National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,708 matching records.
Displaying matches 27241 through 27260.
Vuln ID Summary CVSS Severity
CVE-2001-1210

Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.

Published: December 30, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-1202

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.

Published: December 28, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1204

Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

Published: December 28, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1223

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.

Published: December 26, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1225

Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.

Published: December 26, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.

Published: December 25, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1224

get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.

Published: December 23, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0869

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-1216

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1217

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1220

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1215

Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1212

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1213

The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-1196

Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1199

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1200

Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1201

Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.

Published: December 17, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1195

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.

Published: December 15, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH