National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,230 matching records.
Displaying matches 25781 through 25800.
Vuln ID Summary CVSS Severity
CVE-2001-1201

Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.

Published: December 17, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1195

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.

Published: December 15, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1198

RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.

Published: December 15, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1214

manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.

Published: December 15, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

Published: December 13, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

Published: December 12, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-1190

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.

Published: December 12, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0890

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.

Published: December 11, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1186

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

Published: December 11, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1187

csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.

Published: December 11, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1185

Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.

Published: December 10, 2001; 12:00:00 AM -05:00
V2: 6.2 MEDIUM
CVE-2001-1184

wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.

Published: December 08, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0716

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0719

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0803

Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0817

Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0819

A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0822

FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0831

Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0834

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM