CVSS: 9.8EPSS: 0%CPEs: 60EXPL: 0CVE-2008-2384 – mod_auth_mysql: character encoding SQL injection flaw
https://notcve.org/view.php?id=CVE-2008-2384
22 Jan 2009 — SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. Vulnerabilidad de inyección SQL en mod_auth_mysql.c en el módulo mod-auth-mysql (alias libapache2-mod-auth-mysql) para Apache HTTP Server 2.x, permite a ataca... • http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 10%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
06 Aug 2008 — Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 22%CPEs: 18EXPL: 0CVE-2008-2364 – httpd: mod_proxy_http DoS via excessive interim responses from the origin server
https://notcve.org/view.php?id=CVE-2008-2364
13 Jun 2008 — The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. La función ap_proxy_http_process_response en mod_proxy_http.c en el modulo mod_proxy en el Servidor HTTP Apache 2.0.63 y 2.2.8 no limita el número de respuestas de desvío provisionales, lo que permit... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 11%CPEs: 49EXPL: 2CVE-2008-2168 – Microsoft Internet Explorer 2 - UTF-7 HTTP Response Handling
https://notcve.org/view.php?id=CVE-2008-2168
13 May 2008 — Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. La vulnerabilidad de tipo cross-site-scripting (XSS) en Apache versión 2.2.6 y anteriores, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de direcciones URL codificadas UTF-7 que no se manejan apropiadamente cuando se muestra la página de error 4... • https://www.exploit-db.com/exploits/31759 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 67%CPEs: 9EXPL: 5CVE-2008-0455 – Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2008-0455
25 Jan 2008 — Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a req... • https://www.exploit-db.com/exploits/31052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2008-0456 – httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled
https://notcve.org/view.php?id=CVE-2008-0456
25 Jan 2008 — CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP re... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 26%CPEs: 10EXPL: 0CVE-2007-6420 – mod_proxy_balancer: mod_proxy_balancer CSRF
https://notcve.org/view.php?id=CVE-2007-6420
12 Jan 2008 — Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el controlador-balanceador en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.x, permite a los atacantes remotos conseguir privilegios por medio de vectores no especificados. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2007-6423
https://notcve.org/view.php?id=CVE-2007-6423
12 Jan 2008 — Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue ** CUESTIONABLE ** Vulnerabilidad no especificada en mod_proxy_balancer para Apache HTTP Server 2.2.x, en versiones anteriores a la 2.2.7-dev, cuando se ejecuta en Windows, permite que atacantes remotos provoquen una corrupción de memoria usando una URL larga. NOTA: el vende... • http://securityreason.com/securityalert/3523 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 8%CPEs: 8EXPL: 2CVE-2008-0005 – mod_proxy_ftp XSS
https://notcve.org/view.php?id=CVE-2008-0005
12 Jan 2008 — mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. mod_proxy_ftp en Apache 2.2.x antes de la versión 2.2.7-dev, 2.0.x antes de la2.0.62-dev, y 1.3.x antes de 1.3.40-dev, no define un conjunto de caracteres, lo que permite que atacantes remootos puedan llevar a cabo ataques de secuencias de comandos (XSS) en sitios cruzados usando una c... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 0CVE-2007-6421 – httpd mod_proxy_balancer cross-site scripting
https://notcve.org/view.php?id=CVE-2007-6421
08 Jan 2008 — Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. La vulnerabilidad de tipo cross-site-scripting (XSS) en el controlador-balanceador en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.0 hasta 2.2.6, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •