National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,532 matching records.
Displaying matches 26121 through 26140.
Vuln ID Summary CVSS Severity
CVE-2001-0912

Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.

Published: November 30, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-0938

Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.

Published: November 30, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-0930

Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters.

Published: November 28, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0911

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.

Published: November 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0915

Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition.

Published: November 21, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-0916

Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition.

Published: November 21, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-0903

Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication.

Published: November 20, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0904

Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.

Published: November 20, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0900

Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.

Published: November 18, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1228

Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.

Published: November 18, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0899

Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.

Published: November 16, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0898

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.

Published: November 15, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0893

Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.

Published: November 13, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0535

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Published: October 30, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0669

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.

Published: October 30, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0713

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

Published: October 30, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0717

Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.

Published: October 30, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-0736

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

Published: October 18, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-0744

Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.

Published: October 18, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-0748

Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.

Published: October 18, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM