| Max CVSS | 10.0 | Min CVSS | 5.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2004-0594 | 5.1 |
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of
|
15-02-2024 - 21:17 | 27-07-2004 - 04:00 | |
| CVE-2004-0940 | 6.9 |
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
|
02-02-2024 - 03:05 | 09-02-2005 - 05:00 | |
| CVE-2005-2700 | 10.0 |
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass inten
|
13-02-2023 - 01:16 | 06-09-2005 - 23:03 | |
| CVE-2004-0488 | 7.5 |
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subje
|
23-09-2022 - 15:23 | 07-07-2004 - 04:00 | |
| CVE-2004-0885 | 7.5 |
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host config
|
06-06-2021 - 11:15 | 03-11-2004 - 05:00 | |
| CVE-2003-0987 | 7.5 |
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
|
06-06-2021 - 11:15 | 03-03-2004 - 05:00 | |
| CVE-2003-0542 | 7.2 |
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9
|
06-06-2021 - 11:15 | 03-11-2003 - 05:00 | |
| CVE-2004-1018 | 10.0 |
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underfl
|
08-12-2020 - 18:49 | 10-01-2005 - 05:00 | |
| CVE-2004-0595 | 6.8 |
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explore
|
30-10-2018 - 16:25 | 27-07-2004 - 04:00 | |
| CVE-2004-1019 | 10.0 |
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free
|
30-10-2018 - 16:25 | 10-01-2005 - 05:00 |