Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0671 | 1 Jeremy Elson | 1 Tcpflow | 2008-09-10 | 7.2 HIGH | N/A |
| Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow. | |||||
| CVE-2003-0731 | 1 Cisco | 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more | 2008-09-10 | 10.0 HIGH | N/A |
| CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter. | |||||
| CVE-2003-0804 | 3 Apple, Freebsd, Openbsd | 4 Mac Os X, Mac Os X Server, Freebsd and 1 more | 2008-09-10 | 5.0 MEDIUM | N/A |
| The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. | |||||
| CVE-2003-0803 | 1 Nokia | 1 Electronic Documentation | 2008-09-10 | 7.5 HIGH | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user. | |||||
| CVE-2003-0784 | 1 Ibm | 1 Aix | 2008-09-10 | 10.0 HIGH | N/A |
| Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers. | |||||
| CVE-2003-0779 | 1 Digium | 1 Asterisk | 2008-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. | |||||
| CVE-2003-0769 | 1 Mirabilis | 1 Icq | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field. | |||||
| CVE-2003-0762 | 1 Foxweb | 1 Foxweb | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). | |||||
| CVE-2003-0756 | 1 Sitebuilder | 1 Sitebuilder | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter. | |||||
| CVE-2003-0755 | 1 Gtkftpd | 1 Gtkftp | 2008-09-10 | 10.0 HIGH | N/A |
| Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command. | |||||
| CVE-2003-0754 | 1 Newsphp | 1 Newsphp | 2008-09-10 | 7.5 HIGH | N/A |
| nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication. | |||||
| CVE-2003-0753 | 1 Newsphp | 1 Newsphp | 2008-09-10 | 5.0 MEDIUM | N/A |
| nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter. | |||||
| CVE-2003-0751 | 1 Py-membres | 1 Py-membres | 2008-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter. | |||||
| CVE-2003-0750 | 1 Py-membres | 1 Py-membres | 2008-09-10 | 7.5 HIGH | N/A |
| secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter. | |||||
| CVE-2003-0745 | 1 Castle Rock Computing | 1 Snmpc | 2008-09-10 | 10.0 HIGH | N/A |
| SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server. | |||||
| CVE-2003-0742 | 1 Sco | 1 Openserver | 2008-09-10 | 7.2 HIGH | N/A |
| SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program. | |||||
| CVE-2003-0723 | 1 Gkrellm | 1 Gkrellm | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code. | |||||
| CVE-2003-0709 | 1 Whois | 1 Whois | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option. | |||||
| CVE-2003-0706 | 1 Nicolas Boullis | 1 Mah-jong | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop). | |||||
| CVE-2003-0705 | 1 Nicolas Boullis | 1 Mah-jong | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0697 | 1 Ibm | 1 Aix | 2008-09-10 | 7.2 HIGH | N/A |
| Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges. | |||||
| CVE-2003-0689 | 1 Redhat | 1 Enterprise Linux | 2008-09-10 | 7.5 HIGH | N/A |
| The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow. | |||||
| CVE-2003-0680 | 1 Sgi | 1 Irix | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions. | |||||
| CVE-2003-0679 | 1 Sgi | 1 Irix | 2008-09-10 | 2.1 LOW | N/A |
| Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files. | |||||
| CVE-2003-0677 | 1 Cisco | 1 Webns | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure." | |||||
| CVE-2003-0672 | 1 Leon J Breedt | 1 Pam-pgsql | 2008-09-10 | 7.5 HIGH | N/A |
| Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message. | |||||
| CVE-2003-0791 | 2 Mozilla, Sco | 2 Mozilla, Openserver | 2008-09-10 | 7.5 HIGH | N/A |
| The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | |||||
| CVE-2003-0734 | 1 Padl Software | 1 Pam Ldap | 2008-09-10 | 10.0 HIGH | N/A |
| Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system. | |||||
| CVE-2003-0670 | 1 Sustainable Softworks | 2 Ipnetmonitorx, Ipnetsentryx | 2008-09-10 | 2.1 LOW | N/A |
| Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow. | |||||
| CVE-2003-0658 | 2 Caldera, Sco | 4 Openlinux Server, Openlinux Workstation, Openserver and 1 more | 2008-09-10 | 5.0 MEDIUM | N/A |
| Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. | |||||
| CVE-2003-0654 | 1 Autorespond | 1 Autorespond | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail. | |||||
| CVE-2003-0653 | 1 Netbsd | 1 Netbsd | 2008-09-10 | 5.0 MEDIUM | N/A |
| The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets. | |||||
| CVE-2003-0647 | 1 Cisco | 1 Ios | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. | |||||
| CVE-2003-0646 | 1 Trend Micro | 2 Damage Cleanup Server, Housecall | 2008-09-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. | |||||
| CVE-2003-0643 | 1 Linux | 1 Linux Kernel | 2008-09-10 | 2.1 LOW | N/A |
| Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash). | |||||
| CVE-2003-0649 | 1 Xpcd | 1 Xpcd | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-2003-0933 | 1 Conquest | 1 Conquest | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable. | |||||
| CVE-2003-0932 | 1 Omega-rpg | 1 Omega-rpg | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable. | |||||
| CVE-2003-0902 | 1 Minimalist | 1 Minimalist | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands. | |||||
| CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." | |||||
| CVE-2003-0836 | 1 Ibm | 1 Db2 Universal Database | 2008-09-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command. | |||||
| CVE-2003-0833 | 1 Webfs | 1 Webfs | 2008-09-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname. | |||||
| CVE-2003-0832 | 1 Webfs | 1 Webfs | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header. | |||||
| CVE-2003-0830 | 1 Marbles | 1 Marbles | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2003-0776 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 7.5 HIGH | N/A |
| saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences. | |||||
| CVE-2003-0775 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash). | |||||
| CVE-2003-0853 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | |||||
| CVE-2003-0774 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 7.5 HIGH | N/A |
| saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed. | |||||
| CVE-2003-0778 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption). | |||||
| CVE-2003-0787 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. | |||||