Filtered by vendor Apache
Subscribe
Total
2238 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0257 | 2 Apache, Usanet Creations | 2 Http Server, Makebid Auction Deluxe | 2016-10-18 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. | |||||
CVE-2002-0249 | 1 Apache | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | |||||
CVE-2002-0240 | 1 Apache | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | |||||
CVE-2000-1210 | 1 Apache | 1 Tomcat | 2016-10-18 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. | |||||
CVE-1999-1293 | 1 Apache | 1 Http Server | 2016-10-18 | 10.0 HIGH | N/A |
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. | |||||
CVE-2016-6801 | 2 Apache, Debian | 2 Jackrabbit, Debian Linux | 2016-10-04 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. | |||||
CVE-2016-5395 | 1 Apache | 1 Ranger | 2016-09-27 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. | |||||
CVE-2016-0760 | 1 Apache | 1 Sentry | 2016-08-22 | 6.5 MEDIUM | 8.8 HIGH |
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. | |||||
CVE-2009-3569 | 1 Apache | 1 Openoffice.org | 2016-08-17 | 9.3 HIGH | N/A |
Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2016-2174 | 1 Apache | 1 Ranger | 2016-06-14 | 6.5 MEDIUM | 7.2 HIGH |
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | |||||
CVE-2016-0707 | 1 Apache | 1 Ambari | 2016-05-18 | 2.1 LOW | 3.3 LOW |
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | |||||
CVE-2016-0731 | 1 Apache | 1 Ambari | 2016-05-18 | 4.0 MEDIUM | 4.9 MEDIUM |
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | |||||
CVE-2016-0735 | 1 Apache | 1 Ranger | 2016-04-19 | 6.5 MEDIUM | 8.8 HIGH |
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. | |||||
CVE-2016-2171 | 1 Apache | 1 Jetspeed | 2016-04-14 | 6.4 MEDIUM | 7.5 HIGH |
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | |||||
CVE-2015-8797 | 1 Apache | 1 Solr | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. | |||||
CVE-2015-8795 | 1 Apache | 1 Solr | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. | |||||
CVE-2015-7430 | 1 Apache | 1 Hadoop | 2016-01-07 | 4.6 MEDIUM | 8.4 HIGH |
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors. | |||||
CVE-2015-5204 | 1 Apache | 1 Cordova File Transfer | 2015-12-18 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. | |||||
CVE-2015-5210 | 1 Apache | 1 Ambari | 2015-11-04 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | |||||
CVE-2015-3270 | 1 Apache | 1 Ambari | 2015-11-04 | 6.5 MEDIUM | N/A |
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. |