National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,285 matching records.
Displaying matches 25801 through 25820.
Vuln ID Summary CVSS Severity
CVE-2001-1548

ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1549

Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1552

ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1556

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1559

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1560

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1561

Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1562

Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1564

setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1565

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1567

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1568

CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-1569

Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-1570

Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1571

The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1572

The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1207

Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA.

Published: December 30, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1210

Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.

Published: December 30, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-1202

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.

Published: December 28, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1204

Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

Published: December 28, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM