exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2008-2939

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Related Files

HP Security Bulletin HPSBMA02442 SSRT090108
Posted May 27, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, xss, csrf
advisories | CVE-2008-2939, CVE-2008-2364, CVE-2008-0005, CVE-2007-6422, CVE-2007-6421, CVE-2007-6420, CVE-2007-6388, CVE-2007-5000
MD5 | c181d7205982511112c606a310d11c7f
Mandriva Linux Security Advisory 2009-323
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-323 - Multiple vulnerabilities has been found and corrected in apache. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1678, CVE-2008-2939, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
MD5 | ed48863f815c1c13d770f6bfd28192a4
HP Security Bulletin HPSBUX02465 SSRT090192
Posted Oct 23, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624
MD5 | 542dd2645cfbb001f79ef70d92474c78
Mandriva Linux Security Advisory 2009-124
Posted Jul 8, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-124-1 - Multiple vulnerabilities have been found and corrected in apache. These include a cross site scripting vulnerability in proxy_ftp.c in the mod_proxy_ftp module, a memory leak relating to OpenSSL, and a local privilege escalation issue.

tags | advisory, local, vulnerability, xss, memory leak
systems | linux, mandriva
advisories | CVE-2008-1678, CVE-2008-2939, CVE-2009-1195
MD5 | b44198d7a0653346d60c49a198f9cf15
Mandriva Linux Security Advisory 2009-124
Posted Jun 2, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-124 - Multiple vulnerabilities has been found and corrected in apache including a memory leak in libssl, a cross site scripting vulnerability in proxy_ftp.c, and a local privilege escalation issue.

tags | advisory, local, vulnerability, xss, memory leak
systems | linux, mandriva
advisories | CVE-2008-1678, CVE-2008-2939, CVE-2009-1195
MD5 | 3fb50aef7544989c3dda8f72236b9005
Ubuntu Security Notice 731-1
Posted Mar 10, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-731-1 - Various cross site scripting and cross site request forgery issues have been addressed in the Apache2 package.

tags | advisory, xss, csrf
systems | linux, ubuntu
advisories | CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168, CVE-2008-2364, CVE-2008-2939
MD5 | e670ed375b04a6647fdd25c9dbdbdc9e
HP Security Bulletin 2009-00.5
Posted Feb 4, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, arbitrary, vulnerability, xss, csrf
systems | hpux
advisories | CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
MD5 | 1dd7e90e5dc309f630820d66164b337f
Mandriva Linux Security Advisory 2008-195
Posted Sep 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI. The updated packages have been patched to prevent these issues.

tags | advisory, remote, web, denial of service, arbitrary, xss
systems | linux, mandriva
advisories | CVE-2008-2364, CVE-2008-2939
MD5 | addfe8bb10414474df3188e2f738d162
Mandriva Linux Security Advisory 2008-194
Posted Sep 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI. The updated packages have been patched to prevent these issues.

tags | advisory, remote, web, arbitrary, xss
systems | linux, mandriva
advisories | CVE-2008-2939
MD5 | 2a92b31b1b54d145f09994eaeaccd3db
Rapid7 Security Advisory 33
Posted Aug 6, 2008
Authored by Rapid7, Marc Bevand | Site rapid7.com

Rapid7 Security Advisory - mod_proxy_ftp as included with Apache versions 2.2.9 and below and 2.0.63 and below suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2008-2939
MD5 | 73778b192812cc7c34ee3de05400e251
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close