CVSS: 4.3EPSS: 12%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9 y en versiones anteriores a 2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un comodín en el último componente del directorio en el nombre de ruta en una URI FTPI. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://rhn.redhat.com/errata/RHSA-2008-0967.html http://secunia.com/advisories/31384 http://secunia.com/advisories/31673 http://secunia.com/advisories/32685 http://secunia.com/advisories/32838 http://secunia.com/advisories/33156&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 66%CPEs: 15EXPL: 0CVE-2007-5000 – httpd: mod_imagemap XSS
https://notcve.org/view.php?id=CVE-2007-5000
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 hasta 2.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 1CVE-2007-3304 – httpd scoreboard lack of PID protection
https://notcve.org/view.php?id=CVE-2007-3304
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." Apache httpd versiones 1.3.37, 2.0.59 y 2.2.4 con el módulo Prefork MPM, permite a los usuarios locales causar una denegación de servicio por la modificación de las matrices worker_score y process_score para hacer referencia a un ID de proceso arbitrario, al que se envía una señal SIGUSR1 desde el proceso maestro, también se conoce como "SIGUSR1 killer". • ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=186219 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.vmware.com/pipermail/security-announce/2009/000062.html& •
CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html http://secunia.com/advisories/18621 http://secunia.com/advisories/19712 http://secunia.com/advisories/19859 http://securityreason.com/securityalert/402 http://securityreason.com/securityalert/403 http://securitytracker.com/id?1015544 http://securitytracker.com/id?10 •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2005-3352 – httpd cross-site scripting flaw in mod_imap
https://notcve.org/view.php?id=CVE-2005-3352
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_imap de Apache httpd anteriores a 1.3.35-dev y Apache httpd 2.0.x anteriores a 2.0.56-dev permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el Referente cuando se usan mapas de imágenes. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •