National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,128 matching records.
Displaying matches 25941 through 25960.
Vuln ID Summary CVSS Severity
CVE-2001-0043

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0050

Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2001-0066

Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-0088

common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.

Published: February 16, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2000-0894

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2000-0895

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2000-0896

WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0026

rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-0067

The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0071

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-0072

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

Published: February 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2001-1357

Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1358

Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1468

PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.

Published: February 07, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1422

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1275

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Published: January 19, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Published: January 12, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2000-1095

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2000-1101

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

Published: January 09, 2001; 12:00:00 AM -05:00
V2: 5.0 MEDIUM