National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,423 matching records.
Displaying matches 26061 through 26080.
Vuln ID Summary CVSS Severity
CVE-2001-1253

Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.

Published: September 27, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1383

initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.

Published: September 26, 2001; 12:00:00 AM -04:00
V2: 6.2 MEDIUM
CVE-2001-1032

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.

Published: September 24, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0508

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0636

Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0648

Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0653

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0668

Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0691

Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.

Published: September 20, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1369

Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.

Published: September 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1406

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.

Published: September 10, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-1407

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

Published: September 10, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1020

edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.

Published: September 05, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0978

login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.

Published: September 03, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2000-1190

imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0965

glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0971

Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0973

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1008

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.

Published: August 31, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH