Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0084 | 1 Mod Auth Any | 1 Mod Auth Any | 2017-07-11 | 7.5 HIGH | N/A |
| mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2003-0105 | 1 Port80 Software | 1 Servermask | 2017-07-11 | 5.0 MEDIUM | N/A |
| ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server. | |||||
| CVE-2003-0144 | 4 Bsd, Freebsd, Lprold and 1 more | 4 Lpr, Freebsd, Lprold and 1 more | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | |||||
| CVE-2003-0146 | 1 Netpbm | 1 Netpbm | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows. | |||||
| CVE-2003-0153 | 1 Mozilla | 1 Bonsai | 2017-07-11 | 5.0 MEDIUM | N/A |
| bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | |||||
| CVE-2003-0162 | 1 Ecartis | 1 Ecartis | 2017-07-11 | 7.5 HIGH | N/A |
| Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page. | |||||
| CVE-2003-0170 | 1 Ibm | 1 Aix | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors. | |||||
| CVE-2003-0172 | 1 Php | 1 Php | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. | |||||
| CVE-2003-0174 | 1 Sgi | 1 Irix | 2017-07-11 | 7.5 HIGH | N/A |
| The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password. | |||||
| CVE-2003-0175 | 1 Sgi | 1 Irix | 2017-07-11 | 2.1 LOW | N/A |
| SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl. | |||||
| CVE-2003-0178 | 1 Ibm | 1 Lotus Domino Web Server | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation. | |||||
| CVE-2003-0179 | 1 Ibm | 2 Lotus Domino Web Server, Lotus Notes Client | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. | |||||
| CVE-2003-0180 | 1 Ibm | 1 Lotus Domino Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. | |||||
| CVE-2003-0181 | 1 Ibm | 1 Lotus Domino Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. | |||||
| CVE-2003-0193 | 1 Catdoc | 1 Catdoc | 2017-07-11 | 2.1 LOW | N/A |
| msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html"). | |||||
| CVE-2003-0202 | 1 Brian Renaud | 1 Metrics | 2017-07-11 | 4.6 MEDIUM | N/A |
| The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0203 | 2 Moxftp, Xftp | 2 Moxftp, Xftp | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner. | |||||
| CVE-2003-0221 | 1 Hp | 1 Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack. | |||||
| CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2017-07-11 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | |||||
| CVE-2003-0235 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command. | |||||
| CVE-2003-0236 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers. | |||||
| CVE-2003-0237 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack. | |||||
| CVE-2003-0238 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag. | |||||
| CVE-2003-0239 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor. | |||||
| CVE-2003-0240 | 1 Axis | 9 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 6 more | 2017-07-11 | 10.0 HIGH | N/A |
| The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). | |||||
| CVE-2003-0257 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. | |||||
| CVE-2003-0262 | 1 Leksbot | 1 Leksbot | 2017-07-11 | 7.2 HIGH | N/A |
| leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have. | |||||
| CVE-2003-0263 | 1 Floosietek | 1 Ftgatepro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||||
| CVE-2003-0269 | 1 Youbin | 1 Youbin | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2003-0270 | 1 Apple | 1 802.11n | 2017-07-11 | 7.6 HIGH | N/A |
| The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | |||||
| CVE-2003-0276 | 1 Pi3 | 1 Pi3web | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters. | |||||
| CVE-2003-0277 | 1 Happycgi | 1 Happymall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter. | |||||
| CVE-2003-0278 | 1 Happycgi.com | 1 Happymall | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter. | |||||
| CVE-2003-0279 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 2.6 LOW | N/A |
| Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | |||||
| CVE-2003-0280 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||||
| CVE-2003-0281 | 1 Firebirdsql | 1 Firebird | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop. | |||||
| CVE-2003-0283 | 1 Phorum | 1 Phorum | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. | |||||
| CVE-2003-0285 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. | |||||
| CVE-2003-0286 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable. | |||||
| CVE-2003-0287 | 1 Six Apart | 1 Movable Type | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. | |||||
| CVE-2003-0288 | 1 Hiroaki Shirouzu | 1 Ip Messenger | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file. | |||||
| CVE-2003-0289 | 1 Cdrtools | 1 Cdrecord | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter. | |||||
| CVE-2003-0290 | 1 Etype | 1 Eserv | 2017-07-11 | 5.0 MEDIUM | N/A |
| Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated. | |||||
| CVE-2003-0291 | 1 3com | 1 3cp4144 | 2017-07-11 | 5.0 MEDIUM | N/A |
| 3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets. | |||||
| CVE-2003-0327 | 1 Sybase | 1 Adaptive Server Enterprise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow. | |||||
| CVE-2003-0333 | 1 Hp | 1 Hp-ux | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085. | |||||
| CVE-2003-0334 | 1 Colten Edwards | 1 Bitchx | 2017-07-11 | 2.1 LOW | N/A |
| BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c. | |||||
| CVE-2003-0368 | 1 Nokia | 1 Ggsn | 2017-07-11 | 5.0 MEDIUM | N/A |
| Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. | |||||
| CVE-2003-0396 | 1 Linux-atm | 1 Linux-atm | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument. | |||||
| CVE-2003-0420 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. | |||||