National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,866 matching records.
Displaying matches 25601 through 25620.
Vuln ID Summary CVSS Severity
CVE-2001-0439

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0440

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1159

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1161

Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Published: June 30, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1248

vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).

Published: June 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1250

vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.

Published: June 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1251

SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.

Published: June 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0331

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0388

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0416

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0442

Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0458

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0473

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0474

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0475

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0478

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0479

Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0481

Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH