National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,885 matching records.
Displaying matches 25501 through 25520.
Vuln ID Summary CVSS Severity
CVE-2001-1460

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.

Published: October 13, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1227

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Published: October 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1278

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Published: October 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1147

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.

Published: October 08, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1156

TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.

Published: October 08, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0670

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

Published: October 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1048

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1049

Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1050

CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1051

Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1052

Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1054

PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1234

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1235

pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1236

myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1237

Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1255

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1296

More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1297

PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1298

Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM