Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1115 | 1 Nortel | 1 Succession Communication Server 2000 | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1114 | 1 Mediatrix Telecom | 1 Voip Access Devices And Gateways | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1113 | 1 Iptel | 1 Sip Express Router | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1112 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1111 | 1 Dynamicsoft | 1 Appengine | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1110 | 1 Columbia University | 1 Sipc | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1107 | 1 Microsoft | 1 Windows Media Player | 2017-07-11 | 5.1 MEDIUM | N/A |
| The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2003-1123 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 7.5 HIGH | N/A |
| Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model. | |||||
| CVE-2002-1238 | 1 Peter Sandvik | 1 Simple Web Server | 2017-07-11 | 7.5 HIGH | N/A |
| Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. | |||||
| CVE-2003-1104 | 1 Ibm | 1 Tivoli Firewall Toolbox | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2003-1103 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2003-1102 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code. | |||||
| CVE-2003-1122 | 1 Scriptlogic | 1 Scriptlogic | 2017-07-11 | 2.1 LOW | N/A |
| ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code. | |||||
| CVE-2003-1101 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message. | |||||
| CVE-2003-1100 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors. | |||||
| CVE-2003-1096 | 1 Cisco | 1 Leap | 2017-07-11 | 10.0 HIGH | N/A |
| The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. | |||||
| CVE-2003-1095 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. | |||||
| CVE-2003-1094 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.2 HIGH | N/A |
| BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. | |||||
| CVE-2003-1093 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. | |||||
| CVE-2003-1092 | 1 Christos Zoulas | 1 File 1 | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact. | |||||
| CVE-2003-1091 | 1 Apple | 1 Quicktime Broadcaster | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files. | |||||
| CVE-2003-1090 | 1 Celestial Software | 1 Absolutetelnet | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title. | |||||
| CVE-2003-1089 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message. | |||||
| CVE-2002-1283 | 1 Novell | 1 Emframe | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute. | |||||
| CVE-2003-1088 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | |||||
| CVE-2002-1286 | 1 Microsoft | 1 Java Virtual Machine | 2017-07-11 | 7.5 HIGH | N/A |
| The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. | |||||
| CVE-2003-1087 | 1 Hp | 1 Hp-ux | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic. | |||||
| CVE-2003-1085 | 1 Thomson | 2 Tcm Cable Modem, Tcw Cable Modem | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. | |||||
| CVE-2003-1084 | 1 Tildeslash | 1 Monit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. | |||||
| CVE-2003-1083 | 1 Tildeslash | 1 Monit | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2002-1310 | 1 Macromedia | 1 Jrun | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. | |||||
| CVE-2002-1312 | 1 Linksys | 9 Befn2ps4, Befsr11, Befsr41 and 6 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password. | |||||
| CVE-2002-1322 | 1 Rational Software | 1 Clearcase | 2017-07-11 | 5.0 MEDIUM | N/A |
| Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap. | |||||
| CVE-2002-1334 | 1 Bizdesign | 1 Imagefolio | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi. | |||||
| CVE-2002-1335 | 1 W3m | 1 W3m | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies. | |||||
| CVE-2002-1338 | 1 Microsoft | 1 Office Web Components | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files. | |||||
| CVE-2002-1353 | 1 Intranet-server | 1 Localweb2000 | 2017-07-11 | 5.0 MEDIUM | N/A |
| LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst. | |||||
| CVE-2002-1354 | 1 Typsoft | 1 Typsoft Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command. | |||||
| CVE-2003-1077 | 1 Sun | 1 Solaris | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang). | |||||
| CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-07-11 | 7.5 HIGH | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. | |||||
| CVE-2003-1074 | 1 Sun | 1 Solaris | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges. | |||||
| CVE-2002-1397 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 7.5 HIGH | N/A |
| Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. | |||||
| CVE-2003-1053 | 1 Xshisen | 1 Xshisen | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable. | |||||
| CVE-2003-1052 | 1 Ibm | 2 Db2, Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | |||||
| CVE-2003-1051 | 1 Ibm | 1 Db2 | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||||
| CVE-2003-1050 | 1 Ibm | 1 Db2 | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||||
| CVE-2003-1049 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 4.6 MEDIUM | N/A |
| IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | |||||
| CVE-2003-1043 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi. | |||||
| CVE-2003-1042 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name. | |||||
| CVE-2003-1039 | 1 Sap | 1 Mysap Business Suite | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server. | |||||