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
13952| [40614] Apache mod_jk2 HTTP Host header buffer overflow
13953| [40562] Apache Geronimo init information disclosure
13954| [40478] Novell Web Manager webadmin-apache.conf security bypass
13955| [40411] Apache Tomcat exception handling information disclosure
13956| [40409] Apache Tomcat native (APR based) connector weak security
13957| [40403] Apache Tomcat quotes and %5C cookie information disclosure
13958| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
13959| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
13960| [39867] Apache HTTP Server mod_negotiation cross-site scripting
13961| [39804] Apache Tomcat SingleSignOn information disclosure
13962| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
13963| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
13964| [39608] Apache HTTP Server balancer manager cross-site request forgery
13965| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
13966| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
13967| [39472] Apache HTTP Server mod_status cross-site scripting
13968| [39201] Apache Tomcat JULI logging weak security
13969| [39158] Apache HTTP Server Windows SMB shares information disclosure
13970| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
13971| [38951] Apache::AuthCAS Perl module cookie SQL injection
13972| [38800] Apache HTTP Server 413 error page cross-site scripting
13973| [38211] Apache Geronimo SQLLoginModule authentication bypass
13974| [37243] Apache Tomcat WebDAV directory traversal
13975| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
13976| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
13977| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
13978| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
13979| [36782] Apache Geronimo MEJB unauthorized access
13980| [36586] Apache HTTP Server UTF-7 cross-site scripting
13981| [36468] Apache Geronimo LoginModule security bypass
13982| [36467] Apache Tomcat functions.jsp cross-site scripting
13983| [36402] Apache Tomcat calendar cross-site request forgery
13984| [36354] Apache HTTP Server mod_proxy module denial of service
13985| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
13986| [36336] Apache Derby lock table privilege escalation
13987| [36335] Apache Derby schema privilege escalation
13988| [36006] Apache Tomcat "
13989| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
13990| [35999] Apache Tomcat \"
13991| [35795] Apache Tomcat CookieExample cross-site scripting
13992| [35536] Apache Tomcat SendMailServlet example cross-site scripting
13993| [35384] Apache HTTP Server mod_cache module denial of service
13994| [35097] Apache HTTP Server mod_status module cross-site scripting
13995| [35095] Apache HTTP Server Prefork MPM module denial of service
13996| [34984] Apache HTTP Server recall_headers information disclosure
13997| [34966] Apache HTTP Server MPM content spoofing
13998| [34965] Apache HTTP Server MPM information disclosure
13999| [34963] Apache HTTP Server MPM multiple denial of service
14000| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
14001| [34869] Apache Tomcat JSP example Web application cross-site scripting
14002| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
14003| [34496] Apache Tomcat JK Connector security bypass
14004| [34377] Apache Tomcat hello.jsp cross-site scripting
14005| [34212] Apache Tomcat SSL configuration security bypass
14006| [34210] Apache Tomcat Accept-Language cross-site scripting
14007| [34209] Apache Tomcat calendar application cross-site scripting
14008| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
14009| [34167] Apache Axis WSDL file path disclosure
14010| [34068] Apache Tomcat AJP connector information disclosure
14011| [33584] Apache HTTP Server suEXEC privilege escalation
14012| [32988] Apache Tomcat proxy module directory traversal
14013| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
14014| [32708] Debian Apache tty privilege escalation
14015| [32441] ApacheStats extract() PHP call unspecified
14016| [32128] Apache Tomcat default account
14017| [31680] Apache Tomcat RequestParamExample cross-site scripting
14018| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
14019| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
14020| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
14021| [30456] Apache mod_auth_kerb off-by-one buffer overflow
14022| [29550] Apache mod_tcl set_var() format string
14023| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
14024| [28357] Apache HTTP Server mod_alias script source information disclosure
14025| [28063] Apache mod_rewrite off-by-one buffer overflow
14026| [27902] Apache Tomcat URL information disclosure
14027| [26786] Apache James SMTP server denial of service
14028| [25680] libapache2 /tmp/svn file upload
14029| [25614] Apache Struts lookupMap cross-site scripting
14030| [25613] Apache Struts ActionForm denial of service
14031| [25612] Apache Struts isCancelled() security bypass
14032| [24965] Apache mod_python FileSession command execution
14033| [24716] Apache James spooler memory leak denial of service
14034| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
14035| [24158] Apache Geronimo jsp-examples cross-site scripting
14036| [24030] Apache auth_ldap module multiple format strings
14037| [24008] Apache mod_ssl custom error message denial of service
14038| [24003] Apache mod_auth_pgsql module multiple syslog format strings
14039| [23612] Apache mod_imap referer field cross-site scripting
14040| [23173] Apache Struts error message cross-site scripting
14041| [22942] Apache Tomcat directory listing denial of service
14042| [22858] Apache Multi-Processing Module code allows denial of service
14043| [22602] RHSA-2005:582 updates for Apache httpd not installed
14044| [22520] Apache mod-auth-shadow "
14045| [22466] ApacheTop symlink
14046| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
14047| [22006] Apache HTTP Server byte-range filter denial of service
14048| [21567] Apache mod_ssl off-by-one buffer overflow
14049| [21195] Apache HTTP Server header HTTP request smuggling
14050| [20383] Apache HTTP Server htdigest buffer overflow
14051| [19681] Apache Tomcat AJP12 request denial of service
14052| [18993] Apache HTTP server check_forensic symlink attack
14053| [18790] Apache Tomcat Manager cross-site scripting
14054| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
14055| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
14056| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
14057| [17961] Apache Web server ServerTokens has not been set
14058| [17930] Apache HTTP Server HTTP GET request denial of service
14059| [17785] Apache mod_include module buffer overflow
14060| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
14061| [17473] Apache HTTP Server Satisfy directive allows access to resources
14062| [17413] Apache htpasswd buffer overflow
14063| [17384] Apache HTTP Server environment variable configuration file buffer overflow
14064| [17382] Apache HTTP Server IPv6 apr_util denial of service
14065| [17366] Apache HTTP Server mod_dav module LOCK denial of service
14066| [17273] Apache HTTP Server speculative mode denial of service
14067| [17200] Apache HTTP Server mod_ssl denial of service
14068| [16890] Apache HTTP Server server-info request has been detected
14069| [16889] Apache HTTP Server server-status request has been detected
14070| [16705] Apache mod_ssl format string attack
14071| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
14072| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
14073| [16230] Apache HTTP Server PHP denial of service
14074| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
14075| [15958] Apache HTTP Server authentication modules memory corruption
14076| [15547] Apache HTTP Server mod_disk_cache local information disclosure
14077| [15540] Apache HTTP Server socket starvation denial of service
14078| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
14079| [15422] Apache HTTP Server mod_access information disclosure
14080| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
14081| [15293] Apache for Cygwin "
14082| [15065] Apache-SSL has a default password
14083| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
14084| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
14085| [14751] Apache Mod_python output filter information disclosure
14086| [14125] Apache HTTP Server mod_userdir module information disclosure
14087| [14075] Apache HTTP Server mod_php file descriptor leak
14088| [13703] Apache HTTP Server account
14089| [13689] Apache HTTP Server configuration allows symlinks
14090| [13688] Apache HTTP Server configuration allows SSI
14091| [13687] Apache HTTP Server Server: header value
14092| [13685] Apache HTTP Server ServerTokens value
14093| [13684] Apache HTTP Server ServerSignature value
14094| [13672] Apache HTTP Server config allows directory autoindexing
14095| [13671] Apache HTTP Server default content
14096| [13670] Apache HTTP Server config file directive references outside content root
14097| [13668] Apache HTTP Server httpd not running in chroot environment
14098| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
14099| [13664] Apache HTTP Server config file contains ScriptAlias entry
14100| [13663] Apache HTTP Server CGI support modules loaded
14101| [13661] Apache HTTP Server config file contains AddHandler entry
14102| [13660] Apache HTTP Server 500 error page not CGI script
14103| [13659] Apache HTTP Server 413 error page not CGI script
14104| [13658] Apache HTTP Server 403 error page not CGI script
14105| [13657] Apache HTTP Server 401 error page not CGI script
14106| [13552] Apache HTTP Server mod_cgid module information disclosure
14107| [13550] Apache GET request directory traversal
14108| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
14109| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
14110| [13429] Apache Tomcat non-HTTP request denial of service
14111| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
14112| [13295] Apache weak password encryption
14113| [13254] Apache Tomcat .jsp cross-site scripting
14114| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
14115| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
14116| [12681] Apache HTTP Server mod_proxy could allow mail relaying
14117| [12662] Apache HTTP Server rotatelogs denial of service
14118| [12554] Apache Tomcat stores password in plain text
14119| [12553] Apache HTTP Server redirects and subrequests denial of service
14120| [12552] Apache HTTP Server FTP proxy server denial of service
14121| [12551] Apache HTTP Server prefork MPM denial of service
14122| [12550] Apache HTTP Server weaker than expected encryption
14123| [12549] Apache HTTP Server type-map file denial of service
14124| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
14125| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
14126| [12091] Apache HTTP Server apr_password_validate denial of service
14127| [12090] Apache HTTP Server apr_psprintf code execution
14128| [11804] Apache HTTP Server mod_access_referer denial of service
14129| [11750] Apache HTTP Server could leak sensitive file descriptors
14130| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
14131| [11703] Apache long slash path allows directory listing
14132| [11695] Apache HTTP Server LF (Line Feed) denial of service
14133| [11694] Apache HTTP Server filestat.c denial of service
14134| [11438] Apache HTTP Server MIME message boundaries information disclosure
14135| [11412] Apache HTTP Server error log terminal escape sequence injection
14136| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
14137| [11195] Apache Tomcat web.xml could be used to read files
14138| [11194] Apache Tomcat URL appended with a null character could list directories
14139| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
14140| [11126] Apache HTTP Server illegal character file disclosure
14141| [11125] Apache HTTP Server DOS device name HTTP POST code execution
14142| [11124] Apache HTTP Server DOS device name denial of service
14143| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
14144| [10938] Apache HTTP Server printenv test CGI cross-site scripting
14145| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
14146| [10575] Apache mod_php module could allow an attacker to take over the httpd process
14147| [10499] Apache HTTP Server WebDAV HTTP POST view source
14148| [10457] Apache HTTP Server mod_ssl "
14149| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
14150| [10414] Apache HTTP Server htdigest multiple buffer overflows
14151| [10413] Apache HTTP Server htdigest temporary file race condition
14152| [10412] Apache HTTP Server htpasswd temporary file race condition
14153| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
14154| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
14155| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
14156| [10280] Apache HTTP Server shared memory scorecard overwrite
14157| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
14158| [10241] Apache HTTP Server Host: header cross-site scripting
14159| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
14160| [10208] Apache HTTP Server mod_dav denial of service
14161| [10206] HP VVOS Apache mod_ssl denial of service
14162| [10200] Apache HTTP Server stderr denial of service
14163| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
14164| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
14165| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
14166| [10098] Slapper worm targets OpenSSL/Apache systems
14167| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
14168| [9875] Apache HTTP Server .var file request could disclose installation path
14169| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
14170| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
14171| [9623] Apache HTTP Server ap_log_rerror() path disclosure
14172| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
14173| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
14174| [9396] Apache Tomcat null character to threads denial of service
14175| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
14176| [9249] Apache HTTP Server chunked encoding heap buffer overflow
14177| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
14178| [8932] Apache Tomcat example class information disclosure
14179| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
14180| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
14181| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
14182| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
14183| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
14184| [8400] Apache HTTP Server mod_frontpage buffer overflows
14185| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
14186| [8308] Apache "
14187| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
14188| [8119] Apache and PHP OPTIONS request reveals "
14189| [8054] Apache is running on the system
14190| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
14191| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
14192| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
14193| [7836] Apache HTTP Server log directory denial of service
14194| [7815] Apache for Windows "
14195| [7810] Apache HTTP request could result in unexpected behavior
14196| [7599] Apache Tomcat reveals installation path
14197| [7494] Apache "
14198| [7419] Apache Web Server could allow remote attackers to overwrite .log files
14199| [7363] Apache Web Server hidden HTTP requests
14200| [7249] Apache mod_proxy denial of service
14201| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
14202| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
14203| [7059] Apache "
14204| [7057] Apache "
14205| [7056] Apache "
14206| [7055] Apache "
14207| [7054] Apache "
14208| [6997] Apache Jakarta Tomcat error message may reveal information
14209| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
14210| [6970] Apache crafted HTTP request could reveal the internal IP address
14211| [6921] Apache long slash path allows directory listing
14212| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
14213| [6527] Apache Web Server for Windows and OS2 denial of service
14214| [6316] Apache Jakarta Tomcat may reveal JSP source code
14215| [6305] Apache Jakarta Tomcat directory traversal
14216| [5926] Linux Apache symbolic link
14217| [5659] Apache Web server discloses files when used with php script
14218| [5310] Apache mod_rewrite allows attacker to view arbitrary files
14219| [5204] Apache WebDAV directory listings
14220| [5197] Apache Web server reveals CGI script source code
14221| [5160] Apache Jakarta Tomcat default installation
14222| [5099] Trustix Secure Linux installs Apache with world writable access
14223| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
14224| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
14225| [4931] Apache source.asp example file allows users to write to files
14226| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
14227| [4205] Apache Jakarta Tomcat delivers file contents
14228| [2084] Apache on Debian by default serves the /usr/doc directory
14229| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
14230| [697] Apache HTTP server beck exploit
14231| [331] Apache cookies buffer overflow
14232#######################################################################################################################################
14233| Exploit-DB - https://www.exploit-db.com:
14234| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
14235| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
14236| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
14237| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
14238| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
14239| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
14240| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
14241| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
14242| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
14243| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
14244| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
14245| [29859] Apache Roller OGNL Injection
14246| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
14247| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
14248| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
14249| [29290] Apache / PHP 5.x Remote Code Execution Exploit
14250| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
14251| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
14252| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
14253| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
14254| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
14255| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
14256| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
14257| [27096] Apache Geronimo 1.0 Error Page XSS
14258| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
14259| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
14260| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
14261| [25986] Plesk Apache Zeroday Remote Exploit
14262| [25980] Apache Struts includeParams Remote Code Execution
14263| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
14264| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
14265| [24874] Apache Struts ParametersInterceptor Remote Code Execution
14266| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
14267| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
14268| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
14269| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
14270| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
14271| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
14272| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
14273| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
14274| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
14275| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
14276| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
14277| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
14278| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
14279| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
14280| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
14281| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
14282| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
14283| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
14284| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
14285| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
14286| [21719] Apache 2.0 Path Disclosure Vulnerability
14287| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
14288| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
14289| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
14290| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
14291| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
14292| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
14293| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
14294| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
14295| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
14296| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
14297| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
14298| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
14299| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
14300| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
14301| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
14302| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
14303| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
14304| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
14305| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
14306| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
14307| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
14308| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
14309| [20558] Apache 1.2 Web Server DoS Vulnerability
14310| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
14311| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
14312| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
14313| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
14314| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
14315| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
14316| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
14317| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
14318| [19231] PHP apache_request_headers Function Buffer Overflow
14319| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
14320| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
14321| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
14322| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
14323| [18442] Apache httpOnly Cookie Disclosure
14324| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
14325| [18221] Apache HTTP Server Denial of Service
14326| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
14327| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
14328| [17691] Apache Struts < 2.2.0 - Remote Command Execution
14329| [16798] Apache mod_jk 1.2.20 Buffer Overflow
14330| [16782] Apache Win32 Chunked Encoding
14331| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
14332| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
14333| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
14334| [15319] Apache 2.2 (Windows) Local Denial of Service
14335| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
14336| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
14337| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
14338| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
14339| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
14340| [12330] Apache OFBiz - Multiple XSS
14341| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
14342| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
14343| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
14344| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
14345| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
14346| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
14347| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
14348| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
14349| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14350| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
14351| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
14352| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
14353| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
14354| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
14355| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
14356| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
14357| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
14358| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
14359| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
14360| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
14361| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
14362| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
14363| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
14364| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
14365| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
14366| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
14367| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
14368| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
14369| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
14370| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
14371| [466] htpasswd Apache 1.3.31 - Local Exploit
14372| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
14373| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
14374| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
14375| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
14376| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
14377| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
14378| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
14379| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
14380| [9] Apache HTTP Server 2.x Memory Leak Exploit
14381#######################################################################################################################################
14382| OpenVAS (Nessus) - http://www.openvas.org:
14383| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
14384| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
14385| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
14386| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
14387| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
14388| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
14389| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
14390| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
14391| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
14392| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
14393| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
14394| [900571] Apache APR-Utils Version Detection
14395| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
14396| [900496] Apache Tiles Multiple XSS Vulnerability
14397| [900493] Apache Tiles Version Detection
14398| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
14399| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
14400| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
14401| [870175] RedHat Update for apache RHSA-2008:0004-01
14402| [864591] Fedora Update for apache-poi FEDORA-2012-10835
14403| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
14404| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
14405| [864250] Fedora Update for apache-poi FEDORA-2012-7683
14406| [864249] Fedora Update for apache-poi FEDORA-2012-7686
14407| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
14408| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
14409| [855821] Solaris Update for Apache 1.3 122912-19
14410| [855812] Solaris Update for Apache 1.3 122911-19
14411| [855737] Solaris Update for Apache 1.3 122911-17
14412| [855731] Solaris Update for Apache 1.3 122912-17
14413| [855695] Solaris Update for Apache 1.3 122911-16
14414| [855645] Solaris Update for Apache 1.3 122912-16
14415| [855587] Solaris Update for kernel update and Apache 108529-29
14416| [855566] Solaris Update for Apache 116973-07
14417| [855531] Solaris Update for Apache 116974-07
14418| [855524] Solaris Update for Apache 2 120544-14
14419| [855494] Solaris Update for Apache 1.3 122911-15
14420| [855478] Solaris Update for Apache Security 114145-11
14421| [855472] Solaris Update for Apache Security 113146-12
14422| [855179] Solaris Update for Apache 1.3 122912-15
14423| [855147] Solaris Update for kernel update and Apache 108528-29
14424| [855077] Solaris Update for Apache 2 120543-14
14425| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
14426| [850088] SuSE Update for apache2 SUSE-SA:2007:061
14427| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
14428| [841209] Ubuntu Update for apache2 USN-1627-1
14429| [840900] Ubuntu Update for apache2 USN-1368-1
14430| [840798] Ubuntu Update for apache2 USN-1259-1
14431| [840734] Ubuntu Update for apache2 USN-1199-1
14432| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
14433| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
14434| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
14435| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
14436| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
14437| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
14438| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
14439| [835253] HP-UX Update for Apache Web Server HPSBUX02645
14440| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
14441| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
14442| [835236] HP-UX Update for Apache with PHP HPSBUX02543
14443| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
14444| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
14445| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
14446| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
14447| [835188] HP-UX Update for Apache HPSBUX02308
14448| [835181] HP-UX Update for Apache With PHP HPSBUX02332
14449| [835180] HP-UX Update for Apache with PHP HPSBUX02342
14450| [835172] HP-UX Update for Apache HPSBUX02365
14451| [835168] HP-UX Update for Apache HPSBUX02313
14452| [835148] HP-UX Update for Apache HPSBUX01064
14453| [835139] HP-UX Update for Apache with PHP HPSBUX01090
14454| [835131] HP-UX Update for Apache HPSBUX00256
14455| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
14456| [835104] HP-UX Update for Apache HPSBUX00224
14457| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
14458| [835101] HP-UX Update for Apache HPSBUX01232
14459| [835080] HP-UX Update for Apache HPSBUX02273
14460| [835078] HP-UX Update for ApacheStrong HPSBUX00255
14461| [835044] HP-UX Update for Apache HPSBUX01019
14462| [835040] HP-UX Update for Apache PHP HPSBUX00207
14463| [835025] HP-UX Update for Apache HPSBUX00197
14464| [835023] HP-UX Update for Apache HPSBUX01022
14465| [835022] HP-UX Update for Apache HPSBUX02292
14466| [835005] HP-UX Update for Apache HPSBUX02262
14467| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
14468| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
14469| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
14470| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
14471| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
14472| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
14473| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
14474| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
14475| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
14476| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
14477| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
14478| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
14479| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
14480| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
14481| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
14482| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
14483| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
14484| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
14485| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
14486| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
14487| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
14488| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
14489| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
14490| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
14491| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
14492| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
14493| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
14494| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
14495| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
14496| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
14497| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
14498| [801942] Apache Archiva Multiple Vulnerabilities
14499| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
14500| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
14501| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
14502| [801284] Apache Derby Information Disclosure Vulnerability
14503| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
14504| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
14505| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
14506| [800680] Apache APR Version Detection
14507| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
14508| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
14509| [800677] Apache Roller Version Detection
14510| [800279] Apache mod_jk Module Version Detection
14511| [800278] Apache Struts Cross Site Scripting Vulnerability
14512| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
14513| [800276] Apache Struts Version Detection
14514| [800271] Apache Struts Directory Traversal Vulnerability
14515| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
14516| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
14517| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
14518| [103122] Apache Web Server ETag Header Information Disclosure Weakness
14519| [103074] Apache Continuum Cross Site Scripting Vulnerability
14520| [103073] Apache Continuum Detection
14521| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
14522| [101023] Apache Open For Business Weak Password security check
14523| [101020] Apache Open For Business HTML injection vulnerability
14524| [101019] Apache Open For Business service detection
14525| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
14526| [100923] Apache Archiva Detection
14527| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
14528| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
14529| [100813] Apache Axis2 Detection
14530| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
14531| [100795] Apache Derby Detection
14532| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
14533| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
14534| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
14535| [100514] Apache Multiple Security Vulnerabilities
14536| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
14537| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
14538| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
14539| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14540| [72626] Debian Security Advisory DSA 2579-1 (apache2)
14541| [72612] FreeBSD Ports: apache22
14542| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
14543| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
14544| [71512] FreeBSD Ports: apache
14545| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
14546| [71256] Debian Security Advisory DSA 2452-1 (apache2)
14547| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
14548| [70737] FreeBSD Ports: apache
14549| [70724] Debian Security Advisory DSA 2405-1 (apache2)
14550| [70600] FreeBSD Ports: apache
14551| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
14552| [70235] Debian Security Advisory DSA 2298-2 (apache2)
14553| [70233] Debian Security Advisory DSA 2298-1 (apache2)
14554| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
14555| [69338] Debian Security Advisory DSA 2202-1 (apache2)
14556| [67868] FreeBSD Ports: apache
14557| [66816] FreeBSD Ports: apache
14558| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
14559| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
14560| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
14561| [66081] SLES11: Security update for Apache 2
14562| [66074] SLES10: Security update for Apache 2
14563| [66070] SLES9: Security update for Apache 2
14564| [65998] SLES10: Security update for apache2-mod_python
14565| [65893] SLES10: Security update for Apache 2
14566| [65888] SLES10: Security update for Apache 2
14567| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
14568| [65510] SLES9: Security update for Apache 2
14569| [65472] SLES9: Security update for Apache
14570| [65467] SLES9: Security update for Apache
14571| [65450] SLES9: Security update for apache2
14572| [65390] SLES9: Security update for Apache2
14573| [65363] SLES9: Security update for Apache2
14574| [65309] SLES9: Security update for Apache and mod_ssl
14575| [65296] SLES9: Security update for webdav apache module
14576| [65283] SLES9: Security update for Apache2
14577| [65249] SLES9: Security update for Apache 2
14578| [65230] SLES9: Security update for Apache 2
14579| [65228] SLES9: Security update for Apache 2
14580| [65212] SLES9: Security update for apache2-mod_python
14581| [65209] SLES9: Security update for apache2-worker
14582| [65207] SLES9: Security update for Apache 2
14583| [65168] SLES9: Security update for apache2-mod_python
14584| [65142] SLES9: Security update for Apache2
14585| [65136] SLES9: Security update for Apache 2
14586| [65132] SLES9: Security update for apache
14587| [65131] SLES9: Security update for Apache 2 oes/CORE
14588| [65113] SLES9: Security update for apache2
14589| [65072] SLES9: Security update for apache and mod_ssl
14590| [65017] SLES9: Security update for Apache 2
14591| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
14592| [64783] FreeBSD Ports: apache
14593| [64774] Ubuntu USN-802-2 (apache2)
14594| [64653] Ubuntu USN-813-2 (apache2)
14595| [64559] Debian Security Advisory DSA 1834-2 (apache2)
14596| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
14597| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
14598| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
14599| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
14600| [64443] Ubuntu USN-802-1 (apache2)
14601| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
14602| [64423] Debian Security Advisory DSA 1834-1 (apache2)
14603| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
14604| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
14605| [64251] Debian Security Advisory DSA 1816-1 (apache2)
14606| [64201] Ubuntu USN-787-1 (apache2)
14607| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
14608| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
14609| [63565] FreeBSD Ports: apache
14610| [63562] Ubuntu USN-731-1 (apache2)
14611| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
14612| [61185] FreeBSD Ports: apache
14613| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
14614| [60387] Slackware Advisory SSA:2008-045-02 apache
14615| [58826] FreeBSD Ports: apache-tomcat
14616| [58825] FreeBSD Ports: apache-tomcat
14617| [58804] FreeBSD Ports: apache
14618| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
14619| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
14620| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
14621| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
14622| [57335] Debian Security Advisory DSA 1167-1 (apache)
14623| [57201] Debian Security Advisory DSA 1131-1 (apache)
14624| [57200] Debian Security Advisory DSA 1132-1 (apache2)
14625| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
14626| [57145] FreeBSD Ports: apache
14627| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
14628| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
14629| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
14630| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
14631| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
14632| [56067] FreeBSD Ports: apache
14633| [55803] Slackware Advisory SSA:2005-310-04 apache
14634| [55519] Debian Security Advisory DSA 839-1 (apachetop)
14635| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
14636| [55355] FreeBSD Ports: apache
14637| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
14638| [55261] Debian Security Advisory DSA 805-1 (apache2)
14639| [55259] Debian Security Advisory DSA 803-1 (apache)
14640| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
14641| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
14642| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
14643| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
14644| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
14645| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
14646| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
14647| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
14648| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
14649| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
14650| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
14651| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
14652| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
14653| [54439] FreeBSD Ports: apache
14654| [53931] Slackware Advisory SSA:2004-133-01 apache
14655| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
14656| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
14657| [53878] Slackware Advisory SSA:2003-308-01 apache security update
14658| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
14659| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
14660| [53848] Debian Security Advisory DSA 131-1 (apache)
14661| [53784] Debian Security Advisory DSA 021-1 (apache)
14662| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
14663| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
14664| [53735] Debian Security Advisory DSA 187-1 (apache)
14665| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
14666| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
14667| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
14668| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
14669| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
14670| [53282] Debian Security Advisory DSA 594-1 (apache)
14671| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
14672| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
14673| [53215] Debian Security Advisory DSA 525-1 (apache)
14674| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
14675| [52529] FreeBSD Ports: apache+ssl
14676| [52501] FreeBSD Ports: apache
14677| [52461] FreeBSD Ports: apache
14678| [52390] FreeBSD Ports: apache
14679| [52389] FreeBSD Ports: apache
14680| [52388] FreeBSD Ports: apache
14681| [52383] FreeBSD Ports: apache
14682| [52339] FreeBSD Ports: apache+mod_ssl
14683| [52331] FreeBSD Ports: apache
14684| [52329] FreeBSD Ports: ru-apache+mod_ssl
14685| [52314] FreeBSD Ports: apache
14686| [52310] FreeBSD Ports: apache
14687| [15588] Detect Apache HTTPS
14688| [15555] Apache mod_proxy content-length buffer overflow
14689| [15554] Apache mod_include priviledge escalation
14690| [14771] Apache <= 1.3.33 htpasswd local overflow
14691| [14177] Apache mod_access rule bypass
14692| [13644] Apache mod_rootme Backdoor
14693| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
14694| [12280] Apache Connection Blocking Denial of Service
14695| [12239] Apache Error Log Escape Sequence Injection
14696| [12123] Apache Tomcat source.jsp malformed request information disclosure
14697| [12085] Apache Tomcat servlet/JSP container default files
14698| [11438] Apache Tomcat Directory Listing and File disclosure
14699| [11204] Apache Tomcat Default Accounts
14700| [11092] Apache 2.0.39 Win32 directory traversal
14701| [11046] Apache Tomcat TroubleShooter Servlet Installed
14702| [11042] Apache Tomcat DOS Device Name XSS
14703| [11041] Apache Tomcat /servlet Cross Site Scripting
14704| [10938] Apache Remote Command Execution via .bat files
14705| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
14706| [10773] MacOS X Finder reveals contents of Apache Web files
14707| [10766] Apache UserDir Sensitive Information Disclosure
14708| [10756] MacOS X Finder reveals contents of Apache Web directories
14709| [10752] Apache Auth Module SQL Insertion Attack
14710| [10704] Apache Directory Listing
14711| [10678] Apache /server-info accessible
14712| [10677] Apache /server-status accessible
14713| [10440] Check for Apache Multiple / vulnerability
14714#######################################################################################################################################
14715| SecurityTracker - https://www.securitytracker.com:
14716| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
14717| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
14718| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
14719| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
14720| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
14721| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
14722| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
14723| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
14724| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
14725| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
14726| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
14727| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
14728| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
14729| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
14730| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
14731| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
14732| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
14733| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
14734| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
14735| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
14736| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
14737| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
14738| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
14739| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
14740| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
14741| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
14742| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
14743| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
14744| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
14745| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
14746| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
14747| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
14748| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
14749| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
14750| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
14751| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
14752| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
14753| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
14754| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
14755| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
14756| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
14757| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
14758| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
14759| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
14760| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
14761| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
14762| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
14763| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
14764| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
14765| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
14766| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
14767| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
14768| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
14769| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
14770| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
14771| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
14772| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
14773| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
14774| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
14775| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
14776| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
14777| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
14778| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
14779| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
14780| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
14781| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
14782| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
14783| [1024096] Apache mod_proxy_http May Return Results for a Different Request
14784| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
14785| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
14786| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
14787| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
14788| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
14789| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
14790| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
14791| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
14792| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
14793| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
14794| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
14795| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
14796| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
14797| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
14798| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
14799| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
14800| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
14801| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
14802| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
14803| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
14804| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
14805| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
14806| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
14807| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
14808| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
14809| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
14810| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
14811| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
14812| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
14813| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
14814| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
14815| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
14816| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
14817| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
14818| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
14819| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
14820| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
14821| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
14822| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
14823| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
14824| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
14825| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
14826| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
14827| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
14828| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
14829| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
14830| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
14831| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
14832| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
14833| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
14834| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
14835| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
14836| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
14837| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
14838| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
14839| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
14840| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
14841| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
14842| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
14843| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
14844| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
14845| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
14846| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
14847| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
14848| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
14849| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
14850| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
14851| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
14852| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
14853| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
14854| [1008920] Apache mod_digest May Validate Replayed Client Responses
14855| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
14856| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
14857| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
14858| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
14859| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
14860| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
14861| [1008030] Apache mod_rewrite Contains a Buffer Overflow
14862| [1008029] Apache mod_alias Contains a Buffer Overflow
14863| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
14864| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
14865| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
14866| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
14867| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
14868| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
14869| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
14870| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
14871| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
14872| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
14873| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
14874| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
14875| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
14876| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
14877| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
14878| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
14879| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
14880| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
14881| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
14882| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
14883| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
14884| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
14885| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
14886| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
14887| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
14888| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
14889| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
14890| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
14891| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
14892| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
14893| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
14894| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
14895| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
14896| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
14897| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
14898| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
14899| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
14900| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
14901| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
14902| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
14903| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
14904| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
14905| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
14906| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
14907| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
14908| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
14909| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
14910| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
14911| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
14912| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
14913| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
14914| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
14915| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
14916| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
14917| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
14918| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
14919#######################################################################################################################################
14920| OSVDB - http://www.osvdb.org:
14921| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
14922| [96077] Apache CloudStack Global Settings Multiple Field XSS
14923| [96076] Apache CloudStack Instances Menu Display Name Field XSS
14924| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
14925| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
14926| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
14927| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
14928| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
14929| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
14930| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
14931| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
14932| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
14933| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
14934| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
14935| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
14936| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
14937| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
14938| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
14939| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
14940| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
14941| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
14942| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
14943| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
14944| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
14945| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
14946| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
14947| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
14948| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
14949| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
14950| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
14951| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
14952| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
14953| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
14954| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
14955| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
14956| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
14957| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
14958| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
14959| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
14960| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
14961| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
14962| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
14963| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
14964| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
14965| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
14966| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
14967| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
14968| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
14969| [94279] Apache Qpid CA Certificate Validation Bypass
14970| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
14971| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
14972| [94042] Apache Axis JAX-WS Java Unspecified Exposure
14973| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
14974| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
14975| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
14976| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
14977| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
14978| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
14979| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
14980| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
14981| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
14982| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
14983| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
14984| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
14985| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
14986| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
14987| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
14988| [93541] Apache Solr json.wrf Callback XSS
14989| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
14990| [93521] Apache jUDDI Security API Token Session Persistence Weakness
14991| [93520] Apache CloudStack Default SSL Key Weakness
14992| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
14993| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
14994| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
14995| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
14996| [93515] Apache HBase table.jsp name Parameter XSS
14997| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
14998| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
14999| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
15000| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
15001| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
15002| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
15003| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
15004| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
15005| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
15006| [93252] Apache Tomcat FORM Authenticator Session Fixation
15007| [93172] Apache Camel camel/endpoints/ Endpoint XSS
15008| [93171] Apache Sling HtmlResponse Error Message XSS
15009| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
15010| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
15011| [93168] Apache Click ErrorReport.java id Parameter XSS
15012| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
15013| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
15014| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
15015| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
15016| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
15017| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
15018| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
15019| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
15020| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
15021| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
15022| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
15023| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
15024| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
15025| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
15026| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
15027| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
15028| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
15029| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
15030| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
15031| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
15032| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
15033| [93144] Apache Solr Admin Command Execution CSRF
15034| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
15035| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
15036| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
15037| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
15038| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
15039| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
15040| [92748] Apache CloudStack VM Console Access Restriction Bypass
15041| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
15042| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
15043| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
15044| [92706] Apache ActiveMQ Debug Log Rendering XSS
15045| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
15046| [92270] Apache Tomcat Unspecified CSRF
15047| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
15048| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
15049| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
15050| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
15051| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
15052| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
15053| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
15054| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
15055| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
15056| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
15057| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
15058| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
15059| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
15060| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
15061| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
15062| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
15063| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
15064| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
15065| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
15066| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
15067| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
15068| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
15069| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
15070| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
15071| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
15072| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
15073| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
15074| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
15075| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
15076| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
15077| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
15078| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
15079| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
15080| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
15081| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
15082| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
15083| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
15084| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
15085| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
15086| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
15087| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
15088| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
15089| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
15090| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
15091| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
15092| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
15093| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
15094| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
15095| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
15096| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
15097| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
15098| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
15099| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
15100| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
15101| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
15102| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
15103| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
15104| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
15105| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
15106| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
15107| [86901] Apache Tomcat Error Message Path Disclosure
15108| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
15109| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
15110| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
15111| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
15112| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
15113| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
15114| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
15115| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
15116| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
15117| [85430] Apache mod_pagespeed Module Unspecified XSS
15118| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
15119| [85249] Apache Wicket Unspecified XSS
15120| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
15121| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
15122| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
15123| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
15124| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
15125| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
15126| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
15127| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
15128| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
15129| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
15130| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
15131| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
15132| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
15133| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
15134| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
15135| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
15136| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
15137| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
15138| [83339] Apache Roller Blogger Roll Unspecified XSS
15139| [83270] Apache Roller Unspecified Admin Action CSRF
15140| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
15141| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
15142| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
15143| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
15144| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
15145| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
15146| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
15147| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
15148| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
15149| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
15150| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
15151| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
15152| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
15153| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
15154| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
15155| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
15156| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
15157| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
15158| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
15159| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
15160| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
15161| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
15162| [80300] Apache Wicket wicket:pageMapName Parameter XSS
15163| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
15164| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
15165| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
15166| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
15167| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
15168| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
15169| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
15170| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
15171| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
15172| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
15173| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
15174| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
15175| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
15176| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
15177| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
15178| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
15179| [78331] Apache Tomcat Request Object Recycling Information Disclosure
15180| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
15181| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
15182| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
15183| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
15184| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
15185| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
15186| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
15187| [77593] Apache Struts Conversion Error OGNL Expression Injection
15188| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
15189| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
15190| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
15191| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
15192| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
15193| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
15194| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
15195| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
15196| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
15197| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
15198| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
15199| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
15200| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
15201| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
15202| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
15203| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
15204| [74725] Apache Wicket Multi Window Support Unspecified XSS
15205| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
15206| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
15207| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
15208| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
15209| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
15210| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
15211| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
15212| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
15213| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
15214| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
15215| [73644] Apache XML Security Signature Key Parsing Overflow DoS
15216| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
15217| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
15218| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
15219| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
15220| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
15221| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
15222| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
15223| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
15224| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
15225| [73154] Apache Archiva Multiple Unspecified CSRF
15226| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
15227| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
15228| [72238] Apache Struts Action / Method Names <
15229| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
15230| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
15231| [71557] Apache Tomcat HTML Manager Multiple XSS
15232| [71075] Apache Archiva User Management Page XSS
15233| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
15234| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
15235| [70924] Apache Continuum Multiple Admin Function CSRF
15236| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
15237| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
15238| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
15239| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
15240| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
15241| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
15242| [69520] Apache Archiva Administrator Credential Manipulation CSRF
15243| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
15244| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
15245| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
15246| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
15247| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
15248| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
15249| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
15250| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
15251| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
15252| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
15253| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
15254| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
15255| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
15256| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
15257| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
15258| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
15259| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
15260| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
15261| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
15262| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
15263| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
15264| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
15265| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
15266| [65054] Apache ActiveMQ Jetty Error Handler XSS
15267| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
15268| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
15269| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
15270| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
15271| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
15272| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
15273| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
15274| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
15275| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
15276| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
15277| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
15278| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
15279| [63895] Apache HTTP Server mod_headers Unspecified Issue
15280| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
15281| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
15282| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
15283| [63140] Apache Thrift Service Malformed Data Remote DoS
15284| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
15285| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
15286| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
15287| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
15288| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
15289| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
15290| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
15291| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
15292| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
15293| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
15294| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
15295| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
15296| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
15297| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
15298| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
15299| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
15300| [60678] Apache Roller Comment Email Notification Manipulation DoS
15301| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
15302| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
15303| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
15304| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
15305| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
15306| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
15307| [60232] PHP on Apache php.exe Direct Request Remote DoS
15308| [60176] Apache Tomcat Windows Installer Admin Default Password
15309| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
15310| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
15311| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
15312| [59944] Apache Hadoop jobhistory.jsp XSS
15313| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
15314| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
15315| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
15316| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
15317| [59019] Apache mod_python Cookie Salting Weakness
15318| [59018] Apache Harmony Error Message Handling Overflow
15319| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
15320| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
15321| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
15322| [59010] Apache Solr get-file.jsp XSS
15323| [59009] Apache Solr action.jsp XSS
15324| [59008] Apache Solr analysis.jsp XSS
15325| [59007] Apache Solr schema.jsp Multiple Parameter XSS
15326| [59006] Apache Beehive select / checkbox Tag XSS
15327| [59005] Apache Beehive jpfScopeID Global Parameter XSS
15328| [59004] Apache Beehive Error Message XSS
15329| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
15330| [59002] Apache Jetspeed default-page.psml URI XSS
15331| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
15332| [59000] Apache CXF Unsigned Message Policy Bypass
15333| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
15334| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
15335| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
15336| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
15337| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
15338| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
15339| [58993] Apache Hadoop browseBlock.jsp XSS
15340| [58991] Apache Hadoop browseDirectory.jsp XSS
15341| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
15342| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
15343| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
15344| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
15345| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
15346| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
15347| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
15348| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
15349| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
15350| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
15351| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
15352| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
15353| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
15354| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
15355| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
15356| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
15357| [58974] Apache Sling /apps Script User Session Management Access Weakness
15358| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
15359| [58931] Apache Geronimo Cookie Parameters Validation Weakness
15360| [58930] Apache Xalan-C++ XPath Handling Remote DoS
15361| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
15362| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
15363| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
15364| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
15365| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
15366| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
15367| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
15368| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
15369| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
15370| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
15371| [58805] Apache Derby Unauthenticated Database / Admin Access
15372| [58804] Apache Wicket Header Contribution Unspecified Issue
15373| [58803] Apache Wicket Session Fixation
15374| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
15375| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
15376| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
15377| [58799] Apache Tapestry Logging Cleartext Password Disclosure
15378| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
15379| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
15380| [58796] Apache Jetspeed Unsalted Password Storage Weakness
15381| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
15382| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
15383| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
15384| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
15385| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
15386| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
15387| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
15388| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
15389| [58775] Apache JSPWiki preview.jsp action Parameter XSS
15390| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
15391| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
15392| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
15393| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
15394| [58770] Apache JSPWiki Group.jsp group Parameter XSS
15395| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
15396| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
15397| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
15398| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
15399| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
15400| [58763] Apache JSPWiki Include Tag Multiple Script XSS
15401| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
15402| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
15403| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
15404| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
15405| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
15406| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
15407| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
15408| [58755] Apache Harmony DRLVM Non-public Class Member Access
15409| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
15410| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
15411| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
15412| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
15413| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
15414| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
15415| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
15416| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
15417| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
15418| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
15419| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
15420| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
15421| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
15422| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
15423| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
15424| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
15425| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
15426| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
15427| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
15428| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
15429| [58725] Apache Tapestry Basic String ACL Bypass Weakness
15430| [58724] Apache Roller Logout Functionality Failure Session Persistence
15431| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
15432| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
15433| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
15434| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
15435| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
15436| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
15437| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
15438| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
15439| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
15440| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
15441| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
15442| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
15443| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
15444| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
15445| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
15446| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
15447| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
15448| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
15449| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
15450| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
15451| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
15452| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
15453| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
15454| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
15455| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
15456| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
15457| [58687] Apache Axis Invalid wsdl Request XSS
15458| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
15459| [58685] Apache Velocity Template Designer Privileged Code Execution
15460| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
15461| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
15462| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
15463| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
15464| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
15465| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
15466| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
15467| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
15468| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
15469| [58667] Apache Roller Database Cleartext Passwords Disclosure
15470| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
15471| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
15472| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
15473| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
15474| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
15475| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
15476| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
15477| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
15478| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
15479| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
15480| [56984] Apache Xerces2 Java Malformed XML Input DoS
15481| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
15482| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
15483| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
15484| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
15485| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
15486| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
15487| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
15488| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
15489| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
15490| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
15491| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
15492| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
15493| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
15494| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
15495| [55056] Apache Tomcat Cross-application TLD File Manipulation
15496| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
15497| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
15498| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
15499| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
15500| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
15501| [54589] Apache Jserv Nonexistent JSP Request XSS
15502| [54122] Apache Struts s:a / s:url Tag href Element XSS
15503| [54093] Apache ActiveMQ Web Console JMS Message XSS
15504| [53932] Apache Geronimo Multiple Admin Function CSRF
15505| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
15506| [53930] Apache Geronimo /console/portal/ URI XSS
15507| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
15508| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
15509| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
15510| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
15511| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
15512| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
15513| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
15514| [53380] Apache Struts Unspecified XSS
15515| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
15516| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
15517| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
15518| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
15519| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
15520| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
15521| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
15522| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
15523| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
15524| [51151] Apache Roller Search Function q Parameter XSS
15525| [50482] PHP with Apache php_value Order Unspecified Issue
15526| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
15527| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
15528| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
15529| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
15530| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
15531| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
15532| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
15533| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
15534| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
15535| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
15536| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
15537| [47096] Oracle Weblogic Apache Connector POST Request Overflow
15538| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
15539| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
15540| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
15541| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
15542| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
15543| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
15544| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
15545| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
15546| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
15547| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
15548| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
15549| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
15550| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
15551| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
15552| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
15553| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
15554| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
15555| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
15556| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
15557| [43452] Apache Tomcat HTTP Request Smuggling
15558| [43309] Apache Geronimo LoginModule Login Method Bypass
15559| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
15560| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
15561| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
15562| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
15563| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
15564| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
15565| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
15566| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
15567| [42091] Apache Maven Site Plugin Installation Permission Weakness
15568| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
15569| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
15570| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
15571| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
15572| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
15573| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
15574| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
15575| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
15576| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
15577| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
15578| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
15579| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
15580| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
15581| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
15582| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
15583| [40262] Apache HTTP Server mod_status refresh XSS
15584| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
15585| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
15586| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
15587| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
15588| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
15589| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
15590| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
15591| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
15592| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
15593| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
15594| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
15595| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
15596| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
15597| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
15598| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
15599| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
15600| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
15601| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
15602| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
15603| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
15604| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
15605| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
15606| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
15607| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
15608| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
15609| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
15610| [36080] Apache Tomcat JSP Examples Crafted URI XSS
15611| [36079] Apache Tomcat Manager Uploaded Filename XSS
15612| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
15613| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
15614| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
15615| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
15616| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
15617| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
15618| [34881] Apache Tomcat Malformed Accept-Language Header XSS
15619| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
15620| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
15621| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
15622| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
15623| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
15624| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
15625| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
15626| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
15627| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
15628| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
15629| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
15630| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
15631| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
15632| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
15633| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
15634| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
15635| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
15636| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
15637| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
15638| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
15639| [32724] Apache mod_python _filter_read Freed Memory Disclosure
15640| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
15641| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
15642| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
15643| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
15644| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
15645| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
15646| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
15647| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
15648| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
15649| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
15650| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
15651| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
15652| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
15653| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
15654| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
15655| [24365] Apache Struts Multiple Function Error Message XSS
15656| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
15657| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
15658| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
15659| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
15660| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
15661| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
15662| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
15663| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
15664| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
15665| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
15666| [22459] Apache Geronimo Error Page XSS
15667| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
15668| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
15669| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
15670| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
15671| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
15672| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
15673| [21021] Apache Struts Error Message XSS
15674| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
15675| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
15676| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
15677| [20439] Apache Tomcat Directory Listing Saturation DoS
15678| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
15679| [20285] Apache HTTP Server Log File Control Character Injection
15680| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
15681| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
15682| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
15683| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
15684| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
15685| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
15686| [19821] Apache Tomcat Malformed Post Request Information Disclosure
15687| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
15688| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
15689| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
15690| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
15691| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
15692| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
15693| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
15694| [18233] Apache HTTP Server htdigest user Variable Overfow
15695| [17738] Apache HTTP Server HTTP Request Smuggling
15696| [16586] Apache HTTP Server Win32 GET Overflow DoS
15697| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
15698| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
15699| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
15700| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
15701| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
15702| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
15703| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
15704| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
15705| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
15706| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
15707| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
15708| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
15709| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
15710| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
15711| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
15712| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
15713| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
15714| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
15715| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
15716| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
15717| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
15718| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
15719| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
15720| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
15721| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
15722| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
15723| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
15724| [13304] Apache Tomcat realPath.jsp Path Disclosure
15725| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
15726| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
15727| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
15728| [12848] Apache HTTP Server htdigest realm Variable Overflow
15729| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
15730| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
15731| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
15732| [12557] Apache HTTP Server prefork MPM accept Error DoS
15733| [12233] Apache Tomcat MS-DOS Device Name Request DoS
15734| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
15735| [12231] Apache Tomcat web.xml Arbitrary File Access
15736| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
15737| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
15738| [12178] Apache Jakarta Lucene results.jsp XSS
15739| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
15740| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
15741| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
15742| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
15743| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
15744| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
15745| [10471] Apache Xerces-C++ XML Parser DoS
15746| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
15747| [10068] Apache HTTP Server htpasswd Local Overflow
15748| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
15749| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
15750| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
15751| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
15752| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
15753| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
15754| [9717] Apache HTTP Server mod_cookies Cookie Overflow
15755| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
15756| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
15757| [9714] Apache Authentication Module Threaded MPM DoS
15758| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
15759| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
15760| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
15761| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
15762| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
15763| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
15764| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
15765| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
15766| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
15767| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
15768| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
15769| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
15770| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
15771| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
15772| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
15773| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
15774| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
15775| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
15776| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
15777| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
15778| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
15779| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
15780| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
15781| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
15782| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
15783| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
15784| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
15785| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
15786| [9208] Apache Tomcat .jsp Encoded Newline XSS
15787| [9204] Apache Tomcat ROOT Application XSS
15788| [9203] Apache Tomcat examples Application XSS
15789| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
15790| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
15791| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
15792| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
15793| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
15794| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
15795| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
15796| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
15797| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
15798| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
15799| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
15800| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
15801| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
15802| [7611] Apache HTTP Server mod_alias Local Overflow
15803| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
15804| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
15805| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
15806| [6882] Apache mod_python Malformed Query String Variant DoS
15807| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
15808| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
15809| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
15810| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
15811| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
15812| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
15813| [5526] Apache Tomcat Long .JSP URI Path Disclosure
15814| [5278] Apache Tomcat web.xml Restriction Bypass
15815| [5051] Apache Tomcat Null Character DoS
15816| [4973] Apache Tomcat servlet Mapping XSS
15817| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
15818| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
15819| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
15820| [4568] mod_survey For Apache ENV Tags SQL Injection
15821| [4553] Apache HTTP Server ApacheBench Overflow DoS
15822| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
15823| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
15824| [4383] Apache HTTP Server Socket Race Condition DoS
15825| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
15826| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
15827| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
15828| [4231] Apache Cocoon Error Page Server Path Disclosure
15829| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
15830| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
15831| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
15832| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
15833| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
15834| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
15835| [3322] mod_php for Apache HTTP Server Process Hijack
15836| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
15837| [2885] Apache mod_python Malformed Query String DoS
15838| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
15839| [2733] Apache HTTP Server mod_rewrite Local Overflow
15840| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
15841| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
15842| [2149] Apache::Gallery Privilege Escalation
15843| [2107] Apache HTTP Server mod_ssl Host: Header XSS
15844| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
15845| [1833] Apache HTTP Server Multiple Slash GET Request DoS
15846| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
15847| [872] Apache Tomcat Multiple Default Accounts
15848| [862] Apache HTTP Server SSI Error Page XSS
15849| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
15850| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
15851| [845] Apache Tomcat MSDOS Device XSS
15852| [844] Apache Tomcat Java Servlet Error Page XSS
15853| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
15854| [838] Apache HTTP Server Chunked Encoding Remote Overflow
15855| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
15856| [775] Apache mod_python Module Importing Privilege Function Execution
15857| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
15858| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
15859| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
15860| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
15861| [637] Apache HTTP Server UserDir Directive Username Enumeration
15862| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
15863| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
15864| [562] Apache HTTP Server mod_info /server-info Information Disclosure
15865| [561] Apache Web Servers mod_status /server-status Information Disclosure
15866| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
15867| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
15868| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
15869| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
15870| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
15871| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
15872| [376] Apache Tomcat contextAdmin Arbitrary File Access
15873| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
15874| [222] Apache HTTP Server test-cgi Arbitrary File Access
15875| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
15876| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
15877#######################################################################################################################################
15878139/tcp closed netbios-ssn conn-refused
15879443/tcp open ssl/https syn-ack Apache
15880|_http-server-header: Apache
15881445/tcp closed microsoft-ds conn-refused
15882OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
15883Aggressive OS guesses: HP P2000 G3 NAS device (91%), Linux 4.10 (91%), Linux 3.16 - 4.6 (90%), Linux 4.4 (90%), Linux 3.10 - 4.11 (88%), Linux 3.13 (88%), Linux 3.13 or 4.2 (88%), Linux 4.2 (88%), Asus RT-AC66U WAP (88%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%)
15884No exact OS matches for host (test conditions non-ideal).
15885TCP/IP fingerprint:
15886SCAN(V=7.70%E=4%D=7/9%OT=80%CT=25%CU=%PV=N%DS=19%DC=T%G=N%TM=5D242974%P=x86_64-pc-linux-gnu)
15887SEQ(SP=103%GCD=1%ISR=108%TI=Z%CI=Z%II=I%TS=21)
15888OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
15889WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
15890ECN(R=Y%DF=Y%TG=40%W=7210%O=M44FNNSNW7%CC=Y%Q=)
15891T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
15892T2(R=N)
15893T3(R=N)
15894T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
15895T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
15896T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
15897T7(R=N)
15898U1(R=N)
15899IE(R=Y%DFI=N%TG=40%CD=S)
15900
15901Uptime guess: 0.000 days (since Tue Jul 9 01:43:05 2019)
15902Network Distance: 19 hops
15903TCP Sequence Prediction: Difficulty=259 (Good luck!)
15904IP ID Sequence Generation: All zeros
15905
15906TRACEROUTE (using proto 1/icmp)
15907HOP RTT ADDRESS
159081 26.20 ms 10.244.200.1
159092 21.04 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
159103 36.49 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
159114 22.19 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
159125 20.90 ms ix-xe-11-1-1-0.tcore1.w6c-montreal.as6453.net (66.198.96.98)
159136 193.39 ms if-ae-30-2.tcore2.ct8-chicago.as6453.net (66.198.96.24)
159147 202.75 ms if-ae-22-2.tcore1.ct8-chicago.as6453.net (64.86.79.2)
159158 200.98 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104)
159169 200.37 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
1591710 ... 11
1591812 197.90 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
1591913 198.66 ms 120.29.217.2
1592014 198.07 ms 133.208.55.50
1592115 247.23 ms unused-133-130-015-093.interq.or.jp (133.130.15.93)
1592216 249.18 ms unused-133-130-012-058.interq.or.jp (133.130.12.58)
1592317 246.13 ms g-o-p-4ee-a01-1-e-1-1.interq.or.jp (210.157.9.210)
1592418 257.57 ms unused-157-7-041-162.interq.or.jp (157.7.41.162)
1592519 251.74 ms 157-7-107-254.virt.lolipop.jp (157.7.107.254)
15926
15927NSE: Script Post-scanning.
15928NSE: Starting runlevel 1 (of 2) scan.
15929Initiating NSE at 01:43
15930Completed NSE at 01:43, 0.00s elapsed
15931NSE: Starting runlevel 2 (of 2) scan.
15932Initiating NSE at 01:43
15933Completed NSE at 01:43, 0.00s elapsed
15934Read data files from: /usr/bin/../share/nmap
15935OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
15936Nmap done: 1 IP address (1 host up) scanned in 268.95 seconds
15937 Raw packets sent: 89 (6.848KB) | Rcvd: 54 (3.658KB)
15938#######################################################################################################################################
15939Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-09 01:43 EDT
15940NSE: Loaded 45 scripts for scanning.
15941NSE: Script Pre-scanning.
15942Initiating NSE at 01:43
15943Completed NSE at 01:43, 0.00s elapsed
15944Initiating NSE at 01:43
15945Completed NSE at 01:43, 0.00s elapsed
15946Initiating Parallel DNS resolution of 1 host. at 01:43
15947Completed Parallel DNS resolution of 1 host. at 01:43, 0.02s elapsed
15948Initiating UDP Scan at 01:43
15949Scanning 157-7-107-254.virt.lolipop.jp (157.7.107.254) [14 ports]
15950Completed UDP Scan at 01:43, 1.24s elapsed (14 total ports)
15951Initiating Service scan at 01:43
15952Scanning 12 services on 157-7-107-254.virt.lolipop.jp (157.7.107.254)
15953Service scan Timing: About 16.67% done; ETC: 01:53 (0:08:10 remaining)
15954Completed Service scan at 01:45, 102.60s elapsed (12 services on 1 host)
15955Initiating OS detection (try #1) against 157-7-107-254.virt.lolipop.jp (157.7.107.254)
15956Retrying OS detection (try #2) against 157-7-107-254.virt.lolipop.jp (157.7.107.254)
15957Initiating Traceroute at 01:45
15958Completed Traceroute at 01:45, 7.08s elapsed
15959Initiating Parallel DNS resolution of 1 host. at 01:45
15960Completed Parallel DNS resolution of 1 host. at 01:45, 0.00s elapsed
15961NSE: Script scanning 157.7.107.254.
15962Initiating NSE at 01:45
15963Completed NSE at 01:45, 7.13s elapsed
15964Initiating NSE at 01:45
15965Completed NSE at 01:45, 1.02s elapsed
15966Nmap scan report for 157-7-107-254.virt.lolipop.jp (157.7.107.254)
15967Host is up (0.040s latency).
15968
15969PORT STATE SERVICE VERSION
1597053/udp open|filtered domain
1597167/udp open|filtered dhcps
1597268/udp open|filtered dhcpc
1597369/udp open|filtered tftp
1597488/udp open|filtered kerberos-sec
15975123/udp open|filtered ntp
15976137/udp filtered netbios-ns
15977138/udp filtered netbios-dgm
15978139/udp open|filtered netbios-ssn
15979161/udp open|filtered snmp
15980162/udp open|filtered snmptrap
15981389/udp open|filtered ldap
15982520/udp open|filtered route
159832049/udp open|filtered nfs
15984Too many fingerprints match this host to give specific OS details
15985
15986TRACEROUTE (using port 138/udp)
15987HOP RTT ADDRESS
159881 20.62 ms 10.244.200.1
159892 ... 3
159904 20.65 ms 10.244.200.1
159915 20.91 ms 10.244.200.1
159926 20.90 ms 10.244.200.1
159937 20.89 ms 10.244.200.1
159948 20.87 ms 10.244.200.1
159959 20.89 ms 10.244.200.1
1599610 20.89 ms 10.244.200.1
1599711 ... 18
1599819 22.78 ms 10.244.200.1
1599920 26.88 ms 10.244.200.1
1600021 ... 27
1600128 21.00 ms 10.244.200.1
1600229 ...
1600330 24.90 ms 10.244.200.1
16004
16005NSE: Script Post-scanning.
16006Initiating NSE at 01:45
16007Completed NSE at 01:45, 0.00s elapsed
16008Initiating NSE at 01:45
16009Completed NSE at 01:45, 0.00s elapsed
16010Read data files from: /usr/bin/../share/nmap
16011OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
16012Nmap done: 1 IP address (1 host up) scanned in 122.62 seconds
16013 Raw packets sent: 142 (9.284KB) | Rcvd: 37 (3.341KB)
16014#######################################################################################################################################
16015Hosts
16016=====
16017
16018address mac name os_name os_flavor os_sp purpose info comments
16019------- --- ---- ------- --------- ----- ------- ---- --------
16020157.7.107.254 157-7-107-254.virt.lolipop.jp embedded device
16021#######################################################################################################################################
16022Services
16023========
16024
16025host port proto name state info
16026---- ---- ----- ---- ----- ----
16027157.7.107.254 25 tcp smtp closed
16028157.7.107.254 53 udp domain unknown
16029157.7.107.254 67 udp dhcps unknown
16030157.7.107.254 68 udp dhcpc unknown
16031157.7.107.254 69 udp tftp unknown
16032157.7.107.254 80 tcp http open Apache httpd
16033157.7.107.254 88 udp kerberos-sec unknown
16034157.7.107.254 123 udp ntp unknown
16035157.7.107.254 137 udp netbios-ns filtered
16036157.7.107.254 138 udp netbios-dgm filtered
16037157.7.107.254 139 tcp netbios-ssn closed
16038157.7.107.254 139 udp netbios-ssn unknown
16039157.7.107.254 161 udp snmp unknown
16040157.7.107.254 162 udp snmptrap unknown
16041157.7.107.254 389 udp ldap unknown
16042157.7.107.254 443 tcp ssl/https open Apache
16043157.7.107.254 445 tcp microsoft-ds closed
16044157.7.107.254 520 udp route unknown
16045157.7.107.254 2049 udp nfs unknown
16046#######################################################################################################################################
16047---------------------------------------------------------------------------------------------------------------------------------------
16048+ Target IP: 157.7.107.254
16049+ Target Hostname: 157.7.107.254
16050+ Target Port: 80
16051+ Start Time: 2019-07-09 05:43:32 (GMT-4)
16052---------------------------------------------------------------------------------------------------------------------------------------
16053+ Server: Apache
16054+ The anti-clickjacking X-Frame-Options header is not present.
16055+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
16056+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
16057+ 26522 requests: 0 error(s) and 3 item(s) reported on remote host
16058+ End Time: 2019-07-09 07:44:46 (GMT-4) (7274 seconds)
16059--------------------------------------------------------------------------------------------------------------------------------------
16060#######################################################################################################################################
16061 Anonymous JTSEC #OpWhales Full Recon #13