Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0707 | 1 Tomi Manninen | 1 Linuxnode | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0733 | 1 Bea | 3 Liquid Data, Weblogic Integration, Weblogic Server | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. | |||||
| CVE-2003-0954 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges. | |||||
| CVE-2003-0732 | 1 Cisco | 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more | 2008-09-05 | 10.0 HIGH | N/A |
| CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. | |||||
| CVE-2003-0882 | 1 Apple | 1 Mac Os X | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet. | |||||
| CVE-2003-0901 | 1 Postgresql | 1 Postgresql | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0724 | 1 Compaq | 1 Tru64 | 2008-09-05 | 7.5 HIGH | N/A |
| ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges. | |||||
| CVE-2003-0752 | 1 Attila-php.net | 1 Attilaphp | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter. | |||||
| CVE-2003-0940 | 1 Sap | 1 Sap Db | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. | |||||
| CVE-2003-0943 | 1 Sap | 1 Sap Db | 2008-09-05 | 7.5 HIGH | N/A |
| web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm). | |||||
| CVE-2003-0857 | 1 Redhat | 1 Enterprise Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
| CVE-2003-0970 | 1 Sun | 1 Sun Fire | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled. | |||||
| CVE-2003-0942 | 1 Sap | 1 Sap Db | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa. | |||||
| CVE-2003-0725 | 1 Realnetworks | 2 Helix Universal Server, Realserver | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0855 | 1 Charles Kerr | 1 Pan | 2008-09-05 | 7.8 HIGH | N/A |
| Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address. | |||||
| CVE-2003-0941 | 1 Sap | 1 Sap Db | 2008-09-05 | 7.5 HIGH | N/A |
| web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa. | |||||
| CVE-2003-0939 | 1 Sap | 1 Sap Db | 2008-09-05 | 7.5 HIGH | N/A |
| eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow. | |||||
| CVE-2003-1054 | 1 Mod Access Referer | 1 Mod Access Referer | 2008-09-05 | 5.0 MEDIUM | N/A |
| mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference. | |||||
| CVE-2003-0761 | 1 Digium | 1 Asterisk | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. | |||||
| CVE-2003-0757 | 1 Checkpoint | 1 Firewall-1 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. | |||||
| CVE-2003-1031 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." | |||||
| CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | |||||
| CVE-2003-0603 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 2.1 LOW | N/A |
| Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions. | |||||
| CVE-2003-0644 | 1 Johannes Sixt | 1 Kdbg | 2008-09-05 | 4.6 MEDIUM | N/A |
| Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands. | |||||
| CVE-2003-0683 | 1 Sgi | 1 Irix | 2008-09-05 | 7.5 HIGH | N/A |
| NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions. | |||||
| CVE-2003-0602 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs. | |||||
| CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | |||||
| CVE-2003-0489 | 1 Michael C. Toren | 1 Tcptraceroute | 2008-09-05 | 7.2 HIGH | N/A |
| tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute. | |||||
| CVE-2003-0651 | 1 Mod Mylo | 1 Mod Mylo | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2003-0316 | 1 Fourelle Venturi Wireless | 1 Venturi Client | 2008-09-05 | 5.0 MEDIUM | N/A |
| Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers. | |||||
| CVE-2003-0611 | 1 Xtokkaetama | 1 Xtokkaetama | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable. | |||||
| CVE-2003-0421 | 1 Apple | 1 Darwin Streaming Server | 2008-09-05 | 10.0 HIGH | N/A |
| Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502. | |||||
| CVE-2003-0514 | 1 Apple | 1 Safari | 2008-09-05 | 7.5 HIGH | N/A |
| Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2003-0593 | 1 Opera Software | 1 Opera Web Browser | 2008-09-05 | 7.5 HIGH | N/A |
| Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2003-0500 | 1 Proftpd Project | 1 Proftpd | 2008-09-05 | 10.0 HIGH | N/A |
| SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name. | |||||
| CVE-2003-0537 | 1 Daiki Ueno | 1 Liece Emacs Irc Client | 2008-09-05 | 4.6 MEDIUM | N/A |
| The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users. | |||||
| CVE-2003-0517 | 1 Gert Doering | 1 Mgetty | 2008-09-05 | 2.1 LOW | N/A |
| faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | |||||
| CVE-2003-0438 | 1 Yuuichi Teranishi | 1 Eldav | 2008-09-05 | 1.2 LOW | N/A |
| eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0433 | 1 Gnocatan-develop | 1 Gnocatan | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code. | |||||
| CVE-2003-0573 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact. | |||||
| CVE-2003-0445 | 1 Webfs | 1 Webfs | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI. | |||||
| CVE-2003-0452 | 1 Gunnar Ritter | 1 Osh | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections." | |||||
| CVE-2003-0454 | 1 Joe Rumsey | 1 Xgalaga | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2003-0426 | 1 Apple | 1 Darwin Streaming Server | 2008-09-05 | 10.0 HIGH | N/A |
| The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator. | |||||
| CVE-2003-0458 | 1 Hp | 1 Nonstop Seeview Server Gateway | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges. | |||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 10.0 HIGH | N/A |
| BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | |||||
| CVE-2003-0451 | 1 Xblockout | 1 Xbl | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. | |||||
| CVE-2003-0359 | 1 Stichting Mathematisch Centrum | 1 Nethack | 2008-09-05 | 4.6 MEDIUM | N/A |
| nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code. | |||||
| CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2008-09-05 | 5.0 MEDIUM | N/A |
| Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | |||||
| CVE-2003-0380 | 1 Atftpd | 1 Atftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename. | |||||