Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1205 | 1 Crob | 1 Crob Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name. | |||||
| CVE-2003-1204 | 1 Mambo | 1 Mambo Site Server | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php. | |||||
| CVE-2003-1203 | 1 Mambo | 1 Mambo Site Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter. | |||||
| CVE-2003-1202 | 1 Omail | 1 Omail Webmail | 2017-07-11 | 10.0 HIGH | N/A |
| The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username. | |||||
| CVE-2003-1201 | 1 Openldap | 1 Openldap | 2017-07-11 | 5.0 MEDIUM | N/A |
| ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault). | |||||
| CVE-2003-1200 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi. | |||||
| CVE-2003-1199 | 1 Myproxy | 1 Myproxy | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2003-1198 | 1 Cherokee | 1 Cherokee Httpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field. | |||||
| CVE-2003-0105 | 1 Port80 Software | 1 Servermask | 2017-07-11 | 5.0 MEDIUM | N/A |
| ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server. | |||||
| CVE-2004-0134 | 1 Sgi | 1 Irix | 2017-07-11 | 7.2 HIGH | N/A |
| cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed process. | |||||
| CVE-2003-1197 | 1 Ledscripts.com | 1 Ledforums | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread. | |||||
| CVE-2003-1196 | 1 Vienuke | 1 Vieboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2003-1195 | 1 Vienuke | 1 Vieboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable. | |||||
| CVE-2003-1194 | 1 Booby | 1 Booby | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message. | |||||
| CVE-2002-1829 | 1 Openbb | 1 Openbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to inject arbitrary web script or HTML via (1) myhome.php, (2) an onerror attribute in an IMG tag (a variant of CVE-2002-0330), or (3) a glow tag. | |||||
| CVE-2003-1193 | 1 Oracle | 2 Application Server Portal, Oracle9i | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | |||||
| CVE-2003-1192 | 1 Truenorth Software | 1 Ia Webmail Server | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2003-1191 | 1 E107 | 1 E107 | 2017-07-11 | 5.0 MEDIUM | N/A |
| chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded. | |||||
| CVE-2003-1190 | 1 Phprecipebook | 1 Phprecipebook | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe. | |||||
| CVE-2003-1189 | 1 Nokia | 1 Ipso | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2003-1188 | 1 Unichat | 1 Unichat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit. | |||||
| CVE-2003-1187 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter. | |||||
| CVE-2003-1186 | 1 Telcondex | 1 Simplewebserver | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header. | |||||
| CVE-2003-1185 | 1 Thwboard | 1 Thwboard | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php. | |||||
| CVE-2003-1184 | 1 Thwboard | 1 Thwboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs." | |||||
| CVE-2003-1183 | 1 Oracle | 1 Oracle Files | 2017-07-11 | 4.6 MEDIUM | N/A |
| The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access. | |||||
| CVE-2003-1182 | 1 Mpm | 1 Mpm Guestbook | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | |||||
| CVE-2003-1181 | 1 Advanced Poll | 1 Advanced Poll | 2017-07-11 | 5.0 MEDIUM | N/A |
| Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function. | |||||
| CVE-2003-1180 | 1 Advanced Poll | 1 Advanced Poll | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php. | |||||
| CVE-2003-1177 | 1 Atrium Software | 1 Mercur Mailserver | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server. | |||||
| CVE-2003-1176 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2017-07-11 | 6.4 MEDIUM | N/A |
| post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter. | |||||
| CVE-2003-1175 | 1 Synthetic Reality | 1 Sympoll | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter. | |||||
| CVE-2003-1174 | 1 Nullsoft | 1 Shoutcast Server | 2017-07-11 | 2.1 LOW | N/A |
| Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL. | |||||
| CVE-2003-1173 | 1 Centrinity | 1 Centrinity Firstclass | 2017-07-11 | 5.0 MEDIUM | N/A |
| Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory. | |||||
| CVE-2003-1172 | 1 Apache | 1 Cocoon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2003-1171 | 1 Mod Security | 1 Mod Security | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data. | |||||
| CVE-2003-1169 | 1 Datev | 1 Nutzungskontrolle | 2017-07-11 | 4.6 MEDIUM | N/A |
| DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle. | |||||
| CVE-2003-1167 | 1 Gernot Stocker | 1 Kpopup | 2017-07-11 | 7.2 HIGH | N/A |
| misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program. | |||||
| CVE-2003-1166 | 1 Http Commander | 1 Http Commander | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2003-1165 | 1 Brs | 1 Webweaver | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header. | |||||
| CVE-2003-1164 | 1 Mldonkey | 1 Mldonkey | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page. | |||||
| CVE-2003-1163 | 1 Ganglia | 1 Gmond | 2017-07-11 | 5.0 MEDIUM | N/A |
| hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index. | |||||
| CVE-2003-1162 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters. | |||||
| CVE-2003-1160 | 1 Seyeon | 1 Flexwatch Network Video Server | 2017-07-11 | 10.0 HIGH | N/A |
| FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//). | |||||
| CVE-2003-1159 | 1 Plug And Play | 1 Plug And Play Web Server Proxy | 2017-07-11 | 5.0 MEDIUM | N/A |
| Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080. | |||||
| CVE-2003-1157 | 1 Citrix | 1 Metaframe | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. | |||||
| CVE-2003-1156 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 4.6 MEDIUM | N/A |
| Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. | |||||
| CVE-2003-1155 | 1 X-cd-roast | 1 X-cd-roast | 2017-07-11 | 4.6 MEDIUM | N/A |
| X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file. | |||||
| CVE-2003-1154 | 1 Clearswift | 1 Mailsweeper | 2017-07-11 | 7.5 HIGH | N/A |
| MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants. | |||||
| CVE-2003-1153 | 1 Bytehoard | 1 Bytehoard | 2017-07-11 | 5.0 MEDIUM | N/A |
| byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php. | |||||