CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2008-2384 – mod_auth_mysql: character encoding SQL injection flaw
https://notcve.org/view.php?id=CVE-2008-2384
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. Vulnerabilidad de inyección SQL en mod_auth_mysql.c en el módulo mod-auth-mysql (alias libapache2-mod-auth-mysql) para Apache HTTP Server 2.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través de codificaciones de caracteres multibyte para entradas no especificadas. • http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html http://openwall.com/lists/oss-security/2009/01/21/10 http://secunia.com/advisories/33627 http://secunia.com/advisories/43302 http://www.redhat.com/support/errata/RHSA-2009-0259.html http://www.redhat.com/support/errata/RHSA-2010-1002. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 12%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9 y en versiones anteriores a 2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un comodín en el último componente del directorio en el nombre de ruta en una URI FTPI. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://rhn.redhat.com/errata/RHSA-2008-0967.html http://secunia.com/advisories/31384 http://secunia.com/advisories/31673 http://secunia.com/advisories/32685 http://secunia.com/advisories/32838 http://secunia.com/advisories/33156&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2008-2364 – httpd: mod_proxy_http DoS via excessive interim responses from the origin server
https://notcve.org/view.php?id=CVE-2008-2364
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. La función ap_proxy_http_process_response en mod_proxy_http.c en el modulo mod_proxy en el Servidor HTTP Apache 2.0.63 y 2.2.8 no limita el número de respuestas de desvío provisionales, lo que permite a servidores HTTP causar una denegación de servicio (memory consumption) a través de un gran número de respuestas provisionales. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://rhn.redhat.com/errata/RHSA-2008-0967.html http://secunia.com/advisories/30621 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 2%CPEs: 49EXPL: 2CVE-2008-2168 – Microsoft Internet Explorer 2 - UTF-7 HTTP Response Handling
https://notcve.org/view.php?id=CVE-2008-2168
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. La vulnerabilidad de tipo cross-site-scripting (XSS) en Apache versión 2.2.6 y anteriores, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de direcciones URL codificadas UTF-7 que no se manejan apropiadamente cuando se muestra la página de error 403 Forbidden . • https://www.exploit-db.com/exploits/31759 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/31651 http://secunia.com/advisories/34219 http://secunia.com/advisories/35650 http://securityreason.com/securityalert/3889 http://www.securityfocus.com/archive/1/491862/100/0/threaded http://www.securityfocus.com/archive/1/4919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 86%CPEs: 9EXPL: 5CVE-2008-0455 – Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2008-0455
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_negotiation de Apache HTTP Server 2.2.6 y anteriores en las series 2.2.x, 2.0.61 y anteriores en las series 2.0.x, y 1.3.39 y anteriores en las series 1.3.x permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección subiendo un fichero con un nombre que contiene secuencias XSS y una extensión de fichero, lo cual conduce conduce a la inyección en respuestas HTTP (1) "406 Not Acceptable" o (2) "300 Multiple Choices" cuando se omite la extensión en la petición del fichero. • https://www.exploit-db.com/exploits/31052 http://rhn.redhat.com/errata/RHSA-2012-1591.html http://rhn.redhat.com/errata/RHSA-2012-1592.html http://rhn.redhat.com/errata/RHSA-2012-1594.html http://rhn.redhat.com/errata/RHSA-2013-0130.html http://secunia.com/advisories/29348 http://secunia.com/advisories/51607 http://security.gentoo.org/glsa/glsa-200803-19.xml http://securityreason.com/securityalert/3575 http://securitytracker.com/id?1019256 http://www.mindedsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •