National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,195 matching records.
Displaying matches 25801 through 25820.
Vuln ID Summary CVSS Severity
CVE-2002-0891

The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0892

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0893

Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0894

NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0895

Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0896

The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0897

LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0898

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0899

Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0900

Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0901

Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0903

register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0904

SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0905

Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0906

Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0907

Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0908

Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0909

Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0910

Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to.

Published: October 04, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH