Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0785 | 1 Brian Bassett | 1 Ipmasq | 2008-09-10 | 7.5 HIGH | N/A |
| ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering. | |||||
| CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2008-09-10 | 5.0 MEDIUM | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). | |||||
| CVE-2003-0777 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault). | |||||
| CVE-2003-0786 | 1 Openbsd | 1 Openssh | 2008-09-10 | 10.0 HIGH | N/A |
| The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. | |||||
| CVE-2003-0515 | 1 Teapop | 1 Teapop | 2008-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges. | |||||
| CVE-2003-0606 | 2 Cvsup, Sup | 2 Cvsup-mirror, Sup | 2008-09-10 | 4.6 MEDIUM | N/A |
| sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0577 | 1 Mpg123 | 1 Mpg123 | 2008-09-10 | 7.5 HIGH | N/A |
| mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. | |||||
| CVE-2003-0535 | 1 Xblockout | 1 Xbl | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option. | |||||
| CVE-2003-0450 | 1 Cistron | 1 Radius Daemon | 2008-09-10 | 7.5 HIGH | N/A |
| Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow. | |||||
| CVE-2003-0574 | 1 Sgi | 1 Irix | 2008-09-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028. | |||||
| CVE-2003-0595 | 1 Witango | 2 Tango Server, Witango Server | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference. | |||||
| CVE-2003-0576 | 1 Sgi | 1 Irix | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619. | |||||
| CVE-2003-0516 | 1 Gert Doering | 1 Mgetty | 2008-09-10 | 7.5 HIGH | N/A |
| cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings. | |||||
| CVE-2003-0437 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter. | |||||
| CVE-2003-0436 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter. | |||||
| CVE-2003-0610 | 1 Mcafee | 1 Epolicy Orchestrator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. | |||||
| CVE-2003-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. | |||||
| CVE-2003-0613 | 1 Zblast | 1 Zblast | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file. | |||||
| CVE-2003-0538 | 1 Mozart | 1 Mozart | 2008-09-10 | 7.5 HIGH | N/A |
| The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program. | |||||
| CVE-2003-0425 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request. | |||||
| CVE-2003-0423 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. | |||||
| CVE-2003-0243 | 1 Happycgi | 1 Happymall | 2008-09-10 | 7.5 HIGH | N/A |
| Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts. | |||||
| CVE-2003-0422 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. | |||||
| CVE-2003-0261 | 1 Fuzz | 1 Fuzz | 2008-09-10 | 4.6 MEDIUM | N/A |
| fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges. | |||||
| CVE-2003-0256 | 1 Kde | 1 Kopete | 2008-09-10 | 7.5 HIGH | N/A |
| The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2003-0198 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 6.4 MEDIUM | N/A |
| Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files. | |||||
| CVE-2003-0173 | 2 Sgi, Xfsdump | 2 Irix, Xfsdump | 2008-09-10 | 7.2 HIGH | N/A |
| xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges. | |||||
| CVE-2003-0137 | 1 Nokia | 1 Sgsn Dx200 | 2008-09-10 | 5.0 MEDIUM | N/A |
| SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings. | |||||
| CVE-2003-0149 | 1 Mcafee | 1 Epolicy Orchestrator | 2008-09-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. | |||||
| CVE-2003-0171 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 7.2 HIGH | N/A |
| DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. | |||||
| CVE-2003-0148 | 1 Mcafee | 1 Epolicy Orchestrator | 2008-09-10 | 7.2 HIGH | N/A |
| The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. | |||||
| CVE-2003-0207 | 1 Gs-common | 1 Gs-common | 2008-09-10 | 2.1 LOW | N/A |
| ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. | |||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2008-09-10 | 7.5 HIGH | N/A |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | |||||
| CVE-2003-0424 | 1 Apple | 1 Darwin Streaming Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi. | |||||
| CVE-2003-0099 | 1 Apc | 1 Apcupsd | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. | |||||
| CVE-2003-0041 | 2 Mit, Redhat | 2 Kerberos Ftp Client, Linux | 2008-09-10 | 10.0 HIGH | N/A |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||||
| CVE-2002-2001 | 2 Jmcce, Mandrakesoft | 2 Jmcce, Mandrake Linux | 2008-09-10 | 1.2 LOW | N/A |
| jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 2.6 LOW | N/A |
| BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | |||||
| CVE-2002-2200 | 1 Benjamin Lefevre | 1 Dobermann Forum | 2008-09-10 | 7.5 HIGH | N/A |
| Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php. | |||||
| CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||||
| CVE-2002-2041 | 1 Qnx | 1 Rtos | 2008-09-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer. | |||||
| CVE-2002-2171 | 1 Andrey Cherezov | 1 Acweb | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. | |||||
| CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | |||||
| CVE-2002-2142 | 1 Bea | 2 Weblogic Integration, Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
| An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | |||||
| CVE-2002-1897 | 1 Mywebserver | 1 Mywebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow. | |||||
| CVE-2002-1600 | 1 Mike Spice | 1 My Classifieds | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter. | |||||
| CVE-2002-1193 | 1 Tkmail | 1 Tkmail | 2008-09-10 | 2.1 LOW | N/A |
| tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. | |||||
| CVE-2002-1189 | 1 Cisco | 1 Unity Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. | |||||
| CVE-2002-1395 | 1 Debian | 1 Internet Message | 2008-09-10 | 2.1 LOW | N/A |
| Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz. | |||||
| CVE-2002-1285 | 1 Suse | 1 Suse Linux | 2008-09-10 | 7.2 HIGH | N/A |
| runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments. | |||||