Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0333 | 1 Hp | 1 Hp-ux | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085. | |||||
| CVE-2003-0257 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. | |||||
| CVE-2003-0262 | 1 Leksbot | 1 Leksbot | 2017-07-11 | 7.2 HIGH | N/A |
| leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have. | |||||
| CVE-2003-0263 | 1 Floosietek | 1 Ftgatepro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||||
| CVE-2002-0983 | 1 Irssi | 1 Irssi | 2017-07-11 | 5.0 MEDIUM | N/A |
| IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. | |||||
| CVE-2003-0269 | 1 Youbin | 1 Youbin | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2003-0270 | 1 Apple | 1 802.11n | 2017-07-11 | 7.6 HIGH | N/A |
| The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | |||||
| CVE-2003-0276 | 1 Pi3 | 1 Pi3web | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters. | |||||
| CVE-2004-0047 | 1 Yamamoto Hirotaka | 1 Trr19 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges. | |||||
| CVE-2003-0277 | 1 Happycgi | 1 Happymall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter. | |||||
| CVE-2003-0278 | 1 Happycgi.com | 1 Happymall | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter. | |||||
| CVE-2003-0279 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 2.6 LOW | N/A |
| Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | |||||
| CVE-2003-0280 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||||
| CVE-2003-0281 | 1 Firebirdsql | 1 Firebird | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop. | |||||
| CVE-2004-0046 | 1 Snapstream | 1 Snapstream Pvs | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. | |||||
| CVE-2003-0283 | 1 Phorum | 1 Phorum | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. | |||||
| CVE-2003-0285 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. | |||||
| CVE-2003-0287 | 1 Six Apart | 1 Movable Type | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. | |||||
| CVE-2003-0288 | 1 Hiroaki Shirouzu | 1 Ip Messenger | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file. | |||||
| CVE-2003-0289 | 1 Cdrtools | 1 Cdrecord | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter. | |||||
| CVE-2003-0290 | 1 Etype | 1 Eserv | 2017-07-11 | 5.0 MEDIUM | N/A |
| Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated. | |||||
| CVE-2003-0291 | 1 3com | 1 3cp4144 | 2017-07-11 | 5.0 MEDIUM | N/A |
| 3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets. | |||||
| CVE-2004-0043 | 1 Yahoo | 1 Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature. | |||||
| CVE-2003-0327 | 1 Sybase | 1 Adaptive Server Enterprise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow. | |||||
| CVE-2003-0334 | 1 Colten Edwards | 1 Bitchx | 2017-07-11 | 2.1 LOW | N/A |
| BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c. | |||||
| CVE-2004-0158 | 1 Lgames | 1 Lbreakout2 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c. | |||||
| CVE-2004-0224 | 3 Double Precision Incorporated, Gentoo, Inter7 | 4 Courier Mta, Sqwebmail, Linux and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | |||||
| CVE-2004-0162 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. | |||||
| CVE-2004-0222 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0221 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0219 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0166 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." | |||||
| CVE-2004-0228 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.2 HIGH | N/A |
| Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges. | |||||
| CVE-2004-0229 | 2 Gentoo, Linux | 2 Linux, Linux Kernel | 2017-07-11 | 4.6 MEDIUM | N/A |
| The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact. | |||||
| CVE-2004-0231 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." | |||||
| CVE-2004-0156 | 1 Ssmtp | 1 Ssmtp | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-0172 | 1 Juan Cespedes | 1 Ltrace | 2017-07-11 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed. | |||||
| CVE-2004-0218 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0217 | 1 Symantec | 1 Antivirus Scan Engine | 2017-07-11 | 3.7 LOW | N/A |
| The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | |||||
| CVE-2004-0192 | 1 Symantec | 1 Gateway Security 5400 | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. | |||||
| CVE-2004-0227 | 1 Triornis | 1 Zoneminder | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string. | |||||
| CVE-2004-0238 | 1 0verkill | 1 0verkill | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function. | |||||
| CVE-2004-0163 | 1 Sygate Technologies | 1 Secure Enterprise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the key used to encrypt data, which allows remote attackers to cause a denial of service (resource exhaustion) by capturing a session and repeatedly replaying the session. | |||||
| CVE-2004-0237 | 1 Aprox Portal | 1 Aprox Portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter. | |||||
| CVE-2004-0236 | 1 Steelid | 1 Thephototool | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field. | |||||
| CVE-2004-0226 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-0157 | 1 Xonix | 1 Xonix | 2017-07-11 | 4.6 MEDIUM | N/A |
| x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program. | |||||
| CVE-2004-0232 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-0161 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients. | |||||
| CVE-2002-0526 | 1 Inn | 1 Inn | 2017-07-11 | 7.2 HIGH | N/A |
| Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. | |||||