National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,616 matching records.
Displaying matches 26061 through 26080.
Vuln ID Summary CVSS Severity
CVE-2002-0082

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0083

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-0089

Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0090

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0091

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0092

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0020

Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0022

Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0055

SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0062

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0063

Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0067

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0068

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0069

Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 2.6 LOW
CVE-2002-0081

Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1377

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

Published: March 04, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0001

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.

Published: February 27, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0003

Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.

Published: February 27, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0048

Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.

Published: February 27, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-0012

Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.

Published: February 13, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH