Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1031 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." | |||||
| CVE-2003-1054 | 1 Mod Access Referer | 1 Mod Access Referer | 2008-09-05 | 5.0 MEDIUM | N/A |
| mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference. | |||||
| CVE-2003-0732 | 1 Cisco | 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more | 2008-09-05 | 10.0 HIGH | N/A |
| CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. | |||||
| CVE-2003-0724 | 1 Compaq | 1 Tru64 | 2008-09-05 | 7.5 HIGH | N/A |
| ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges. | |||||
| CVE-2003-0725 | 1 Realnetworks | 2 Helix Universal Server, Realserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0752 | 1 Attila-php.net | 1 Attilaphp | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter. | |||||
| CVE-2003-0855 | 1 Charles Kerr | 1 Pan | 2008-09-05 | 7.8 HIGH | N/A |
| Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address. | |||||
| CVE-2003-0857 | 1 Redhat | 1 Enterprise Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
| CVE-2003-0878 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875. | |||||
| CVE-2003-0880 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences. | |||||
| CVE-2003-0881 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password. | |||||
| CVE-2003-0882 | 1 Apple | 1 Mac Os X | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet. | |||||
| CVE-2003-0708 | 1 Tomi Manninen | 1 Linuxnode | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2003-0707 | 1 Tomi Manninen | 1 Linuxnode | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0900 | 1 Larry Wall | 1 Perl | 2008-09-05 | 5.0 MEDIUM | N/A |
| Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers. | |||||
| CVE-2003-0901 | 1 Postgresql | 1 Postgresql | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0944 | 1 Sap | 1 Sap Db | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI. | |||||
| CVE-2003-0733 | 1 Bea | 3 Liquid Data, Weblogic Integration, Weblogic Server | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. | |||||
| CVE-2003-0948 | 1 Wireless Tools | 1 Wireless Tools | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-2003-0970 | 1 Sun | 1 Sun Fire | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled. | |||||
| CVE-2003-0939 | 1 Sap | 1 Sap Db | 2008-09-05 | 7.5 HIGH | N/A |
| eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow. | |||||
| CVE-2003-0517 | 1 Gert Doering | 1 Mgetty | 2008-09-05 | 2.1 LOW | N/A |
| faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | |||||
| CVE-2003-0636 | 1 Novell | 1 Ichain | 2008-09-05 | 7.5 HIGH | N/A |
| Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. | |||||
| CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | |||||
| CVE-2003-0611 | 1 Xtokkaetama | 1 Xtokkaetama | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable. | |||||
| CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | |||||
| CVE-2003-0637 | 1 Novell | 1 Ichain | 2008-09-05 | 5.0 MEDIUM | N/A |
| Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. | |||||
| CVE-2003-0644 | 1 Johannes Sixt | 1 Kdbg | 2008-09-05 | 4.6 MEDIUM | N/A |
| Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands. | |||||
| CVE-2003-0573 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact. | |||||
| CVE-2003-0602 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs. | |||||
| CVE-2003-0603 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 2.1 LOW | N/A |
| Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions. | |||||
| CVE-2003-0316 | 1 Fourelle Venturi Wireless | 1 Venturi Client | 2008-09-05 | 5.0 MEDIUM | N/A |
| Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers. | |||||
| CVE-2003-0593 | 1 Opera Software | 1 Opera Web Browser | 2008-09-05 | 7.5 HIGH | N/A |
| Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2003-0322 | 1 Colten Edwards | 1 Bitchx | 2008-09-05 | 5.0 MEDIUM | N/A |
| Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash). | |||||
| CVE-2003-0683 | 1 Sgi | 1 Irix | 2008-09-05 | 7.5 HIGH | N/A |
| NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions. | |||||
| CVE-2003-0328 | 1 Epic | 1 Epic4 | 2008-09-05 | 7.5 HIGH | N/A |
| EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation. | |||||
| CVE-2003-0340 | 1 Demarc Security | 1 Puresecure | 2008-09-05 | 7.5 HIGH | N/A |
| Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges. | |||||
| CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2008-09-05 | 5.0 MEDIUM | N/A |
| Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | |||||
| CVE-2003-0514 | 1 Apple | 1 Safari | 2008-09-05 | 7.5 HIGH | N/A |
| Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2003-0359 | 1 Stichting Mathematisch Centrum | 1 Nethack | 2008-09-05 | 4.6 MEDIUM | N/A |
| nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code. | |||||
| CVE-2003-0537 | 1 Daiki Ueno | 1 Liece Emacs Irc Client | 2008-09-05 | 4.6 MEDIUM | N/A |
| The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users. | |||||
| CVE-2003-0360 | 1 Debian | 1 Debian Linux | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2003-0361 | 1 Debian | 1 Debian Linux | 2008-09-05 | 7.5 HIGH | N/A |
| gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp. | |||||
| CVE-2003-0362 | 1 Debian | 1 Debian Linux | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines. | |||||
| CVE-2003-0363 | 1 Licq | 1 Licq | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers. | |||||
| CVE-2003-0366 | 1 Lysator | 1 Lyskom-server | 2008-09-05 | 5.0 MEDIUM | N/A |
| lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query. | |||||
| CVE-2003-0378 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set. | |||||
| CVE-2003-0380 | 1 Atftpd | 1 Atftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename. | |||||
| CVE-2003-0381 | 1 Norman Ramsey | 1 Noweb | 2008-09-05 | 2.1 LOW | N/A |
| Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script. | |||||
| CVE-2003-0389 | 1 Rsa | 1 Ace Agent | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. | |||||