Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
There are 28,458 matching records.
Displaying matches 27,061 through 27,080.
Vuln ID Summary CVSS Severity
CVE-2002-0887

scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2002-0888

3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0889

Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2002-0891

The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0892

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0893

Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0894

NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0895

Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0896

The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0897

LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0898

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0899

Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0900

Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0901

Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0903

register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0904

SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0905

Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2002-0906

Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0907

Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".

Published: October 04, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH