National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,559 matching records.
Displaying matches 26381 through 26400.
Vuln ID Summary CVSS Severity
CVE-2001-0071

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

Published: February 12, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-0072

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

Published: February 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1357

Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.

Published: February 07, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1358

Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.

Published: February 07, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1468

PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.

Published: February 07, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Published: January 23, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1422

WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Published: January 23, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1275

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Published: January 19, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Published: January 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1095

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-1101

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1108

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2000-1134

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-1137

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2000-1162

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 3.7 LOW
CVE-2000-1163

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2000-1169

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2000-1178

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2000-1189

Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH