Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0793 | 1 Gnome | 1 Gdm | 2017-07-11 | 2.1 LOW | N/A |
| GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). | |||||
| CVE-2003-0783 | 1 Yongguang Zhang | 1 Hztty | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges. | |||||
| CVE-2003-0782 | 1 Ecartis | 1 Ecartis | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2003-0781 | 1 Ecartis | 1 Ecartis | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords. | |||||
| CVE-2002-2086 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. | |||||
| CVE-2003-0760 | 1 Optisoft | 1 Blubster | 2017-07-11 | 5.0 MEDIUM | N/A |
| Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701. | |||||
| CVE-2003-0758 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2003-0748 | 1 Sap | 1 Internet Transaction Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename. | |||||
| CVE-2003-0747 | 1 Sap | 1 Internet Transaction Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message. | |||||
| CVE-2003-0726 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2017-07-11 | 5.1 MEDIUM | N/A |
| RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag. | |||||
| CVE-2002-2111 | 1 Gianni Tedesco | 1 Fwmon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet. | |||||
| CVE-2003-0704 | 1 Kismac | 1 Kismac | 2017-07-11 | 7.2 HIGH | N/A |
| KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh. | |||||
| CVE-2003-0703 | 1 Kismac | 1 Kismac | 2017-07-11 | 7.2 HIGH | N/A |
| KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh. | |||||
| CVE-2002-2114 | 1 Netjuke | 1 Netjuke | 2017-07-11 | 7.5 HIGH | N/A |
| Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call. | |||||
| CVE-2003-0702 | 1 Iss | 1 Realsecure Server Sensor | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL. | |||||
| CVE-2003-0696 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). | |||||
| CVE-2002-2123 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter. | |||||
| CVE-2002-2124 | 1 Nylon | 1 Nylon | 2017-07-11 | 5.0 MEDIUM | N/A |
| The recvn and sendn functions in nylon 0.2 do not check when the recv function call returns 0, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) by closing the connection while recv is executing. | |||||
| CVE-2002-2127 | 1 Pedestal Software | 1 Integrity Protection Driver | 2017-07-11 | 2.1 LOW | N/A |
| Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink. | |||||
| CVE-2002-2129 | 1 W-agora | 1 W-agora | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form. | |||||
| CVE-2003-0648 | 2 Debian, Fte | 2 Debian Linux, Fte Text Editor | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code. | |||||
| CVE-2003-0645 | 1 Andries Brouwer | 1 Man | 2017-07-11 | 4.6 MEDIUM | N/A |
| man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges. | |||||
| CVE-2003-0642 | 1 Watchguard | 1 Serverlock | 2017-07-11 | 2.1 LOW | N/A |
| WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. | |||||
| CVE-2003-0641 | 1 Watchguard | 1 Serverlock | 2017-07-11 | 4.6 MEDIUM | N/A |
| WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. | |||||
| CVE-2003-0634 | 1 Oracle | 2 Oracle8i, Oracle9i | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | |||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0627 | 1 Peoplesoft | 1 Peopletools | 2017-07-11 | 5.0 MEDIUM | N/A |
| psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments. | |||||
| CVE-2003-0626 | 1 Peoplesoft | 1 Peopletools | 2017-07-11 | 5.0 MEDIUM | N/A |
| psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments. | |||||
| CVE-2003-0623 | 1 Bea | 2 Tuxedo, Weblogic Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. | |||||
| CVE-2003-0622 | 1 Bea | 2 Tuxedo, Weblogic Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. | |||||
| CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | |||||
| CVE-2004-0087 | 1 Apple | 1 Mac Os X | 2017-07-11 | 2.1 LOW | N/A |
| The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. | |||||
| CVE-2003-0618 | 2 Debian, Perl | 2 Debian Linux, Suidperl | 2017-07-11 | 2.1 LOW | N/A |
| Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. | |||||
| CVE-2003-0612 | 1 Robert Hyatt | 1 Crafty | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin. | |||||
| CVE-2003-0607 | 1 Stanley T. Shebs | 1 Xconq | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the (1) USER or (2) DISPLAY environment variables. | |||||
| CVE-2003-0601 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved. | |||||
| CVE-2003-0575 | 1 Sgi | 1 Irix | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list. | |||||
| CVE-2003-0572 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption). | |||||
| CVE-2004-0085 | 1 Apple | 1 Mac Os X | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. | |||||
| CVE-2002-0793 | 1 Qnx | 1 Rtos | 2017-07-11 | 4.6 MEDIUM | N/A |
| Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | |||||
| CVE-2004-0074 | 1 Michael Bischoff | 1 Xsok | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949. | |||||
| CVE-2004-0073 | 1 Stoitsov | 1 Easydynamicpages | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script. | |||||
| CVE-2004-0072 | 1 Accipiter | 1 Accipiter Direct Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request. | |||||
| CVE-2004-0071 | 2017-07-11 | 5.0 MEDIUM | N/A | ||
| Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. | |||||
| CVE-2003-0509 | 1 Cyberstrong | 1 Eshop | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp. | |||||
| CVE-2004-0066 | 1 Phpgedview | 1 Phpgedview | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. | |||||
| CVE-2003-0495 | 1 Ledscripts.com | 1 Lednews | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item. | |||||
| CVE-2003-0494 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-11 | 10.0 HIGH | N/A |
| password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id. | |||||
| CVE-2004-0136 | 1 Sgi | 1 Irix | 2017-07-11 | 2.1 LOW | N/A |
| The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary." | |||||
| CVE-2002-1378 | 1 Openldap | 1 Openldap | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests. | |||||