Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1152 | 1 Infrontech | 1 Webtide | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?"). | |||||
| CVE-2003-1150 | 1 Novell | 2 Netware, Zenworks Desktops | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. | |||||
| CVE-2003-1149 | 1 Symantec | 1 Norton Internet Security | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page. | |||||
| CVE-2003-1148 | 1 Les Visiteurs | 1 Les Visiteurs | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/. | |||||
| CVE-2003-1145 | 1 Openautoclassifieds | 1 Openautoclassifieds | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter. | |||||
| CVE-2003-1144 | 1 Perception | 1 Liteserve | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name. | |||||
| CVE-2003-1143 | 1 Croteam | 1 Serioussam | 2017-07-11 | 7.5 HIGH | N/A |
| Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter. | |||||
| CVE-2003-1142 | 1 Network Instruments | 1 Niprint Lpd-lpr Print Server | 2017-07-11 | 10.0 HIGH | N/A |
| Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. | |||||
| CVE-2003-1141 | 1 Network Instruments | 1 Niprint Lpd-lpr Print Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515. | |||||
| CVE-2003-1140 | 1 Musicqueue | 1 Musicqueue | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file. | |||||
| CVE-2003-1139 | 1 Musicqueue | 1 Musicqueue | 2017-07-11 | 5.0 MEDIUM | N/A |
| Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file. | |||||
| CVE-2003-1137 | 1 Charles Steinkuehler | 1 Sh-httpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character. | |||||
| CVE-2003-1136 | 1 Chi Kien Uong | 1 Chi Kien Uong Guestbook | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. | |||||
| CVE-2003-1131 | 1 Activecampaign | 1 Knowledgebuilder | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-1129 | 1 Yahoo | 1 Audio Conferencing Activex Control | 2017-07-11 | 2.6 LOW | N/A |
| Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat. | |||||
| CVE-2003-1128 | 1 X2 Studios | 1 Xmms Remote | 2017-07-11 | 7.5 HIGH | N/A |
| XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086. | |||||
| CVE-2003-1127 | 1 Whale Communications | 1 E-gap | 2017-07-11 | 5.0 MEDIUM | N/A |
| Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor. | |||||
| CVE-2003-1115 | 1 Nortel | 1 Succession Communication Server 2000 | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1114 | 1 Mediatrix Telecom | 1 Voip Access Devices And Gateways | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1113 | 1 Iptel | 1 Sip Express Router | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1112 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1111 | 1 Dynamicsoft | 1 Appengine | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1110 | 1 Columbia University | 1 Sipc | 2017-07-11 | 7.5 HIGH | N/A |
| The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
| CVE-2003-1107 | 1 Microsoft | 1 Windows Media Player | 2017-07-11 | 5.1 MEDIUM | N/A |
| The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2003-1123 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 7.5 HIGH | N/A |
| Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model. | |||||
| CVE-2003-1104 | 1 Ibm | 1 Tivoli Firewall Toolbox | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2003-1103 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2003-1102 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code. | |||||
| CVE-2003-1122 | 1 Scriptlogic | 1 Scriptlogic | 2017-07-11 | 2.1 LOW | N/A |
| ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code. | |||||
| CVE-2003-1101 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message. | |||||
| CVE-2003-1100 | 1 Hummingbird | 1 Cyberdocs | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors. | |||||
| CVE-2004-0152 | 1 Emil | 1 Emil | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames. | |||||
| CVE-2004-0153 | 1 Emil | 1 Emil | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages. | |||||
| CVE-2003-1096 | 1 Cisco | 1 Leap | 2017-07-11 | 10.0 HIGH | N/A |
| The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. | |||||
| CVE-2002-1918 | 1 Microsoft | 1 Data Access Components | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. | |||||
| CVE-2003-1095 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. | |||||
| CVE-2003-1094 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.2 HIGH | N/A |
| BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. | |||||
| CVE-2003-1093 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. | |||||
| CVE-2003-1092 | 1 Christos Zoulas | 1 File 1 | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact. | |||||
| CVE-2003-1091 | 1 Apple | 1 Quicktime Broadcaster | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files. | |||||
| CVE-2003-1090 | 1 Celestial Software | 1 Absolutetelnet | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title. | |||||
| CVE-2003-1089 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message. | |||||
| CVE-2003-1088 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | |||||
| CVE-2003-1087 | 1 Hp | 1 Hp-ux | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic. | |||||
| CVE-2002-1726 | 1 Brokenbytes | 1 Photodb | 2017-07-11 | 7.5 HIGH | N/A |
| secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page. | |||||
| CVE-2002-1456 | 1 Khaled Mardam-bey | 1 Mirc | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value. | |||||
| CVE-2002-1397 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 7.5 HIGH | N/A |
| Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. | |||||
| CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-07-11 | 7.5 HIGH | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. | |||||
| CVE-2002-1354 | 1 Typsoft | 1 Typsoft Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command. | |||||
| CVE-2002-1353 | 1 Intranet-server | 1 Localweb2000 | 2017-07-11 | 5.0 MEDIUM | N/A |
| LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under the web document root in users.lst, which allows remote attackers to obtain the passwords via a direct request to users.lst. | |||||