Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Apache
There are 2,380 matching records.
Displaying matches 2,121 through 2,140.
Vuln ID Summary CVSS Severity
CVE-2007-1491

Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.

Published: March 16, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 5.2 MEDIUM
CVE-2007-0774

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

Published: March 04, 2007; 5:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-7098

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.

Published: March 03, 2007; 2:19:00 PM -0500
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2007-0451

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."

Published: February 16, 2007; 2:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0975

Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.

Published: February 15, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0930

Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.

Published: February 14, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0792

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

Published: February 06, 2007; 2:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0637

Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.

Published: January 31, 2007; 4:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0419

The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).

Published: January 22, 2007; 7:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0173

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Published: January 10, 2007; 7:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-0086

** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

Published: January 05, 2007; 1:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-0098

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

Published: January 05, 2007; 1:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-6869

Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.

Published: December 31, 2006; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-6675

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

Published: December 20, 2006; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-6613

Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

Published: December 17, 2006; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-6587

Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.

Published: December 15, 2006; 2:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.

Published: December 15, 2006; 2:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-6589

Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.

Published: December 15, 2006; 2:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-6445

Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.

Published: December 10, 2006; 4:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts.

Published: December 07, 2006; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM