CVE-2007-1741
https://notcve.org/view.php?id=CVE-2007-1741
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." Múltiples condiciones de carrera en suexec en Apache HTTP Server (httpd) versión 2.2.3, entre la comprobación de directorios y archivos, y su uso, permiten a usuarios locales alcanzar privilegios y ejecutar código arbitrario mediante el cambio del nombre de los directorios o realizando ataques de tipo symlink. NOTA: el investigador, que es confiable, afirma que el proveedor cuestiona el problema porque "the attacks described rely on an insecure server configuration" en la que el usuario "has write access to the document root”. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=511 http://marc.info/?l=apache-httpd-dev&m=117511568709063&w=2 http://marc.info/?l=apache-httpd-dev&m=117511834512138&w=2 http://osvdb.org/38639 http://www.securityfocus.com/bid/23438 http://www.securitytracker.com/id?1017904 https://exchange.xforce.ibmcloud.com/vulnerabilities/33584 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2006-4154
https://notcve.org/view.php?id=CVE-2006-4154
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. Vulnerabilidad de cadena de formato en el módulo mod_tcl 1.0 para Apache 2.x permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante especificadores de cadena de formato que no se manejan adecuadamente en una llamada a la función set_var en (1) tcl_cmds.c y (2) tcl_core.c. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421 http://secunia.com/advisories/22458 http://secunia.com/advisories/22549 http://security.gentoo.org/glsa/glsa-200610-12.xml http://securitytracker.com/id?1017062 http://www.kb.cert.org/vuls/id/366020 http://www.osvdb.org/29536 http://www.securityfocus.com/bid/20527 http://www.vupen.com/english/advisories/2006/4033 https://exchange.xforce.ibmcloud.com/vulnerabilities/29550 •
CVE-2006-4110 – Apache 2.2.2 - CGI Script Source Code Information Disclosure
https://notcve.org/view.php?id=CVE-2006-4110
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. Apache 2.2.2, cuando se ejecuta en Windows, permite a atacantes remotos leer código fuente de programas CGI mediante una petición que contenga caracteres en mayúscula (o mayúsculas alternadas) que evitan la directiva ScripAlias sensible a mayúsculas y minúsculas, pero permiten el acceso al archivo en sistemas de ficheros insensibles a mayúsculas y minúsculas. • https://www.exploit-db.com/exploits/28365 http://secunia.com/advisories/21490 http://securityreason.com/securityalert/1370 http://www.osvdb.org/27913 http://www.securityfocus.com/archive/1/442882/100/0/threaded http://www.securityfocus.com/archive/1/443487/100/200/threaded http://www.securityfocus.com/bid/19447 http://www.vupen.com/english/advisories/2006/3265 https://exchange.xforce.ibmcloud.com/vulnerabilities/28357 •
CVE-2006-3747 – Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-3747
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.46 y otras versiones anteriores 2.0.59, y 2.2, cuando RewriteEngine está activo, permite a atacantes remotos provocar denegación de servicio (Caida de aplicación) y posiblemente ejecutar código a rtavés de URLs manipuladas que no se manejan de forma adecuada utilizando ciertas reglas de reescritura. • https://www.exploit-db.com/exploits/2237 https://www.exploit-db.com/exploits/3996 https://www.exploit-db.com/exploits/16752 https://www.exploit-db.com/exploits/3680 https://github.com/defensahacker/CVE-2006-3747 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://kbase.redhat.com/faq/FAQ_68_8653.shtm http:/ • CWE-189: Numeric Errors •
CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html http://secunia.com/advisories/18621 http://secunia.com/advisories/19712 http://secunia.com/advisories/19859 http://securityreason.com/securityalert/402 http://securityreason.com/securityalert/403 http://securitytracker.com/id?1015544 http://securitytracker.com/id?10 •