Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0206 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2016-10-18 | 5.0 MEDIUM | N/A |
| gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. | |||||
| CVE-2003-0208 | 1 Macromedia | 1 Flash | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. | |||||
| CVE-2003-0209 | 2 Smoothwall, Sourcefire | 2 Smoothwall, Snort | 2016-10-18 | 10.0 HIGH | N/A |
| Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. | |||||
| CVE-2003-0210 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. | |||||
| CVE-2003-0212 | 1 Rinetd | 1 Rinetd | 2016-10-18 | 7.5 HIGH | N/A |
| handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections. | |||||
| CVE-2003-0213 | 1 Poptop | 1 Pptp Server | 2016-10-18 | 7.5 HIGH | N/A |
| ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow. | |||||
| CVE-2003-0215 | 1 Battleaxe Software | 1 Bttlxeforum | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields. | |||||
| CVE-2003-0217 | 1 Neoteris | 1 Instant Virtual Extranet | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script. | |||||
| CVE-2003-0219 | 1 Kerio | 1 Personal Firewall 2 | 2016-10-18 | 7.5 HIGH | N/A |
| Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server. | |||||
| CVE-2003-0220 | 1 Kerio | 1 Personal Firewall 2 | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. | |||||
| CVE-2003-0065 | 1 National University Of Singapore | 1 Uxterm | 2016-10-18 | 7.5 HIGH | N/A |
| The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-0066 | 1 Rxvt | 1 Rxvt | 2016-10-18 | 7.5 HIGH | N/A |
| The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-0067 | 1 Aterm | 1 Aterm | 2016-10-18 | 7.5 HIGH | N/A |
| The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-0068 | 1 Michael Jennings | 1 Eterm | 2016-10-18 | 7.5 HIGH | N/A |
| The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-0069 | 1 Putty | 1 Putty | 2016-10-18 | 7.5 HIGH | N/A |
| The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-0070 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2016-10-18 | 6.8 MEDIUM | N/A |
| VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-0071 | 1 Xfree86 Project | 1 X11r6 | 2016-10-18 | 2.1 LOW | N/A |
| The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. | |||||
| CVE-2003-0074 | 1 Plptools | 1 Plptools | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog. | |||||
| CVE-2003-0075 | 1 Bladeenc | 1 Bladeenc | 2016-10-18 | 7.5 HIGH | N/A |
| Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk. | |||||
| CVE-2003-0076 | 2 Dcgui, Qt-dcgui | 2 Dcgui, Qt-dcgui | 2016-10-18 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist. | |||||
| CVE-2003-0077 | 1 Hanterm | 1 Hanterm-xf | 2016-10-18 | 7.5 HIGH | N/A |
| The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-0078 | 3 Freebsd, Openbsd, Openssl | 3 Freebsd, Openbsd, Openssl | 2016-10-18 | 5.0 MEDIUM | N/A |
| ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." | |||||
| CVE-2003-0079 | 1 Hanterm | 1 Hanterm-xf | 2016-10-18 | 2.1 LOW | N/A |
| The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. | |||||
| CVE-2003-0095 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. | |||||
| CVE-2003-0096 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2016-10-18 | 9.0 HIGH | N/A |
| Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. | |||||
| CVE-2003-0100 | 1 Cisco | 1 Ios | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. | |||||
| CVE-2003-0101 | 3 Engardelinux, Usermin, Webmin | 3 Guardian Digital Webtool, Usermin, Webmin | 2016-10-18 | 10.0 HIGH | N/A |
| miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges. | |||||
| CVE-2003-0106 | 1 Symantec | 1 Enterprise Firewall | 2016-10-18 | 7.5 HIGH | N/A |
| The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8. | |||||
| CVE-2003-0108 | 1 Lbl | 1 Tcpdump | 2016-10-18 | 5.0 MEDIUM | N/A |
| isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. | |||||
| CVE-2003-0121 | 1 Clearswift | 1 Mailsweeper | 2016-10-18 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients. | |||||
| CVE-2002-2340 | 1 Phorum | 1 Phorum | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. | |||||
| CVE-2002-2342 | 1 Joe Depasquale | 1 Bannermatic | 2016-10-18 | 5.0 MEDIUM | N/A |
| Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. | |||||
| CVE-2002-2400 | 1 Hughes Technologies | 1 Libhttpd | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request. | |||||
| CVE-2002-2402 | 1 Surecom | 1 Ep-4501 | 2016-10-18 | 10.0 HIGH | N/A |
| SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information. | |||||
| CVE-2002-2404 | 1 Curtis Specialty Consulting | 1 Iispop | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110). | |||||
| CVE-2002-2414 | 2 Opera Software, Squid | 2 Opera, Squid | 2016-10-18 | 4.3 MEDIUM | N/A |
| Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2003-0012 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 2.1 LOW | N/A |
| The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. | |||||
| CVE-2003-0013 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | |||||
| CVE-2003-0021 | 1 Michael Jennings | 1 Eterm | 2016-10-18 | 5.0 MEDIUM | N/A |
| The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence. | |||||
| CVE-2003-0022 | 1 Rxvt | 1 Rxvt | 2016-10-18 | 5.0 MEDIUM | N/A |
| The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence. | |||||
| CVE-2003-0023 | 1 Rxvt | 1 Rxvt | 2016-10-18 | 5.0 MEDIUM | N/A |
| The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | |||||
| CVE-2003-0024 | 1 Aterm | 1 Aterm | 2016-10-18 | 7.5 HIGH | N/A |
| The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | |||||
| CVE-2003-0025 | 1 Horde | 1 Imp | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. | |||||
| CVE-2003-0030 | 1 Protegrity | 1 Secure.data | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select. | |||||
| CVE-2003-0031 | 1 Mcrypt | 1 Libmcrypt | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash). | |||||
| CVE-2003-0032 | 1 Mcrypt | 1 Libmcrypt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool. | |||||
| CVE-2003-0033 | 1 Snort | 1 Snort | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets. | |||||
| CVE-2003-0046 | 1 Celestial Software | 1 Absolutetelnet | 2016-10-18 | 4.6 MEDIUM | N/A |
| AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | |||||
| CVE-2003-0047 | 1 Van Dyke Technologies | 3 Entunnel, Securecrt, Securefx | 2016-10-18 | 4.6 MEDIUM | N/A |
| SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | |||||
| CVE-2003-0048 | 1 Putty | 1 Putty | 2016-10-18 | 4.6 MEDIUM | N/A |
| PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | |||||