Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2012-05-11	CVE-2012-1823	sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. network low complexity php fedoraproject debian hp opensuse suse apple redhat critical	9.8
2001-06-18	CVE-2001-0248	Incorrect Calculation of Buffer Size vulnerability in multiple products Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. network low complexity sgi hp CWE-131 critical	9.8
2001-06-18	CVE-2001-0249	Incorrect Calculation of Buffer Size vulnerability in multiple products Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. network low complexity hp oracle sgi CWE-131 critical	9.8