National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,103 matching records.
Displaying matches 25921 through 25940.
Vuln ID Summary CVSS Severity
CVE-2000-0895

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2000-0896

WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0026

rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0067

The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0071

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0072

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1357

Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1358

Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1468

PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1422

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1275

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Published: January 19, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Published: January 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-1095

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2000-1101

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-1108

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2000-1134

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2000-1137

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2000-1162

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 3.7 LOW
CVE-2000-1163

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 4.6 MEDIUM