National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,372 matching records.
Displaying matches 26541 through 26560.
Vuln ID Summary CVSS Severity
CVE-2002-0327

Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0330

Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0331

Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0332

Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0333

Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0334

xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0335

Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0336

Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0337

RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.4 MEDIUM
CVE-2002-0338

The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0339

Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0342

Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0343

Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by extracting the passwords.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0344

Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0345

Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0346

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0347

Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0348

service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0349

Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM