National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,872 matching records.
Displaying matches 25681 through 25700.
Vuln ID Summary CVSS Severity
CVE-2001-0143

vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0925

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0040

APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0042

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0043

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0050

Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0066

Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0088

common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2000-0894

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2000-0895

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2000-0896

WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0026

rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0067

The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0071

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0072

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1357

Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1358

Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1468

PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1422

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH