National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,391 matching records.
Displaying matches 26021 through 26040.
Vuln ID Summary CVSS Severity
CVE-2001-1236

myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1237

Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1255

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1296

More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1297

PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1298

Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1299

Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Published: October 02, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1252

Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.

Published: September 28, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1253

Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.

Published: September 27, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1383

initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.

Published: September 26, 2001; 12:00:00 AM -04:00
V2: 6.2 MEDIUM
CVE-2001-1032

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.

Published: September 24, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0508

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0636

Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0648

Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0653

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0668

Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0691

Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1369

Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.

Published: September 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1406

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.

Published: September 10, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-1407

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

Published: September 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH