National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,136 matching records.
Displaying matches 25901 through 25920.
Vuln ID Summary CVSS Severity
CVE-2001-0318

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).

Published: June 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1028

Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1074

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-1336

CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1348

TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1349

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

Published: May 28, 2001; 12:00:00 AM -04:00
V2: 3.7 LOW
CVE-2001-1335

Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).

Published: May 27, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1327

pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1339

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1341

The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1347

Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.

Published: May 24, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1337

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.

Published: May 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1342

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

Published: May 12, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1332

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.

Published: May 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1333

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.

Published: May 10, 2001; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2001-0191

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0194

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0234

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0279

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

Published: May 03, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH