CVE-2006-4110 – Apache 2.2.2 - CGI Script Source Code Information Disclosure
https://notcve.org/view.php?id=CVE-2006-4110
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. Apache 2.2.2, cuando se ejecuta en Windows, permite a atacantes remotos leer código fuente de programas CGI mediante una petición que contenga caracteres en mayúscula (o mayúsculas alternadas) que evitan la directiva ScripAlias sensible a mayúsculas y minúsculas, pero permiten el acceso al archivo en sistemas de ficheros insensibles a mayúsculas y minúsculas. • https://www.exploit-db.com/exploits/28365 http://secunia.com/advisories/21490 http://securityreason.com/securityalert/1370 http://www.osvdb.org/27913 http://www.securityfocus.com/archive/1/442882/100/0/threaded http://www.securityfocus.com/archive/1/443487/100/200/threaded http://www.securityfocus.com/bid/19447 http://www.vupen.com/english/advisories/2006/3265 https://exchange.xforce.ibmcloud.com/vulnerabilities/28357 •
CVE-2006-3747 – Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-3747
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.46 y otras versiones anteriores 2.0.59, y 2.2, cuando RewriteEngine está activo, permite a atacantes remotos provocar denegación de servicio (Caida de aplicación) y posiblemente ejecutar código a rtavés de URLs manipuladas que no se manejan de forma adecuada utilizando ciertas reglas de reescritura. • https://www.exploit-db.com/exploits/2237 https://www.exploit-db.com/exploits/3996 https://www.exploit-db.com/exploits/16752 https://www.exploit-db.com/exploits/3680 https://github.com/defensahacker/CVE-2006-3747 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://kbase.redhat.com/faq/FAQ_68_8653.shtm http:/ • CWE-189: Numeric Errors •
CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html http://secunia.com/advisories/18621 http://secunia.com/advisories/19712 http://secunia.com/advisories/19859 http://securityreason.com/securityalert/402 http://securityreason.com/securityalert/403 http://securitytracker.com/id?1015544 http://securitytracker.com/id?10 •