CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a
The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filena
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remo
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTT
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, w
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated us
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor e
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, all
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enfor
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token s
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not pro
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remot
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attacke
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x befo
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by pr
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infini
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identi
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user con
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. Thi
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidH
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The defaul
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s
Apache Karaf provides a features deployer, which allows users to 'hot deploy' a features XML by drop
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComple
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconf
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attac
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to over
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgra
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attack
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL fr
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordin
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apach
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vul
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive in
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) att
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable
The 'first name' and 'last name' fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetyp
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the ST
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands t
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND a
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulner
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-priv
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, p
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity pr
Apache kylin checks the legitimacy of the project before executing some commands with the project na
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their p
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not e
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead t
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote com
Usage of temporary files with insecure permissions by the Apache James server allows an attacker wit
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabili
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerab
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: f
When access to the 'admin' folder is not protected by some external authorization mechanisms e.g. Ap