National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,196 matching records.
Displaying matches 26341 through 26360.
Vuln ID Summary CVSS Severity
CVE-2002-0573

Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0574

Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0615

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0621

Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0622

The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0623

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0631

Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges.

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0639

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0651

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1300

Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0146

fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0312

Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0313

Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0314

fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0315

fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0316

Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0317

Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0318

FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0319

Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0320

Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH