Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0492 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter. | |||||
| CVE-2003-0488 | 1 Kerio | 1 Kerio Mailserver | 2017-07-11 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module. | |||||
| CVE-2003-0487 | 1 Kerio | 1 Kerio Mailserver | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module. | |||||
| CVE-2003-0486 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | |||||
| CVE-2003-0014 | 1 Bmv | 1 Bmv | 2017-07-11 | 4.6 MEDIUM | N/A |
| gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0026 | 1 Isc | 1 Dhcpd | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. | |||||
| CVE-2004-0137 | 1 Sgi | 1 Irix | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues." | |||||
| CVE-2003-0473 | 1 Sgi | 1 Irix | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications. | |||||
| CVE-2003-0472 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning. | |||||
| CVE-2003-0037 | 1 Noffle | 1 Noffle | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code. | |||||
| CVE-2003-0038 | 1 Gnu | 1 Mailman | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. | |||||
| CVE-2003-0470 | 1 Symantec | 1 Security Check | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings. | |||||
| CVE-2003-0042 | 1 Apache | 1 Tomcat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. | |||||
| CVE-2003-0044 | 1 Apache | 1 Tomcat | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. | |||||
| CVE-2003-0057 | 1 Hypermail | 1 Hypermail | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname. | |||||
| CVE-2003-0080 | 1 Gnome | 1 Gnome-lokkit | 2017-07-11 | 7.5 HIGH | N/A |
| The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled. | |||||
| CVE-2003-0444 | 1 Gtksee | 1 Gtksee | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths. | |||||
| CVE-2003-0441 | 1 Orville-write | 1 Orville-write | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges. | |||||
| CVE-2003-0420 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. | |||||
| CVE-2004-0058 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 2.1 LOW | N/A |
| Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. | |||||
| CVE-2004-0014 | 1 Nd | 1 Nd | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings. | |||||
| CVE-2003-0144 | 4 Bsd, Freebsd, Lprold and 1 more | 4 Lpr, Freebsd, Lprold and 1 more | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | |||||
| CVE-2003-0146 | 1 Netpbm | 1 Netpbm | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows. | |||||
| CVE-2003-0153 | 1 Mozilla | 1 Bonsai | 2017-07-11 | 5.0 MEDIUM | N/A |
| bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | |||||
| CVE-2004-0029 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.6 MEDIUM | N/A |
| Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges. | |||||
| CVE-2003-0162 | 1 Ecartis | 1 Ecartis | 2017-07-11 | 7.5 HIGH | N/A |
| Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page. | |||||
| CVE-2003-0170 | 1 Ibm | 1 Aix | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors. | |||||
| CVE-2003-0172 | 1 Php | 1 Php | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. | |||||
| CVE-2003-0174 | 1 Sgi | 1 Irix | 2017-07-11 | 7.5 HIGH | N/A |
| The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password. | |||||
| CVE-2003-0175 | 1 Sgi | 1 Irix | 2017-07-11 | 2.1 LOW | N/A |
| SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl. | |||||
| CVE-2003-0178 | 1 Ibm | 1 Lotus Domino Web Server | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation. | |||||
| CVE-2003-0179 | 1 Ibm | 2 Lotus Domino Web Server, Lotus Notes Client | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. | |||||
| CVE-2003-0180 | 1 Ibm | 1 Lotus Domino Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. | |||||
| CVE-2003-0181 | 1 Ibm | 1 Lotus Domino Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. | |||||
| CVE-2004-0034 | 1 Phorum | 1 Phorum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. | |||||
| CVE-2003-0193 | 1 Catdoc | 1 Catdoc | 2017-07-11 | 2.1 LOW | N/A |
| msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html"). | |||||
| CVE-2003-0202 | 1 Brian Renaud | 1 Metrics | 2017-07-11 | 4.6 MEDIUM | N/A |
| The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0203 | 2 Moxftp, Xftp | 2 Moxftp, Xftp | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner. | |||||
| CVE-2003-0396 | 1 Linux-atm | 1 Linux-atm | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument. | |||||
| CVE-2004-0037 | 1 Opentext | 1 Opentext Firstclass Desktop Client | 2017-07-11 | 7.5 HIGH | N/A |
| FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. | |||||
| CVE-2003-0221 | 1 Hp | 1 Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack. | |||||
| CVE-2003-0235 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command. | |||||
| CVE-2003-0236 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers. | |||||
| CVE-2003-0237 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack. | |||||
| CVE-2003-0238 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag. | |||||
| CVE-2003-0239 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor. | |||||
| CVE-2003-0240 | 1 Axis | 9 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 6 more | 2017-07-11 | 10.0 HIGH | N/A |
| The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). | |||||
| CVE-2004-0050 | 1 Verity | 1 Ultraseek | 2017-07-11 | 5.0 MEDIUM | N/A |
| Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. | |||||
| CVE-2004-0038 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-07-11 | 7.5 HIGH | N/A |
| McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. | |||||
| CVE-2004-0039 | 1 Checkpoint | 1 Firewall-1 | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. | |||||