Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1357 | 2 Microsoft, Replicom | 2 Windows Nt, Proxyview | 2017-07-29 | 10.0 HIGH | N/A |
| ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | |||||
| CVE-2003-1358 | 1 Hp | 1 Hp-ux | 2017-07-29 | 7.2 HIGH | N/A |
| rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program. | |||||
| CVE-2003-1360 | 1 Hp | 1 Hp-ux | 2017-07-29 | 7.2 HIGH | N/A |
| Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable. | |||||
| CVE-2003-1361 | 2 Ibm, Veritas | 2 Tivoli Storage Manager, Bare Metal Restore | 2017-07-29 | 10.0 HIGH | N/A |
| Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server. | |||||
| CVE-2003-1362 | 1 Hp | 2 Bastille, Hp-ux | 2017-07-29 | 7.8 HIGH | N/A |
| Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases. | |||||
| CVE-2003-1364 | 1 Aprelium Technologies | 1 Abyss Web Server | 2017-07-29 | 8.5 HIGH | N/A |
| Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. | |||||
| CVE-2003-1365 | 1 Perl | 1 Cgi Lite | 2017-07-29 | 5.0 MEDIUM | N/A |
| The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | |||||
| CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2017-07-29 | 3.3 LOW | N/A |
| chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
| CVE-2003-1367 | 1 Great Circle Associates | 1 Majordomo | 2017-07-29 | 7.8 HIGH | N/A |
| The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. | |||||
| CVE-2003-1368 | 1 Electrasoft | 1 Ftp Client | 2017-07-29 | 6.4 MEDIUM | N/A |
| Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | |||||
| CVE-2003-1369 | 1 Save It Software Pty | 1 Bytecatcherftp | 2017-07-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | |||||
| CVE-2003-1370 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module. | |||||
| CVE-2003-1371 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-29 | 4.3 MEDIUM | N/A |
| Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules. | |||||
| CVE-2003-1372 | 4 Linux, Microsoft, Myphpnuke and 1 more | 4 Linux Kernel, All Windows, Myphpnuke and 1 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. | |||||
| CVE-2003-1373 | 1 Phpbb Group | 1 Phpbb | 2017-07-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | |||||
| CVE-2003-1374 | 1 Hp | 1 Hp-ux | 2017-07-29 | 4.6 MEDIUM | N/A |
| Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options. | |||||
| CVE-2003-1376 | 1 Winzip | 1 Winzip | 2017-07-29 | 4.6 MEDIUM | N/A |
| WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | |||||
| CVE-2003-1377 | 1 Sircd | 1 Sircd | 2017-07-29 | 8.3 HIGH | N/A |
| Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname. | |||||
| CVE-2003-1378 | 1 Microsoft | 2 Outlook, Outlook Express | 2017-07-29 | 8.8 HIGH | N/A |
| Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | |||||
| CVE-2003-1379 | 1 Point Clark Networks | 1 Clarkconnect | 2017-07-29 | 5.0 MEDIUM | N/A |
| clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | |||||
| CVE-2003-1380 | 1 Bisonftp | 1 Bisonftp Server 4 | 2017-07-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | |||||
| CVE-2003-1381 | 1 Amxmod.net | 1 Amx Mod | 2017-07-29 | 6.8 MEDIUM | N/A |
| Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command. | |||||
| CVE-2003-1382 | 1 Instantservers Inc. | 1 Ismail | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields. | |||||
| CVE-2003-1383 | 1 Logicworks | 1 Web Erp | 2017-07-29 | 7.5 HIGH | N/A |
| WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | |||||
| CVE-2003-1384 | 1 Py Software | 1 Py-livredor | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields. | |||||
| CVE-2003-1385 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-29 | 6.8 MEDIUM | N/A |
| ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-1386 | 1 Axis | 2 2400 Video Server, 2401 Video Server | 2017-07-29 | 6.4 MEDIUM | N/A |
| AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. | |||||
| CVE-2003-1387 | 1 Opera Software | 1 Opera Web Browser | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username. | |||||
| CVE-2003-1388 | 4 Linux, Microsoft, Opera Software and 1 more | 4 Linux Kernel, All Windows, Opera and 1 more | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension. | |||||
| CVE-2003-1389 | 1 Research Triangle Software | 1 Cryptobuddy | 2017-07-29 | 7.5 HIGH | N/A |
| RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. | |||||
| CVE-2003-1390 | 1 Research Triangle Software | 1 Cryptobuddy | 2017-07-29 | 7.5 HIGH | N/A |
| RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. | |||||
| CVE-2003-1391 | 1 Research Triangle Software | 1 Cryptobuddy | 2017-07-29 | 7.5 HIGH | N/A |
| RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase. | |||||
| CVE-2003-1392 | 2 Microsoft, Research Triangle Software | 2 All Windows, Cryptobuddy | 2017-07-29 | 6.6 MEDIUM | N/A |
| CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. | |||||
| CVE-2003-1393 | 1 Gupta Technologies | 1 Sqlbase | 2017-07-29 | 8.5 HIGH | N/A |
| Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command. | |||||
| CVE-2003-1394 | 1 Coffeecup Software | 1 Coffeecup Password Wizard | 2017-07-29 | 5.0 MEDIUM | N/A |
| CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. | |||||
| CVE-2003-1395 | 1 Kazaa | 1 Kazaa Media Desktop | 2017-07-29 | 9.0 HIGH | N/A |
| Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server. | |||||
| CVE-2003-1396 | 1 Opera Software | 1 Opera Web Browser | 2017-07-29 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | |||||
| CVE-2003-1397 | 1 Opera Software | 1 Opera Web Browser | 2017-07-29 | 4.3 MEDIUM | N/A |
| The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method. | |||||
| CVE-2003-1398 | 1 Cisco | 1 Ios | 2017-07-29 | 9.3 HIGH | N/A |
| Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | |||||
| CVE-2003-1399 | 1 Eject | 1 Eject | 2017-07-29 | 1.9 LOW | N/A |
| eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information. | |||||
| CVE-2003-1400 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | |||||
| CVE-2003-1401 | 1 Php Board | 1 Php Board | 2017-07-29 | 5.8 MEDIUM | N/A |
| login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2003-1402 | 1 Kietu | 1 Kietu | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | |||||
| CVE-2003-1403 | 1 Dotbr | 1 Botbr | 2017-07-29 | 7.5 HIGH | N/A |
| foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2017-07-29 | 7.5 HIGH | N/A |
| DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | |||||
| CVE-2003-1405 | 1 Dotbr | 1 Botbr | 2017-07-29 | 7.5 HIGH | N/A |
| DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | |||||
| CVE-2003-1406 | 1 Adalis Infomatique | 1 D Forum | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | |||||
| CVE-2003-1407 | 1 Microsoft | 1 Windows Nt | 2017-07-29 | 7.2 HIGH | N/A |
| Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. | |||||
| CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
| CVE-2003-1409 | 1 Ej3 | 1 Topo | 2017-07-29 | 5.0 MEDIUM | N/A |
| TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | |||||