National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,144 matching records.
Displaying matches 25801 through 25820.
Vuln ID Summary CVSS Severity
CVE-2001-1008

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1009

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1025

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1027

Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1062

Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1154

Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.

Published: August 30, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1168

Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.

Published: August 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1379

The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.

Published: August 29, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1389

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.

Published: August 29, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1153

lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.

Published: August 28, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0556

The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0560

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0568

Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0569

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0572

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1139

Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1150

Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1294

Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.

Published: August 22, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1133

Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.

Published: August 21, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-1166

linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.

Published: August 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM