Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0479 | 1 Microsoft | 1 Ie | 2016-10-18 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference. | |||||
| CVE-2004-0423 | 1 Ssmtp | 1 Ssmtp | 2016-10-18 | 2.1 LOW | N/A |
| The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file. | |||||
| CVE-2004-0344 | 1 Yabb | 1 Yabb | 2016-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter. | |||||
| CVE-2004-0091 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft." | |||||
| CVE-2004-0069 | 1 Hd Soft | 1 Windows Ftp Server | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. | |||||
| CVE-2004-0059 | 1 Lionmax Software | 1 Www File Share Pro | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header. | |||||
| CVE-2004-0061 | 1 Lionmax Software | 1 Www File Share Pro | 2016-10-18 | 7.5 HIGH | N/A |
| WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character. | |||||
| CVE-2004-0065 | 1 Phpgedview | 1 Phpgedview | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. | |||||
| CVE-2004-0064 | 1 Suse | 1 Suse Linux | 2016-10-18 | 2.1 LOW | N/A |
| The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. | |||||
| CVE-2004-0060 | 1 Lionmax Software | 1 Www File Share Pro | 2016-10-18 | 5.0 MEDIUM | N/A |
| WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request. | |||||
| CVE-2004-0062 | 1 Fishnet | 1 Fishcart | 2016-10-18 | 7.5 HIGH | N/A |
| Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. | |||||
| CVE-2003-1318 | 1 Twilight Utilities | 1 Twilight Webserver | 2016-10-18 | 7.8 HIGH | N/A |
| Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376. | |||||
| CVE-2003-1086 | 1 Pmachine | 2 Pmachine Free, Pmachine Pro | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-1262 | 1 Http Fetcher | 1 Http Fetcher Library | 2016-10-18 | 6.4 MEDIUM | N/A |
| Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value. | |||||
| CVE-2003-0980 | 1 Freescripts | 1 Visitorbook | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters. | |||||
| CVE-2003-0961 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 7.2 HIGH | N/A |
| Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges. | |||||
| CVE-2003-0968 | 1 Freeradius | 1 Freeradius | 2016-10-18 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. | |||||
| CVE-2003-0979 | 1 Freescripts | 1 Visitorbook | 2016-10-18 | 5.0 MEDIUM | N/A |
| FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable. | |||||
| CVE-2003-0936 | 1 Symantec | 1 Pcanywhere | 2016-10-18 | 7.2 HIGH | N/A |
| Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe. | |||||
| CVE-2003-0972 | 1 Gnu | 1 Screen | 2016-10-18 | 10.0 HIGH | N/A |
| Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. | |||||
| CVE-2003-0994 | 1 Symantec | 4 Norton Antivirus, Norton Internet Security, Norton System Works and 1 more | 2016-10-18 | 7.2 HIGH | N/A |
| The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. | |||||
| CVE-2003-0886 | 1 Hylafax | 1 Hylafax | 2016-10-18 | 10.0 HIGH | N/A |
| Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0946 | 1 Clam Anti-virus | 1 Clamav | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command. | |||||
| CVE-2003-0898 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 4.6 MEDIUM | N/A |
| IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. | |||||
| CVE-2003-0981 | 1 Freescripts | 1 Visitorbook | 2016-10-18 | 4.3 MEDIUM | N/A |
| FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks. | |||||
| CVE-2003-0934 | 1 Symbol Technologies | 1 Pdt | 2016-10-18 | 4.6 MEDIUM | N/A |
| Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network. | |||||
| CVE-2003-0875 | 1 Openslp | 1 Openslp | 2016-10-18 | 2.1 LOW | N/A |
| Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file. | |||||
| CVE-2003-0955 | 1 Openbsd | 1 Openbsd | 2016-10-18 | 4.6 MEDIUM | N/A |
| OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow. | |||||
| CVE-2003-0865 | 1 Mpg123 | 1 Mpg123 | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. | |||||
| CVE-2003-0960 | 1 Openca | 1 Openca | 2016-10-18 | 7.5 HIGH | N/A |
| OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates. | |||||
| CVE-2003-0974 | 1 Applied Watch Technologies | 1 Applied Watch Command Center | 2016-10-18 | 7.5 HIGH | N/A |
| Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c. | |||||
| CVE-2003-0928 | 1 Clearswift | 1 Mailsweeper | 2016-10-18 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy. | |||||
| CVE-2003-0850 | 2 Dug Song, Rafal Wojtczuk | 2 Dsniff, Libnids | 2016-10-18 | 7.5 HIGH | N/A |
| The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets." | |||||
| CVE-2003-0896 | 1 Sun | 1 Jre | 2016-10-18 | 7.5 HIGH | N/A |
| The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method. | |||||
| CVE-2003-0849 | 1 Gnu | 1 Cfengine | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. | |||||
| CVE-2003-0929 | 1 Clearswift | 1 Mailsweeper | 2016-10-18 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy. | |||||
| CVE-2003-0930 | 1 Clearswift | 1 Mailsweeper | 2016-10-18 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy. | |||||
| CVE-2003-0937 | 1 Sco | 2 Open Unix, Unixware | 2016-10-18 | 4.6 MEDIUM | N/A |
| SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user. | |||||
| CVE-2003-0767 | 1 Gamespy | 2 Roger Wilco Dedicated Server, Roger Wilco Graphical Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value. | |||||
| CVE-2003-0743 | 1 University Of Cambridge | 1 Exim | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer. | |||||
| CVE-2003-0737 | 1 Phpwebsite | 1 Phpwebsite | 2016-10-18 | 5.0 MEDIUM | N/A |
| The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library. | |||||
| CVE-2003-0739 | 1 Vmware | 1 Workstation | 2016-10-18 | 4.6 MEDIUM | N/A |
| VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack. | |||||
| CVE-2003-0740 | 1 Stunnel | 1 Stunnel | 2016-10-18 | 4.6 MEDIUM | N/A |
| Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. | |||||
| CVE-2003-0744 | 1 Leafnode | 1 Leafnode | 2016-10-18 | 5.0 MEDIUM | N/A |
| The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input. | |||||
| CVE-2003-0765 | 1 Nullsoft | 1 Winamp | 2016-10-18 | 7.5 HIGH | N/A |
| The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. | |||||
| CVE-2003-0759 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2003-0736 | 1 Phpwebsite | 1 Phpwebsite | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules. | |||||
| CVE-2003-0763 | 1 Squished Mosquito | 1 Escapade | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter. | |||||
| CVE-2003-0764 | 1 Squished Mosquito | 1 Escapade | 2016-10-18 | 5.0 MEDIUM | N/A |
| Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter. | |||||
| CVE-2003-0768 | 1 Microsoft | 1 Asp.net | 2016-10-18 | 6.8 MEDIUM | N/A |
| Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. | |||||