National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,195 matching records.
Displaying matches 25641 through 25660.
Vuln ID Summary CVSS Severity
CVE-2002-1385

openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.

Published: December 26, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-1296

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-1345

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1341

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

Published: December 18, 2002; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2002-1342

Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.

Published: December 18, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

Published: December 18, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1185

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1186

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1187

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2002-1188

Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2002-1254

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-1320

Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2002-1335

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-0029

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1204

Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1219

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1220

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM