Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Apache
There are 2,381 matching records.
Displaying matches 2,141 through 2,160.
Vuln ID Summary CVSS Severity
CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts.

Published: December 07, 2006; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-6071

TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.

Published: December 01, 2006; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2006-6047

Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Published: November 21, 2006; 7:07:00 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2006-5894

Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.

Published: November 14, 2006; 5:07:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-5733

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.

Published: November 06, 2006; 1:07:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4154

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

Published: October 16, 2006; 3:07:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-5263

Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.

Published: October 12, 2006; 6:07:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4994

Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.

Published: September 25, 2006; 10:07:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-4856

Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.

Published: September 19, 2006; 2:07:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

Published: September 12, 2006; 12:07:00 PM -0400
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2006-4636

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.

Published: September 08, 2006; 4:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4558

DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.

Published: September 05, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4191

Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.

Published: August 16, 2006; 9:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.

Published: August 14, 2006; 4:04:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-4004

Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Published: August 07, 2006; 3:04:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2006-3747

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

Published: July 28, 2006; 2:02:00 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2006-3918

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Published: July 27, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-3835

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

Published: July 25, 2006; 9:22:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3362

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-3102

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.

Published: June 20, 2006; 9:02:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM