National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,839 matching records.
Displaying matches 27341 through 27360.
Vuln ID Summary CVSS Severity
CVE-2001-1534

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1535

Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-1536

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1537

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1538

SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1539

Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1540

IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1541

Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-1542

NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1543

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1544

Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1545

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1546

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-1547

Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1548

ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1549

Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1552

ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1556

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1559

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1560

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW