National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,259 matching records.
Displaying matches 25661 through 25680.
Vuln ID Summary CVSS Severity
CVE-2002-0104

AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0105

CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2002-0106

BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0107

Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0108

Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-0109

Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2002-0110

Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2002-0111

Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-0112

Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0113

EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2002-0114

EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2002-0115

Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0116

Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0117

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-0118

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-0119

Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0120

Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2002-0121

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2002-0122

Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0123

MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH