Searching mod software vulnerabilities

Vulnerability in Apache httpd before 1.3.11, wh

Vulnerability | before | Apache | httpd |

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.


The default installation of Apache before 1.3.1

installation | default | before | Apache |

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.


The PostgreSQL authentication modules (1) mod_a

authentication | PostgreSQL | modules |

The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.


Buffer overflow in mod_bf 0.2 allows local user

arbitrary | commands | overflow | execute | script | Buffer | mod_bf | allows | local | users | long | via |

Buffer overflow in mod_bf 0.2 allows local users execute arbitrary commands via a long script.


Buffer overflows in fpexec in mod_frontpage bef

mod_frontpage | overflows | before | Buffer | fpexec |

Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.


Multiple stack-based buffer overflows in (1) mo

stack-based | overflows | Multiple | buffer |

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.


Stack-based buffer overflow in mod_gzip_printf

mod_gzip_printf | Stack-based | attackers | arbitrary | filename | official | versions | possibly | mod_gzip | overflow | execute | running | earlier | request | 13261a | buffer | allows | remote | debug | later | long | mode | code | via | GET |

Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header.


Format string vulnerability in mod_gzip_printf

mod_gzip_printf | vulnerability | characters | attackers | arbitrary | possibly | official | mod_gzip | versions | execute | request | running | earlier | remote | 13261a | Format | string | allows | Apache | later | debug | using | HTTP | code | mode | GET | via | log |

Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.


mod_digest for Apache before 1.3.31 does not pr

mod_digest | before | Apache |

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.


Stack-based buffer overflow in the ssl_util_uue

ssl_util_uuencode_binary | certificate | Stack-based | configured | arbitrary | attackers | ssl_utilc | overflow | function | subject | execute | mod_ssl | issuing | Apache | buffer | client | remote | allow | trust | code | long | may | via |

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.


Attachment Mod 2.3.10 module for phpBB, when us

Attachment | Mod |

Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.


The publisher handler for mod_python 2.7.8 and

mod_python | publisher | handler |

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.


Unknown vulnerability in Attachment Mod before

vulnerability | Attachment | Unknown | before | Mod |

Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | componentphp | inclusion | Multiple | iManage | remote | file | CMS | PHP |

Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | mambo-phpshop | inclusion | Multiple | Scroller | modules | Product | Module | remote | other | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.


Multiple SQL injection vulnerabilities in mod.p

vulnerabilities | eNdonesia | attackers | arbitrary | injection | commands | Multiple | execute | modphp | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.


PHP remote file inclusion vulnerability in incl

includes/functions_mod_userphp | vulnerability | inclusion | Import | remote | phpBB | Tools | file | Mod | PHP |

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.


Unspecified vulnerability in the mod_roster_odb

mod_roster_odbc | vulnerability | Unspecified | ejabberd | before | module |

Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.


Cross-site scripting (XSS) vulnerability in mod

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.


lighttpd 1.4.15, when run on 32 bit platforms,

lighttpd |

lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.


Software vulnerabilities results 1 to 20 of 200     
Page: 12345...11