Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-03 | CVE-2007-5797 | Improper Authentication vulnerability in Apache Geronimo SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | 7.5 |
| 2007-10-30 | CVE-2007-5731 | Path Traversal vulnerability in Apache Jakarta Slide 2.1 Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. | 3.5 |
| 2007-10-01 | CVE-2007-5156 | Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. | 6.8 |
| 2007-09-26 | CVE-2007-5085 | Improper Authentication vulnerability in Apache Geronimo 2.0.1/2.1 Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors. | 5.0 |
| 2007-09-18 | CVE-2007-2834 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. | 9.3 |
| 2007-09-05 | CVE-2007-4724 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Tomcat 4.1.31 Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. | 4.3 |
| 2007-08-27 | CVE-2007-4548 | Improper Authentication vulnerability in Apache Geronimo 2.0 The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. | 10.0 |
| 2007-08-14 | CVE-2007-3386 | Cross-Site Scripting vulnerability in Apache Tomcat Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | 4.3 |
| 2007-08-08 | CVE-2007-3384 | Cross-Site Scripting vulnerability in Apache Tomcat Error Message Reporting Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. network apache | 4.3 |
| 2007-07-05 | CVE-2006-7217 | Remote Security vulnerability in Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. | 4.0 |