National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,231 matching records.
Displaying matches 25541 through 25560.
Vuln ID Summary CVSS Severity
CVE-2002-1447

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.

Published: May 28, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1340

Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.

Published: May 21, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1334

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.

Published: May 19, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2002-0157

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2002-0171

IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0172

/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2002-0173

Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2002-0184

Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2002-0185

mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0196

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2002-0197

psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0198

Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2002-0200

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2002-0201

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2002-0202

PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 3.6 LOW
CVE-2002-0204

Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0205

Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0206

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0207

Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0208

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM