CVE-2004-0594

MEDIUM Year: 2004
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Related Vulnerabilities

CVE-2019-5421

CRITICAL
CVSS:9.8(Critical)

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts...

CWE-3672019

CVE-2019-7249

CRITICAL
CVSS:9.8(Critical)

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with...

CWE-3672019

CVE-2023-33154

CRITICAL
CVSS:9.8(Critical)

Windows Partition Management Driver Elevation of Privilege Vulnerability

CWE-3672023

CVE-2024-27114

HIGH
CVSS:9.8(Critical)

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avail...

CWE-3672024

CVE-2024-28718

CRITICAL
CVSS:9.8(Critical)

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

CWE-3672024

CVE-2024-41779

CRITICAL
CVSS:9.8(Critical)

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted reques...

CWE-3672024