National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,103 matching records.
Displaying matches 25861 through 25880.
Vuln ID Summary CVSS Severity
CVE-2001-0906

teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.

Published: June 22, 2001; 12:00:00 AM -04:00
V2: 6.2 MEDIUM
CVE-2001-1276

ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.

Published: June 21, 2001; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2001-0383

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.

Published: June 18, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0408

vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.

Published: June 18, 2001; 12:00:00 AM -04:00
V2: 5.1 MEDIUM
CVE-2001-0414

Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.

Published: June 18, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1077

Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument.

Published: June 15, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0001

cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.

Published: June 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0318

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).

Published: June 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1028

Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1074

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1336

CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1348

TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1349

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 3.7 LOW
CVE-2001-1335

Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).

Published: May 27, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1327

pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1339

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1341

The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1347

Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1337

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.

Published: May 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM