National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,270 matching records.
Displaying matches 25841 through 25860.
Vuln ID Summary CVSS Severity
CVE-2001-0840

Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0841

Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0842

Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0843

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0844

Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0846

Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0848

join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0851

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0855

Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0857

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0858

Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0866

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1247

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-1272

wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2001-0945

Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.

Published: December 03, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1437

easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.

Published: December 01, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0550

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Published: November 30, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0912

Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.

Published: November 30, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0938

Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.

Published: November 30, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM