National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,259 matching records.
Displaying matches 25561 through 25580.
Vuln ID Summary CVSS Severity
CVE-2002-0267

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2002-0268

Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2002-0355

netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2002-0356

Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2002-0362

Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0374

Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0377

Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.

Published: May 29, 2002; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2002-1447

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.

Published: May 28, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1340

Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.

Published: May 21, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1334

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.

Published: May 19, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2002-0157

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2002-0171

IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0172

/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2002-0173

Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2002-0184

Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2002-0185

mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0196

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2002-0197

psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0198

Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.

Published: May 16, 2002; 12:00:00 AM -04:00
V2: 10.0 HIGH