National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,411 matching records.
Displaying matches 27141 through 27160.
Vuln ID Summary CVSS Severity
CVE-2001-1408

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.

Published: July 05, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1243

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Published: July 04, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0387

Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0405

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0406

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-0439

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0440

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1159

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1161

Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Published: June 30, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1248

vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).

Published: June 29, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1250

vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.

Published: June 29, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1251

SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.

Published: June 29, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0331

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0388

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2001-0416

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0442

Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0458

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0473

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH