National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,810 matching records.
Displaying matches 25801 through 25820.
Vuln ID Summary CVSS Severity
CVE-2002-0767

simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0768

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0769

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2002-0770

Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0771

Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2002-0772

Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2002-0773

imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0774

Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0776

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0777

Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0778

The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0779

FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0780

IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0781

RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0782

Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0783

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0784

Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot).

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0785

AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0786

iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0787

Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH