National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,889 matching records.
Displaying matches 25661 through 25680.
Vuln ID Summary CVSS Severity
CVE-2001-1327

pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1339

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1341

The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1347

Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1337

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.

Published: May 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1342

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

Published: May 12, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1332

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.

Published: May 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1333

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.

Published: May 10, 2001; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2001-0191

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0194

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0234

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0279

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0289

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0292

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0320

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0321

opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0169

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Published: March 26, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0178

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

Published: March 26, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0201

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program.

Published: March 26, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH