National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,423 matching records.
Displaying matches 26141 through 26160.
Vuln ID Summary CVSS Severity
CVE-2001-1241

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.

Published: July 17, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1242

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.

Published: July 17, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1279

Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.

Published: July 17, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

Published: July 16, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1142

ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.

Published: July 12, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1267

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

Published: July 12, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-1143

IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.

Published: July 11, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1144

Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

Published: July 11, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1141

The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.

Published: July 10, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1322

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.

Published: July 10, 2001; 12:00:00 AM -04:00
V2: 3.6 LOW
CVE-2001-1245

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.

Published: July 09, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1045

Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.

Published: July 06, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1408

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.

Published: July 05, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1243

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Published: July 04, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0387

Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0405

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0406

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-0439

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0440

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1159

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Published: July 02, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH