Displaying 20 results from an estimated 2000 matches similar to: "Backporting and Apache 2.0.52 is 4 1/2 years old"
2015 Aug 11
4
Apache mod_perl cross site scripting vulnerability
Hello,
I've failed latest PCI scan because of CVE-2009-0796. Centos 6.7. The
Red Hat Security Response Team has rated this issue as having moderate
security impact and bug as wontfix.
Explanation: The vulnerability affects non default configuration of
Apache HTTP web server, i.e cases, when access to Apache::Status and
Apache2::Status resources is explicitly allowed via <Location
2015 Aug 12
0
Apache mod_perl cross site scripting vulnerability
How about something like:
<Location /perl-status>
# disallow public access
Order Deny, Allow
Deny from all
Allow from 127.0.0.1
SetHandler perl-script
PerlResponseHandler Apache2::Status
</Location>
2015-08-11 14:46 GMT+03:00 Proxy One <proxy-one at mail.ru>:
> Hello,
>
> I've failed latest PCI scan because of
2014 Dec 08
2
ipset not actually blocking
i created an ipset and added 8.8.8.8 to it and used the same iptables
working all summer long but
?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or
iptables is broken.
Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and
actually tested that IP addresses that are supposed to be blacklisted are
actually blocked?
?
Filed CentOS bug report 7977
2009 Nov 16
3
There isn't package for httpd-2.0.52-41.ent.6.centos4 [centos announce list from 12.11.2009]
Hi.
There isn't a package httpd-2.0.52-41.ent.6.centos4 for centos4 in
UPDATES repo. There is only a httpd-2.0.52-41.ent.6.centos4.src.rpm in
SRC [http://mirror.centos.org/centos/4/updates/SRPMS/?C=M;O=D]
This is probably a bug. Package httpd doesn't build ?
Jancio Wodnik
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2006 May 05
4
Is sanitize() strong enough to protect me from XSS?
Haven''t been able to find a good enough answer on whether using
sanitize() is enough to really protect me from XSS attacks
I basically have a blog page that I want to allow people to display
comments on but would like to allow html tags to be posted on the
comments, these could html tags like the imageshack img tags, youtube
player, photobucket img tags etc
any other approaches or
2005 May 13
5
HTML sanitizer
Hello!
Does anybody know of a Ruby implementation of a HTML sanitizer that
prevents the attacks described on the xss cheatsheet?
(http://ha.ckers.org/xss.html)
I checked out the version Jamis wrote
(http://dev.rubyonrails.com/ticket/1277), but that only covers the
very basic attacks.
Anybody? Just figured I would ask before, before I reinvent the wheel..
Ciao!
Florian
2009 Mar 04
6
1 Server, Multiple Client Setup
Hello,
I have tried for days on end with no success on this, so I thought I would
post it here and see if someone can help me at all.
*Here's the scenario:*
I have 1 PC with a Static IP/Domain (a dyndns.org account -
myserver.homeip.net) connected to a router, which in turn is the gateway to
the internet. It also has a static local IP (192.168.1.2). I will call this
the "server"
2010 Oct 06
2
Multicast over Tinc
Would it be extremely difficult to do multicast over tinc?
How about reliable multicast over tinc?
This would be more traffic than multicast dns, but not _necessarily_
a great deal more.
It would be for syncing some information among freeipa domain controllers.
Would the tinc nodes need to be in all in switch or maybe even hub mode?
EthernetOverIP over tinc?
2016 Apr 22
4
tune2fs: Filesystem has unsupported feature(s) while trying to open
tune2fs against a LVM (albeit formatted with ext4) is not the same as
tune2fs against ext4.
Could this possibly be a machine where uptime has outlived its usefulness?
On Thu, Apr 21, 2016 at 10:02 PM, Chris Murphy <lists at colorremedies.com>
wrote:
> On Tue, Apr 19, 2016 at 10:51 AM, Matt Garman <matthew.garman at gmail.com>
> wrote:
>
>
> ># rpm -qf `which
2010 Feb 11
4
multiple addresses and multiple ports in Switch mode
i have a switched and bridged tincd node with two addresses, each with a
different port.
Address = 37.70.156.168 28655
Address = 192.168.2.228 655
i was having trouble reliably connecting to it / thru it and noticed that a
log from a remote tincd node indicated it may have mixed up the ports.
It doesn't appear to use the 28655 port that would be needed for remote
access. Before i
2015 Jun 13
2
C5 : Firefox 38 bug
On 06/12/2015 01:01 PM, Gordon Messmer wrote:
> On 06/13/2015 11:11 AM, jd1008 wrote:
>> All your browsing history, all cookies ...etc are open books
>> as far as many javascripts are concerned.
>
> Javascript can use CSS attributes to see if you've visited a specific
> URL, which is unfortunate, but that's a long way from saying that your
> history is an open
2013 Jan 14
3
tinc 1.1pre4 Win7x64 import does not recognize Unix EOL
[This email is either empty or too large to be displayed at this time]
2007 Jun 18
7
Testing for cross site scripting, etc.
Being new to testing and ruby, are there "standard" tests that can be
done that test for things like cross site scripting and friends?
If not, anyone have ideas on what I might do about testing those sorts
of things?
I''ll be using rails, also.
Mike B.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging
2014 Aug 10
3
ipset module loaded at startup on CentOS 6.5
Anybody on here successfully get ipset iptables sets to work _after_ a
reboot?
My question on StackExchange
http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade
Some of the things that need to be in place, otherwise iptables does not
load:
1.) The kernel module ip_set needs to be loaded.
2.) The "sets" need to be
2006 Jan 09
3
XSS prevention with Rails
Hi!
I wanna take a stab at implementing better XSS prevention for Rails.
This time for real =)
I''m wondering what would be the better way, clean everything up with
tidy first and then do the rest with regexp or regexp all the way?
Anybody done this before?
Thanks!
Ciao!
Florian
2006 Mar 10
3
Sweave scientific real display format (e.g. 5e-12)
Dear All,
I couldn't figure and couldn't google out how to make construct a pair of
\Sexpr s or a LaTeX macro that would include
5\cdot 10^{-12}
into the LaTeX output istead of
5e-12 .
Any ideas?
Thank you
G?bor
2012 Jul 29
4
R- Help (looping)
Hi,
I'm Wellington from Brazil and I have the following issue:
I've been working on a project a for a while, and I'm having trouble in
using the loop (for)
I need to read a column (c1), and for each value of this column, I need to
check if it's within the control limits
So, I was trying to do this:
For (k in 1: c1)
If (c1< lcl1 | c1 > ucl1) {here I
2004 May 26
7
File already in use?
Hi,
I'm running 3.0.4 and have had several reports from users both using Office
and Lotus where the application tells them that the file is already in use
when we know it isn't.
(BTW, there's a typo on the man page under "lock spin count". "acquired", not
"aquired".)
Chris
--
Chris Garrigues http://www.DeepEddy.Com/~cwg/
Trinsic
2015 Jun 13
4
C5 : Firefox 38 bug
On 06/12/2015 11:25 AM, m.roth at 5-cent.us wrote:
> jd1008 wrote:
>> On 06/12/2015 07:28 AM, g wrote:
>>> On 06/10/2015 03:56 AM, Always Learning wrote:
>>>> I displayed, as a web page, a list of search results created in PHP,
>>>> from MySQL.
>>> i am still using 24.8.0 and do not have to contend with all the
>>> bugs introduced by moz
2008 Jun 06
2
Messy Cookies
It looks like everyone has tried to fix the cookies lately, and no-one managed
to get it 100% correctly.
The current implementation doesn''t set the path correctly, and you can''t use
@cookies in a #service-overload.
Qwzybug''s patch fixed only the sessions.
Jenna''s patch won''t allow to set complex cookies (@cookies.key = {:path =>
"/path",