National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,532 matching records.
Displaying matches 26061 through 26080.
Vuln ID Summary CVSS Severity
CVE-2001-1570

Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1571

The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1572

The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1207

Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA.

Published: December 30, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1210

Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.

Published: December 30, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-1202

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.

Published: December 28, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1204

Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

Published: December 28, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1223

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.

Published: December 26, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1225

Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.

Published: December 26, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.

Published: December 25, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1224

get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.

Published: December 23, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0869

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-1216

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1217

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1220

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1215

Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1212

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1213

The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-1196

Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH