National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,672 matching records.
Displaying matches 26221 through 26240.
Vuln ID Summary CVSS Severity
CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0863

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0864

The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0865

A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0866

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0867

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0969

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-1138

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1139

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1140

The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1141

An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1146

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1147

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 7.1 HIGH
CVE-2002-1148

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1149

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1150

The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-1151

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1152

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-1153

IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-1154

anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.

Published: October 11, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM