National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,399 matching records.
Displaying matches 26201 through 26220.
Vuln ID Summary CVSS Severity
CVE-2002-0726

Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0727

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0860

The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0861

Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0971

Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0973

Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0974

Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0975

Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0976

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2002-0979

The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0980

The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0981

Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0984

The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0986

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0987

X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0988

Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0989

The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1120

Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1121

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH