National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,026 matching records.
Displaying matches 25581 through 25600.
Vuln ID Summary CVSS Severity
CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

Published: December 13, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

Published: December 12, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-1190

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.

Published: December 12, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0890

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.

Published: December 11, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1186

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

Published: December 11, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1187

csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.

Published: December 11, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1185

Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.

Published: December 10, 2001; 12:00:00 AM -05:00
V2: 6.2 MEDIUM
CVE-2001-1184

wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.

Published: December 08, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0716

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0719

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0803

Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0817

Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0819

A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0822

FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0831

Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0834

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-0840

Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0841

Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0842

Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0843

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM