National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,385 matching records.
Displaying matches 25841 through 25860.
Vuln ID Summary CVSS Severity
CVE-2002-1254

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1317

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-1320

Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2002-1335

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

Published: December 11, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-0029

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1204

Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1219

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1220

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1221

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1247

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-1276

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-1279

Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-1281

Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1282

Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1285

runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-1287

Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1289

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1290

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM