National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,419 matching records.
Displaying matches 26121 through 26140.
Vuln ID Summary CVSS Severity
CVE-2001-0503

Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0513

Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0514

SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0515

Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0516

Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0517

Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0518

Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0534

Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1257

Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1258

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 3.6 LOW
CVE-2001-1370

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.

Published: July 21, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1361

Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.

Published: July 19, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1363

Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.

Published: July 19, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1367

The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.

Published: July 19, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1375

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.

Published: July 19, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1030

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Published: July 18, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1241

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.

Published: July 17, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1242

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.

Published: July 17, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1279

Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.

Published: July 17, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

Published: July 16, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM