Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1031 1 Jelsoft 1 Vbulletin 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
CVE-2003-1054 1 Mod Access Referer 1 Mod Access Referer 2008-09-05 5.0 MEDIUM N/A
mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
CVE-2003-0732 1 Cisco 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more 2008-09-05 10.0 HIGH N/A
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
CVE-2003-0724 1 Compaq 1 Tru64 2008-09-05 7.5 HIGH N/A
ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.
CVE-2003-0725 1 Realnetworks 2 Helix Universal Server, Realserver 2008-09-05 7.5 HIGH N/A
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
CVE-2003-0752 1 Attila-php.net 1 Attilaphp 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
CVE-2003-0855 1 Charles Kerr 1 Pan 2008-09-05 7.8 HIGH N/A
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.
CVE-2003-0857 1 Redhat 1 Enterprise Linux 2008-09-05 4.6 MEDIUM N/A
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2003-0878 1 Apple 1 Mac Os X 2008-09-05 2.1 LOW N/A
slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.
CVE-2003-0880 1 Apple 1 Mac Os X 2008-09-05 4.6 MEDIUM N/A
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
CVE-2003-0881 1 Apple 1 Mac Os X 2008-09-05 7.5 HIGH N/A
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.
CVE-2003-0882 1 Apple 1 Mac Os X 2008-09-05 5.0 MEDIUM N/A
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
CVE-2003-0708 1 Tomi Manninen 1 Linuxnode 2008-09-05 7.5 HIGH N/A
Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2003-0707 1 Tomi Manninen 1 Linuxnode 2008-09-05 7.5 HIGH N/A
Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code.
CVE-2003-0900 1 Larry Wall 1 Perl 2008-09-05 5.0 MEDIUM N/A
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
CVE-2003-0901 1 Postgresql 1 Postgresql 2008-09-05 7.5 HIGH N/A
Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.
CVE-2003-0944 1 Sap 1 Sap Db 2008-09-05 7.5 HIGH N/A
Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI.
CVE-2003-0733 1 Bea 3 Liquid Data, Weblogic Integration, Weblogic Server 2008-09-05 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
CVE-2003-0948 1 Wireless Tools 1 Wireless Tools 2008-09-05 7.2 HIGH N/A
Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2003-0970 1 Sun 1 Sun Fire 2008-09-05 5.0 MEDIUM N/A
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
CVE-2003-0939 1 Sap 1 Sap Db 2008-09-05 7.5 HIGH N/A
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.
CVE-2003-0517 1 Gert Doering 1 Mgetty 2008-09-05 2.1 LOW N/A
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
CVE-2003-0636 1 Novell 1 Ichain 2008-09-05 7.5 HIGH N/A
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
CVE-2003-0657 1 Phpgroupware 1 Phpgroupware 2008-09-05 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
CVE-2003-0611 1 Xtokkaetama 1 Xtokkaetama 2008-09-05 4.6 MEDIUM N/A
Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable.
CVE-2003-0599 1 Phpgroupware 1 Phpgroupware 2008-09-05 10.0 HIGH N/A
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
CVE-2003-0637 1 Novell 1 Ichain 2008-09-05 5.0 MEDIUM N/A
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
CVE-2003-0644 1 Johannes Sixt 1 Kdbg 2008-09-05 4.6 MEDIUM N/A
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.
CVE-2003-0573 1 Sgi 1 Irix 2008-09-05 5.0 MEDIUM N/A
The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact.
CVE-2003-0602 1 Mozilla 1 Bugzilla 2008-09-05 6.8 MEDIUM N/A
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
CVE-2003-0603 1 Mozilla 1 Bugzilla 2008-09-05 2.1 LOW N/A
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
CVE-2003-0316 1 Fourelle Venturi Wireless 1 Venturi Client 2008-09-05 5.0 MEDIUM N/A
Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.
CVE-2003-0593 1 Opera Software 1 Opera Web Browser 2008-09-05 7.5 HIGH N/A
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2003-0322 1 Colten Edwards 1 Bitchx 2008-09-05 5.0 MEDIUM N/A
Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash).
CVE-2003-0683 1 Sgi 1 Irix 2008-09-05 7.5 HIGH N/A
NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.
CVE-2003-0328 1 Epic 1 Epic4 2008-09-05 7.5 HIGH N/A
EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.
CVE-2003-0340 1 Demarc Security 1 Puresecure 2008-09-05 7.5 HIGH N/A
Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.
CVE-2003-0355 2 Apple, Kde 2 Safari, Konqueror Embedded 2008-09-05 5.0 MEDIUM N/A
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
CVE-2003-0514 1 Apple 1 Safari 2008-09-05 7.5 HIGH N/A
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVE-2003-0359 1 Stichting Mathematisch Centrum 1 Nethack 2008-09-05 4.6 MEDIUM N/A
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
CVE-2003-0537 1 Daiki Ueno 1 Liece Emacs Irc Client 2008-09-05 4.6 MEDIUM N/A
The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.
CVE-2003-0360 1 Debian 1 Debian Linux 2008-09-05 7.5 HIGH N/A
Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2003-0361 1 Debian 1 Debian Linux 2008-09-05 7.5 HIGH N/A
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.
CVE-2003-0362 1 Debian 1 Debian Linux 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.
CVE-2003-0363 1 Licq 1 Licq 2008-09-05 7.5 HIGH N/A
Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers.
CVE-2003-0366 1 Lysator 1 Lyskom-server 2008-09-05 5.0 MEDIUM N/A
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
CVE-2003-0378 1 Apple 1 Mac Os X 2008-09-05 7.5 HIGH N/A
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.
CVE-2003-0380 1 Atftpd 1 Atftpd 2008-09-05 7.5 HIGH N/A
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
CVE-2003-0381 1 Norman Ramsey 1 Noweb 2008-09-05 2.1 LOW N/A
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
CVE-2003-0389 1 Rsa 1 Ace Agent 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.