National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,555 matching records.
Displaying matches 26101 through 26120.
Vuln ID Summary CVSS Severity
CVE-2001-1212

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1213

The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-1196

Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1199

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1200

Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1201

Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1195

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.

Published: December 15, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1198

RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.

Published: December 15, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1214

manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.

Published: December 15, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

Published: December 13, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

Published: December 12, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1190

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.

Published: December 12, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0890

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.

Published: December 11, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1186

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

Published: December 11, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1187

csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.

Published: December 11, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1185

Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.

Published: December 10, 2001; 12:00:00 AM -05:00
    V2: 6.2 MEDIUM
CVE-2001-1184

wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.

Published: December 08, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0716

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0719

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0803

Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH