CVE-2006-5752 (Medium) :
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP
Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows
remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets
with browsers that perform "charset detection" when the content-type is not specified.
CVE-2007-1862 (Medium) :
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels
of header data, which can cause Apache to return HTTP headers containing previously used data,
which could be used by remote attackers to obtain potentially sensitive information.
CVE-2007-1863 (Medium) :
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled
and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a
denial of service (child processing handler crash) via a request with the (1) s-maxage, (2)
max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
CVE-2007-3304 (Medium) :
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a
denial of service by modifying the worker_score and process_score arrays to reference an
arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1
killer."
CVE-2007-3847 (Medium) :
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a
threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy
process crash) via crafted date headers that trigger a buffer over-read.
CVE-2007-5000 (Medium) :
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server
1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache
HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via
unspecified vectors.
CVE-2007-6388 (Medium) :
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through
2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled,
allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6421 (Low) :
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache
HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via
the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
CVE-2007-6422 (Medium) :
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through
2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to
cause a denial of service (child process crash) via an invalid bb variable.
CVE-2008-0005 (Medium) :
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before
1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site
scripting (XSS) attacks using UTF-7 encoding.
CVE-2007-1543 (High) :
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network
Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a
long path slave name in a USL socket connection.
CVE-2007-1544 (Medium) :
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio
System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a large max_samples value.
CVE-2007-1545 (Medium) :
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a
SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent
client ID.
CVE-2007-1546 (Medium) :
Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to
cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements
function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function
in server/dia/auutil.c.
CVE-2007-1547 (High) :
The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before
1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple
simultaneous connections, which triggers a NULL pointer dereference.
CVE-2006-4089 (Medium) :
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers
to cause a denial of service (application crash), or have other unknown impact, via (1) a long
Location field sent by a web server, which triggers an overflow in the reconnect function in
reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file
for the playlist, which triggers overflows in new_list_item and CbUpdated in
interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers
an overflow in cddb_lookup in input/ccda/cdda_engine.c.
CVE-2007-5301 (Medium) :
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis
input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code
via a .OGG file with long comments.
Christian Wiese
Nagy Karoly Gabriel
Aldas Nabazas
Alejandro Mery