National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,553 matching records.
Displaying matches 25881 through 25900.
Vuln ID Summary CVSS Severity
CVE-2002-0207

Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0208

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0209

Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0210

setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0211

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 6.2 MEDIUM
CVE-2002-0212

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0213

xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0214

Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0216

userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0217

Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0218

Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0219

Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0220

phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0221

Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0222

Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0223

Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0224

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0225

tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0226

retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH