mod proxy software vulnerabilities
vulnerabilities.aspcode.net
Searching mod proxy software vulnerabilities
mod_proxy in Apache 1.2.5 and earlier allows re
mod_proxy
|
Apache
|
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
The telnet proxy in RideWay PN proxy server all
connections
|
malformed
|
attackers
|
requests
|
service
|
RideWay
|
contain
|
denial
|
server
|
telnet
|
remote
|
allows
|
cause
|
proxy
|
flood
|
via
|
The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests.
violation.php3 in Phorum 3.0.7 allows remote at
violationphp3
|
Phorum
|
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
Buffer overflows in Avirt Gateway Suite 4.2 all
attackers
|
arbitrary
|
overflows
|
possibly
|
service
|
Gateway
|
execute
|
denial
|
remote
|
Buffer
|
Suite
|
Avirt
|
cause
|
allow
|
code
|
via
|
Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy.
Telnet proxy in Avirt Gateway Suite 4.2 does no
authentication
|
connecting
|
arbitrary
|
attackers
|
contents
|
commands
|
require
|
command
|
Gateway
|
execute
|
allows
|
Telnet
|
remote
|
system
|
itself
|
"dos"
|
which
|
Suite
|
proxy
|
Avirt
|
does
|
file
|
list
|
not
|
via
|
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command.
Vulnerability in Squid before 2.4.STABLE6 relat
authentication
|
Vulnerability
|
credentials
|
24STABLE6
|
password
|
related
|
remote
|
obtain
|
user's
|
before
|
sites
|
login
|
proxy
|
Squid
|
allow
|
may
|
web
|
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.
The HTTP proxy for Symantec Enterprise Firewall
Enterprise
|
Firewall
|
Symantec
|
proxy
|
HTTP
|
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
BEA WebLogic Server proxy plugin for BEA Weblog
attackers
|
WebLogic
|
Express
|
through
|
service
|
remote
|
Server
|
denial
|
plugin
|
allows
|
cause
|
proxy
|
BEA
|
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
HTTP Proxy in Sambar Server before 6.0 beta 6,
securityini
|
Server
|
before
|
Sambar
|
lacks
|
Proxy
|
HTTP
|
beta
|
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
Heap-based buffer overflow in proxy_util.c for
proxy_utilc
|
Heap-based
|
mod_proxy
|
overflow
|
Apache
|
buffer
|
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
Format string vulnerability in the mod_proxy ho
ssl_engine_logc
|
vulnerability
|
functions
|
mod_proxy
|
function
|
mod_ssl
|
Format
|
string
|
before
|
hook
|
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
The Telnet proxy in 602 Lan Suite 2004.0.04.090
Telnet
|
proxy
|
The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop.
Firefox before 1.0 and Mozilla before 1.7.5, wh
Mozilla
|
Firefox
|
before
|
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
The HTTP proxy service in Server Admin for Mac
service
|
Server
|
Admin
|
proxy
|
HTTP
|
Mac
|
The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy.
ExoticSoft FilePocket 1.2 stores sensitive prox
information
|
privileges
|
ExoticSoft
|
FilePocket
|
passwords
|
plaintext
|
including
|
sensitive
|
registry
|
allows
|
stores
|
users
|
proxy
|
which
|
local
|
gain
|
ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges.
Sun Update Connection in Sun Solaris 10, when c
authentication
|
configured
|
Connection
|
password
|
Solaris
|
allows
|
obtain
|
Update
|
users
|
local
|
proxy
|
Sun
|
via
|
web
|
use
|
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
mambo-phpshop
|
inclusion
|
Multiple
|
Scroller
|
modules
|
Product
|
Module
|
remote
|
other
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.
Directory traversal vulnerability in Apache HTT
vulnerability
|
Directory
|
traversal
|
Tomcat
|
before
|
Server
|
Apache
|
HTTP
|
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
config[pathMod]
|
inclusion
|
attackers
|
arbitrary
|
parameter
|
Multiple
|
indexphp
|
execute
|
earlier
|
remote
|
PMECMS
|
allow
|
file
|
code
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.
Buffer overflow in the fcgi_env_add function in
mod_proxy_backend_fastcgic
|
fcgi_env_add
|
mod_fastcgi
|
extension
|
lighttpd
|
overflow
|
function
|
before
|
Buffer
|
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Software vulnerabilities results 1 to 20 of 360
Page:
1
2
3
4
5
...
19
►