Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0930 | 1 Clearswift | 1 Mailsweeper | 2016-10-18 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy. | |||||
| CVE-2003-0974 | 1 Applied Watch Technologies | 1 Applied Watch Command Center | 2016-10-18 | 7.5 HIGH | N/A |
| Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c. | |||||
| CVE-2003-0850 | 2 Dug Song, Rafal Wojtczuk | 2 Dsniff, Libnids | 2016-10-18 | 7.5 HIGH | N/A |
| The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets." | |||||
| CVE-2003-0849 | 1 Gnu | 1 Cfengine | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. | |||||
| CVE-2003-0767 | 1 Gamespy | 2 Roger Wilco Dedicated Server, Roger Wilco Graphical Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value. | |||||
| CVE-2003-0770 | 1 Ikonboard.com | 1 Ikonboard | 2016-10-18 | 7.5 HIGH | N/A |
| FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement. | |||||
| CVE-2003-0768 | 1 Microsoft | 1 Asp.net | 2016-10-18 | 6.8 MEDIUM | N/A |
| Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. | |||||
| CVE-2003-0840 | 1 Hp | 1 Hp-ux | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable. | |||||
| CVE-2003-0842 | 1 Dag Apt Repository | 1 Mod Gzip | 2016-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header. | |||||
| CVE-2003-0764 | 1 Squished Mosquito | 1 Escapade | 2016-10-18 | 5.0 MEDIUM | N/A |
| Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter. | |||||
| CVE-2003-0843 | 1 Dag Apt Repository | 1 Mod Gzip | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header. | |||||
| CVE-2003-0765 | 1 Nullsoft | 1 Winamp | 2016-10-18 | 7.5 HIGH | N/A |
| The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. | |||||
| CVE-2003-0846 | 1 Suse | 1 Suse Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file. | |||||
| CVE-2003-0847 | 1 Suse | 1 Suse Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file. | |||||
| CVE-2003-0844 | 1 Dag Apt Repository | 1 Mod Gzip | 2016-10-18 | 2.1 LOW | N/A |
| mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. | |||||
| CVE-2003-0744 | 1 Leafnode | 1 Leafnode | 2016-10-18 | 5.0 MEDIUM | N/A |
| The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input. | |||||
| CVE-2003-0740 | 1 Stunnel | 1 Stunnel | 2016-10-18 | 4.6 MEDIUM | N/A |
| Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. | |||||
| CVE-2003-0743 | 1 University Of Cambridge | 1 Exim | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer. | |||||
| CVE-2003-0759 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2003-0763 | 1 Squished Mosquito | 1 Escapade | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter. | |||||
| CVE-2003-0826 | 1 Gnu | 1 Lsh | 2016-10-18 | 7.5 HIGH | N/A |
| lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. | |||||
| CVE-2003-0827 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 5.0 MEDIUM | N/A |
| The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523. | |||||
| CVE-2003-0835 | 1 Mplayer | 1 Mplayer | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname. | |||||
| CVE-2003-0839 | 1 Microsoft | 1 Windows 2003 Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. | |||||
| CVE-2003-0736 | 1 Phpwebsite | 1 Phpwebsite | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules. | |||||
| CVE-2003-0737 | 1 Phpwebsite | 1 Phpwebsite | 2016-10-18 | 5.0 MEDIUM | N/A |
| The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library. | |||||
| CVE-2003-0739 | 1 Vmware | 1 Workstation | 2016-10-18 | 4.6 MEDIUM | N/A |
| VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack. | |||||
| CVE-2003-0805 | 1 University Of Minnesota | 1 Gopherd | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type. | |||||
| CVE-2003-0771 | 1 Apache Gallery | 1 Apache Gallery | 2016-10-18 | 4.6 MEDIUM | N/A |
| Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does. | |||||
| CVE-2003-0676 | 1 Sun | 2 Iplanet Directory Server, One Directory Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences. | |||||
| CVE-2003-0728 | 1 Horde | 1 Horde | 2016-10-18 | 6.4 MEDIUM | N/A |
| Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | |||||
| CVE-2003-0735 | 1 Phpwebsite | 1 Phpwebsite | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter. | |||||
| CVE-2003-0625 | 1 Xfstt | 1 Xfstt | 2016-10-18 | 6.4 MEDIUM | N/A |
| Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | |||||
| CVE-2003-0628 | 1 Peoplesoft | 1 Peopletools | 2016-10-18 | 5.0 MEDIUM | N/A |
| PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. | |||||
| CVE-2003-0629 | 1 Peoplesoft | 1 Peopletools | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. | |||||
| CVE-2003-0630 | 1 Atari800 | 1 Atari800 | 2016-10-18 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument. | |||||
| CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2016-10-18 | 7.2 HIGH | N/A |
| VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | |||||
| CVE-2003-0632 | 1 Oracle | 2 Applications, E-business Suite | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2003-0633 | 1 Oracle | 2 Applications, E-business Suite | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. | |||||
| CVE-2003-0635 | 1 Novell | 1 Ichain | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM. | |||||
| CVE-2003-0730 | 2 Netbsd, Xfree86 Project | 2 Netbsd, X11r6 | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. | |||||
| CVE-2003-0638 | 1 Novell | 1 Ichain | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login." | |||||
| CVE-2003-0639 | 1 Novell | 1 Ichain | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication. | |||||
| CVE-2003-0650 | 1 Gamespy | 1 Arcade | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file. | |||||
| CVE-2003-0652 | 1 Xtokkaetama | 1 Xtokkaetama | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611. | |||||
| CVE-2003-0655 | 1 Cdrtools | 1 Cdrtools | 2016-10-18 | 7.2 HIGH | N/A |
| rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges. | |||||
| CVE-2003-0656 | 1 Eroaster | 1 Eroaster | 2016-10-18 | 2.1 LOW | N/A |
| eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile. | |||||
| CVE-2003-0729 | 1 Tellurian | 1 Tftpdnt | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename. | |||||
| CVE-2003-0685 | 1 Netris | 1 Netris | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response. | |||||
| CVE-2003-0556 | 1 Polycom | 3 Mgc-100, Mgc-25, Mgc-50 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester. | |||||