National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,705 matching records.
Displaying matches 26061 through 26080.
Vuln ID Summary CVSS Severity
CVE-2002-2327

Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.9 MEDIUM
CVE-2002-2328

Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.1 HIGH
CVE-2002-2329

ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.8 HIGH
CVE-2002-2330

Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2331

W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.8 MEDIUM
CVE-2002-2332

Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2333

Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2334

Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 3.6 LOW
CVE-2002-2335

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2336

Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2338

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2339

Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2340

Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2341

Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2343

Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2345

Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-2346

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2347

Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2348

Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2349

phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM