National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,692 matching records.
Displaying matches 26161 through 26180.
Vuln ID Summary CVSS Severity
CVE-2002-1279

Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-1281

Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1282

Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1285

runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-1287

Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1289

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1290

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2002-1291

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1293

The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1294

The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1295

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1306

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1311

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2002-1315

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2002-1316

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2002-1312

Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password.

Published: November 20, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0711

Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.

Published: November 12, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0869

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."

Published: November 12, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1180

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Published: November 12, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1181

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.

Published: November 12, 2002; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM