National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,546 matching records.
Displaying matches 25341 through 25360.
Vuln ID Summary CVSS Severity
CVE-2001-0108

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0116

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0117

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0118

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0119

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0120

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0125

exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0128

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0136

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0138

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0140

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0141

mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0142

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0143

vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0925

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0040

APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0042

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0043

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0050

Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH