National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,701 matching records.
Displaying matches 27021 through 27040.
Vuln ID Summary CVSS Severity
CVE-2002-0197

psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0198

Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0200

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0201

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0202

PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 3.6 LOW
CVE-2002-0204

Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0205

Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0206

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0207

Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0208

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0209

Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0210

setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0211

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 6.2 MEDIUM
CVE-2002-0212

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0213

xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0214

Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0216

userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0217

Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0218

Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH