Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0646 | 1 Trend Micro | 2 Damage Cleanup Server, Housecall | 2008-09-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. | |||||
| CVE-2003-0647 | 1 Cisco | 1 Ios | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. | |||||
| CVE-2003-0862 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0813. Reason: This candidate is a duplicate of CVE-2003-0813. Notes: All CVE users should reference CVE-2003-0813 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0742 | 1 Sco | 1 Openserver | 2008-09-10 | 7.2 HIGH | N/A |
| SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program. | |||||
| CVE-2003-0677 | 1 Cisco | 1 Webns | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure." | |||||
| CVE-2003-0933 | 1 Conquest | 1 Conquest | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable. | |||||
| CVE-2003-0932 | 1 Omega-rpg | 1 Omega-rpg | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable. | |||||
| CVE-2003-0745 | 1 Castle Rock Computing | 1 Snmpc | 2008-09-10 | 10.0 HIGH | N/A |
| SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server. | |||||
| CVE-2003-0750 | 1 Py-membres | 1 Py-membres | 2008-09-10 | 7.5 HIGH | N/A |
| secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter. | |||||
| CVE-2003-0756 | 1 Sitebuilder | 1 Sitebuilder | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter. | |||||
| CVE-2003-0705 | 1 Nicolas Boullis | 1 Mah-jong | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0762 | 1 Foxweb | 1 Foxweb | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). | |||||
| CVE-2003-0791 | 2 Mozilla, Sco | 2 Mozilla, Openserver | 2008-09-10 | 7.5 HIGH | N/A |
| The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | |||||
| CVE-2003-0672 | 1 Leon J Breedt | 1 Pam-pgsql | 2008-09-10 | 7.5 HIGH | N/A |
| Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message. | |||||
| CVE-2003-0658 | 2 Caldera, Sco | 4 Openlinux Server, Openlinux Workstation, Openserver and 1 more | 2008-09-10 | 5.0 MEDIUM | N/A |
| Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. | |||||
| CVE-2003-0671 | 1 Jeremy Elson | 1 Tcpflow | 2008-09-10 | 7.2 HIGH | N/A |
| Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow. | |||||
| CVE-2003-0879 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0518. Reason: This candidate is a reservation duplicate of CVE-2003-0518. Notes: All CVE users should reference CVE-2003-0518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." | |||||
| CVE-2003-0786 | 1 Openbsd | 1 Openssh | 2008-09-10 | 10.0 HIGH | N/A |
| The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. | |||||
| CVE-2003-0853 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. | |||||
| CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2008-09-10 | 5.0 MEDIUM | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). | |||||
| CVE-2003-0774 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 7.5 HIGH | N/A |
| saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed. | |||||
| CVE-2003-0775 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash). | |||||
| CVE-2003-0776 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 7.5 HIGH | N/A |
| saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences. | |||||
| CVE-2003-0787 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. | |||||
| CVE-2003-0777 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault). | |||||
| CVE-2003-0778 | 1 Sane | 2 Sane, Sane-backend | 2008-09-10 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption). | |||||
| CVE-2003-0785 | 1 Brian Bassett | 1 Ipmasq | 2008-09-10 | 7.5 HIGH | N/A |
| ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering. | |||||
| CVE-2003-0463 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2003-0576 | 1 Sgi | 1 Irix | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619. | |||||
| CVE-2003-0582 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0574 | 1 Sgi | 1 Irix | 2008-09-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028. | |||||
| CVE-2003-0437 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter. | |||||
| CVE-2003-0436 | 1 Mnogosearch | 1 Mnogosearch | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter. | |||||
| CVE-2003-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. | |||||
| CVE-2003-0515 | 1 Teapop | 1 Teapop | 2008-09-10 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges. | |||||
| CVE-2003-0538 | 1 Mozart | 1 Mozart | 2008-09-10 | 7.5 HIGH | N/A |
| The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program. | |||||
| CVE-2003-0591 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a duplicate number that was created during the refinement phase. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0595 | 1 Witango | 2 Tango Server, Witango Server | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference. | |||||
| CVE-2003-0577 | 1 Mpg123 | 1 Mpg123 | 2008-09-10 | 7.5 HIGH | N/A |
| mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. | |||||
| CVE-2003-0613 | 1 Zblast | 1 Zblast | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file. | |||||
| CVE-2003-0450 | 1 Cistron | 1 Radius Daemon | 2008-09-10 | 7.5 HIGH | N/A |
| Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow. | |||||
| CVE-2003-0610 | 1 Mcafee | 1 Epolicy Orchestrator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. | |||||
| CVE-2003-0606 | 2 Cvsup, Sup | 2 Cvsup-mirror, Sup | 2008-09-10 | 4.6 MEDIUM | N/A |
| sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0516 | 1 Gert Doering | 1 Mgetty | 2008-09-10 | 7.5 HIGH | N/A |
| cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings. | |||||
| CVE-2003-0598 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0535 | 1 Xblockout | 1 Xbl | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option. | |||||
| CVE-2003-0207 | 1 Gs-common | 1 Gs-common | 2008-09-10 | 2.1 LOW | N/A |
| ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. | |||||
| CVE-2003-0351 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2003-0243 | 1 Happycgi | 1 Happymall | 2008-09-10 | 7.5 HIGH | N/A |
| Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts. | |||||