National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,834 matching records.
Displaying matches 25561 through 25580.
Vuln ID Summary CVSS Severity
CVE-2002-1045

Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1046

Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1047

The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1048

HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1049

Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1050

Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1051

Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-1052

Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1053

Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 6.8 MEDIUM
CVE-2002-1054

Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2002-1055

Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1057

Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1058

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-1059

Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1060

Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2002-1061

Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1062

Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1063

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1064

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1065

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH