National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,136 matching records.
Displaying matches 25861 through 25880.
Vuln ID Summary CVSS Severity
CVE-2001-1144

Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

Published: July 11, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1141

The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.

Published: July 10, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1322

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.

Published: July 10, 2001; 12:00:00 AM -04:00
V2: 3.6 LOW
CVE-2001-1245

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.

Published: July 09, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1045

Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.

Published: July 06, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1408

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.

Published: July 05, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1243

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Published: July 04, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0387

Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0405

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0406

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0439

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0440

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1159

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1161

Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Published: June 30, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1248

vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).

Published: June 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1250

vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.

Published: June 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1251

SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.

Published: June 29, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0331

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0388

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH