National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,676 matching records.
Displaying matches 1461 through 1480.
Vuln ID Summary CVSS Severity
CVE-2006-2831

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

Published: June 05, 2006; 08:02:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-2806

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

Published: June 05, 2006; 01:02:00 PM -04:00
    V2: 7.8 HIGH
CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Published: June 01, 2006; 06:02:00 AM -04:00
    V2: 5.1 MEDIUM
CVE-2006-2514

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

Published: May 22, 2006; 06:02:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-2330

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.

Published: May 11, 2006; 08:02:00 PM -04:00
    V2: 6.4 MEDIUM
CVE-2006-1777

Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.

Published: April 13, 2006; 06:02:00 AM -04:00
    V2: 7.5 HIGH
CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.

Published: March 31, 2006; 06:06:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2006-1546

Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.

Published: March 30, 2006; 05:02:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-1547

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Published: March 30, 2006; 05:02:00 PM -05:00
    V2: 7.8 HIGH
CVE-2006-1548

Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.

Published: March 30, 2006; 05:02:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2006-1393

Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.

Published: March 26, 2006; 06:06:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2006-1346

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.

Published: March 21, 2006; 08:02:00 PM -05:00
    V2: 6.4 MEDIUM
CVE-2006-1292

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

Published: March 19, 2006; 06:02:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-1243

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.

Published: March 15, 2006; 12:06:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-0743

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.

Published: March 09, 2006; 03:02:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-1095

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

Published: March 09, 2006; 08:06:00 AM -05:00
    V2: 7.2 HIGH
CVE-2006-1078

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.

Published: March 08, 2006; 07:02:00 PM -05:00
    V2: 7.2 HIGH
CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.

Published: March 08, 2006; 07:02:00 PM -05:00
    V2: 7.2 HIGH
CVE-2006-0042

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

Published: February 18, 2006; 04:02:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-0254

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Published: January 17, 2006; 08:51:00 PM -05:00
    V2: 4.3 MEDIUM