National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,009 matching records.
Displaying matches 25901 through 25920.
Vuln ID Summary CVSS Severity
CVE-2002-0476

Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0477

Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0478

The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0479

Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0481

An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.1 MEDIUM
CVE-2002-0482

Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0483

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0484

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0488

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0489

Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0490

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0491

admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0493

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0494

Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0495

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0496

The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0497

Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0498

Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0499

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW