National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,891 matching records.
Displaying matches 25541 through 25560.
Vuln ID Summary CVSS Severity
CVE-2001-1020

edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.

Published: September 05, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0978

login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.

Published: September 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2000-1190

imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0965

glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0971

Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0973

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1008

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1009

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1025

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1027

Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1062

Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1154

Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.

Published: August 30, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1168

Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.

Published: August 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1379

The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.

Published: August 29, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1389

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.

Published: August 29, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1153

lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.

Published: August 28, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0556

The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0560

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0568

Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW