National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,562 matching records.
Displaying matches 26101 through 26120.
Vuln ID Summary CVSS Severity
CVE-2001-1224

get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.

Published: December 23, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0869

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-1216

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1217

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1220

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1215

Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1212

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1213

The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-1196

Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1199

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1200

Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1201

Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1195

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.

Published: December 15, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1198

RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.

Published: December 15, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1214

manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.

Published: December 15, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

Published: December 13, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

Published: December 12, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1190

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.

Published: December 12, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0890

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.

Published: December 11, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW