Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
There are 28,644 matching records.
Displaying matches 27,181 through 27,200.
Vuln ID Summary CVSS Severity
CVE-2002-1215

Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-1217

Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-1222

Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2002-1223

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-1224

Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-1225

Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2002-1227

PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-1228

Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-1229

Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.

Published: October 28, 2002; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0839

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0863

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0864

The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0865

A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0866

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2002-0867

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2002-0969

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2002-1138

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."

Published: October 11, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH