National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,198 matching records.
Displaying matches 26221 through 26240.
Vuln ID Summary CVSS Severity
CVE-2002-0801

Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0802

The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0803

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0804

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0805

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0806

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0807

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0808

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0809

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0810

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0812

Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2002-0813

Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.1 HIGH
CVE-2002-0814

Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0816

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0817

Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0818

wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0823

Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0824

BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 1.2 LOW
CVE-2002-0826

Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0827

Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH