Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-17 | CVE-2013-2254 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Org.Apache.Sling.Servlets.Post 2.2.0/2.3.0 The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | 5.0 |
2013-09-30 | CVE-2013-5697 | SQL Injection vulnerability in Simone Tellini MOD Accounting 0.5 SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. | 7.5 |
2013-09-30 | CVE-2013-4316 | Improper Access Control vulnerability in multiple products Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | 10.0 |
2013-09-30 | CVE-2013-4310 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. | 5.8 |
2013-09-16 | CVE-2013-4277 | Permissions, Privileges, and Access Controls vulnerability in Apache Subversion Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. | 3.3 |
2013-08-23 | CVE-2013-1909 | Improper Input Validation vulnerability in multiple products The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2013-08-19 | CVE-2013-2136 | Cross-Site Scripting vulnerability in Apache Cloudstack Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings. | 4.3 |
2013-08-15 | CVE-2013-2250 | Improper Input Validation vulnerability in Apache Ofbiz Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions. | 10.0 |
2013-08-15 | CVE-2013-2137 | Cross-Site Scripting vulnerability in Apache Ofbiz Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-07-31 | CVE-2013-4156 | Out-of-bounds Write vulnerability in Apache Openoffice Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. | 6.8 |