National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,746 matching records.
Displaying matches 1541 through 1560.
Vuln ID Summary CVSS Severity
CVE-2006-1393

Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.

Published: March 26, 2006; 06:06:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2006-1346

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.

Published: March 21, 2006; 08:02:00 PM -05:00
    V2: 6.4 MEDIUM
CVE-2006-1292

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

Published: March 19, 2006; 06:02:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-1243

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.

Published: March 15, 2006; 12:06:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-0743

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.

Published: March 09, 2006; 03:02:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-1095

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

Published: March 09, 2006; 08:06:00 AM -05:00
    V2: 7.2 HIGH
CVE-2006-1078

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.

Published: March 08, 2006; 07:02:00 PM -05:00
    V2: 7.2 HIGH
CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.

Published: March 08, 2006; 07:02:00 PM -05:00
    V2: 7.2 HIGH
CVE-2006-0042

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

Published: February 18, 2006; 04:02:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-0254

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Published: January 17, 2006; 08:51:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2006-0144

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

Published: January 09, 2006; 06:03:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-0150

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.

Published: January 09, 2006; 06:03:00 PM -05:00
    V2: 7.5 HIGH
CVE-2005-1753

** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-1754

** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-3357

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 5.4 MEDIUM
CVE-2005-3630

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-3656

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2005-4703

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-4814

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 7.8 HIGH