Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0589 | 1 Digi-fx | 1 Digi-news | 2016-10-18 | 10.0 HIGH | N/A |
| admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2003-0536 | 1 Phpsysinfo | 1 Phpsysinfo | 2016-10-18 | 3.6 LOW | N/A |
| Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters. | |||||
| CVE-2003-0553 | 1 Netscape | 1 Navigator | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename. | |||||
| CVE-2003-0554 | 1 Neomodus | 1 Direct Connect | 2016-10-18 | 5.0 MEDIUM | N/A |
| NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports. | |||||
| CVE-2003-0555 | 1 Imagemagick | 1 Imagemagick | 2016-10-18 | 7.5 HIGH | N/A |
| ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability. | |||||
| CVE-2003-0558 | 1 Leapware | 1 Leapftp | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request. | |||||
| CVE-2003-0559 | 1 Phpforum | 1 Phpforum | 2016-10-18 | 7.5 HIGH | N/A |
| mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-0560 | 1 Virtual Programming | 1 Vp-asp | 2016-10-18 | 10.0 HIGH | N/A |
| SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter. | |||||
| CVE-2003-0561 | 1 Iglooftp | 1 Iglooftp Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands. | |||||
| CVE-2003-0562 | 1 Novell | 1 Netware | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string. | |||||
| CVE-2003-0578 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 4.6 MEDIUM | N/A |
| cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. | |||||
| CVE-2003-0588 | 1 Digi-fx | 1 Digi-news | 2016-10-18 | 10.0 HIGH | N/A |
| admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2003-0579 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 4.6 MEDIUM | N/A |
| uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user. | |||||
| CVE-2003-0580 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument. | |||||
| CVE-2003-0581 | 1 Xfstt | 1 Xfstt | 2016-10-18 | 7.5 HIGH | N/A |
| X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access. | |||||
| CVE-2003-0583 | 1 Tolis Group | 1 Bru | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2003-0584 | 1 Tolis Group | 1 Bru | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument. | |||||
| CVE-2003-0585 | 1 Brooky | 1 Estore | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters. | |||||
| CVE-2003-0586 | 1 Brooky | 1 Estore | 2016-10-18 | 7.5 HIGH | N/A |
| Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php. | |||||
| CVE-2003-0587 | 1 Infopop | 1 Ultimate Bulletin Board | 2016-10-18 | 6.9 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie. | |||||
| CVE-2003-0597 | 1 Sco | 1 Openserver | 2016-10-18 | 7.2 HIGH | N/A |
| Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges. | |||||
| CVE-2003-0617 | 1 Hugo Rabson | 1 Mindi | 2016-10-18 | 4.6 MEDIUM | N/A |
| mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0620 | 1 Andries Brouwer | 1 Man | 2016-10-18 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable. | |||||
| CVE-2003-0590 | 1 Splatt | 1 Splatt Forum | 2016-10-18 | 7.1 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. | |||||
| CVE-2003-0557 | 1 Lagarde | 1 Storefront | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field. | |||||
| CVE-2003-0490 | 1 Dantz | 1 Retrospect Client | 2016-10-18 | 7.2 HIGH | N/A |
| The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code. | |||||
| CVE-2003-0485 | 1 Progress | 1 4gl Compiler | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type. | |||||
| CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | |||||
| CVE-2003-0482 | 1 Gero Kohnert | 1 Tutos | 2016-10-18 | 7.5 HIGH | N/A |
| TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code. | |||||
| CVE-2003-0521 | 1 Cpanel | 1 Cpanel | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens. | |||||
| CVE-2003-0506 | 1 Microsoft | 1 Netmeeting | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. | |||||
| CVE-2003-0522 | 1 Early Impact | 1 Productcart | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp. | |||||
| CVE-2003-0523 | 1 Early Impact | 1 Productcart | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter. | |||||
| CVE-2003-0524 | 1 Knoppix | 1 Knoppix | 2016-10-18 | 6.2 MEDIUM | N/A |
| Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory. | |||||
| CVE-2003-0507 | 1 Microsoft | 1 Windows 2000 | 2016-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. | |||||
| CVE-2003-0467 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. | |||||
| CVE-2003-0508 | 1 Adobe | 1 Acrobat Reader | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link. | |||||
| CVE-2003-0480 | 1 Vmware | 1 Workstation | 2016-10-18 | 3.7 LOW | N/A |
| VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation." | |||||
| CVE-2003-0481 | 1 Gero Kohnert | 1 Tutos | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php. | |||||
| CVE-2003-0455 | 1 Imagemagick | 1 Libmagick Library | 2016-10-18 | 4.6 MEDIUM | N/A |
| The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files. | |||||
| CVE-2003-0474 | 1 Ashley Brown | 1 Iweb Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475. | |||||
| CVE-2003-0477 | 1 Wzdftpd | 1 Wzdftpd | 2016-10-18 | 5.0 MEDIUM | N/A |
| wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument. | |||||
| CVE-2003-0475 | 1 Ashley Brown | 1 Iweb Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474. | |||||
| CVE-2003-0505 | 1 Microsoft | 1 Netmeeting | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. | |||||
| CVE-2003-0504 | 1 Phpgroupware | 1 Phpgroupware | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | |||||
| CVE-2003-0503 | 1 Microsoft | 1 Windows 2000 | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. | |||||
| CVE-2003-0493 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2016-10-18 | 10.0 HIGH | N/A |
| Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID. | |||||
| CVE-2003-0453 | 1 Ehud Gavron | 1 Traceroute-nanog | 2016-10-18 | 10.0 HIGH | N/A |
| traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. | |||||
| CVE-2003-0471 | 1 Alt-n | 1 Webadmin | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument. | |||||
| CVE-2003-0510 | 1 Ezbounce | 1 Ezbounce | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command. | |||||