National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,103 matching records.
Displaying matches 25881 through 25900.
Vuln ID Summary CVSS Severity
CVE-2001-1342

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

Published: May 12, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1332

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.

Published: May 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1333

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.

Published: May 10, 2001; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2001-0191

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0194

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0234

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0279

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0289

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0292

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0320

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0321

opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0169

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Published: March 26, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0178

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

Published: March 26, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0201

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program.

Published: March 26, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0222

webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.

Published: March 26, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-1999-0729

Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-1999-0945

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0108

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0116

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2001-0117

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

Published: March 12, 2001; 12:00:00 AM -05:00
V2: 1.2 LOW