Mandriva Linux Security Advisory 2012-182 - Multiple vulnerabilities has been discovered and corrected in ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting attacks.
369ce6a7e151a229d7375ff65beba434e2f508b28ac4f84b53550bbada3693bfMandriva Linux Security Advisory 2012-118 - A vulnerability has been discovered and corrected in ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. The updated packages have been patched to correct this issue.
5d1ed50858951c79497ef1650fc6a7b1c640f77f054e6d9d388ab3d95f9188ebDebian Linux Security Advisory 2506-1 - Qualys Vulnerability and Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.
268fa7526f03a156888745c47b7f004f546de02d75ff3065034b7484a643b7e5Parodia versions 6.8 and below suffer from multiple remote SQL injection vulnerabilities.
3346fbc895106be67797c2ad22951a0528f242762f726de17bfbffbe295c2925
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed