Page 13 of 91 results (0.026 seconds)

CVSS: 7.5EPSS: 70%CPEs: 10EXPL: 2

PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string. • https://www.exploit-db.com/exploits/21204 http://www.iss.net/security_center/static/7815.php http://www.securiteam.com/windowsntfocus/5ZP030U60U.html http://www.securityfocus.com/bid/3786 •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. • http://www.apache.org/dist/httpd/CHANGES_1.3 http://www.iss.net/security_center/static/8629.php http://www.securityfocus.com/bid/4358 •

CVSS: 2.6EPSS: 0%CPEs: 19EXPL: 0

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. Apache 1.3.27 y anteriores, y posiblemente versiones posteriores, puede permitir a usuarios locales leer o modificar el fichero de contraseñas de Apache mediante un ataque de enlaces simbólicos en ficheros temporales cuando el administrador de Apache corre htpasswd o htdigest. • http://marc.info/?l=bugtraq&m=103480856102007&w=2 http://www.debian.org/security/2002/dsa-187 http://www.debian.org/security/2002/dsa-188 http://www.debian.org/security/2002/dsa-195 http://www.iss.net/security_center/static/10412.php http://www.iss.net/security_center/static/10413.php http://www.securityfocus.com/bid/5981 http://www.securityfocus.com/bid/5990 •

CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta larga. • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http://online.securityfocus.com/advisories/ •