Search
Search Results (49 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3389 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | ||||
| CVE-2006-4020 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Application Stack and 1 more | 2026-04-16 | N/A |
| scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. | ||||
| CVE-2004-0594 | 7 Avaya, Debian, Hp and 4 more | 9 Converged Communications Server, Debian Linux, Hp-ux and 6 more | 2026-04-16 | N/A |
| The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | ||||
| CVE-2002-0843 | 3 Apache, Oracle, Redhat | 8 Http Server, Application Server, Database Server and 5 more | 2026-04-16 | N/A |
| Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | ||||
| CVE-2002-1148 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2026-04-16 | N/A |
| The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | ||||
| CVE-2002-1157 | 2 Mod Ssl, Redhat | 5 Mod Ssl, Enterprise Linux, Linux and 2 more | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. | ||||
| CVE-2005-3390 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. | ||||
| CVE-2003-0020 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Linux and 2 more | 2026-04-16 | N/A |
| Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. | ||||
| CVE-2004-0488 | 3 Apache, Debian, Redhat | 8 Http Server, Debian Linux, Enterprise Linux and 5 more | 2026-04-16 | N/A |
| Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. | ||||