National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,103 matching records.
Displaying matches 25681 through 25700.
Vuln ID Summary CVSS Severity
CVE-2001-0851

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0855

Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0857

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0858

Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0866

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1247

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-1272

wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0945

Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.

Published: December 03, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1437

easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.

Published: December 01, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0550

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Published: November 30, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0912

Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.

Published: November 30, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0938

Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.

Published: November 30, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-0930

Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters.

Published: November 28, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0911

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.

Published: November 21, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0915

Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition.

Published: November 21, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0916

Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition.

Published: November 21, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0903

Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication.

Published: November 20, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0904

Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.

Published: November 20, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0900

Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.

Published: November 18, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM