Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1329 | 1 Washington University | 1 Wu-ftpd | 2008-09-05 | 7.8 HIGH | N/A |
| ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service. | |||||
| CVE-2003-1132 | 1 Cisco | 2 Content Services Switch 11000, Content Services Switch 11500 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server. | |||||
| CVE-2003-1278 | 1 Infopop | 1 Opentopic | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags. | |||||
| CVE-2003-1277 | 1 Yabb | 1 Yabb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html | |||||
| CVE-2003-1276 | 1 Nettelephone | 1 Nettelephone | 2008-09-05 | 4.6 MEDIUM | N/A |
| Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts. | |||||
| CVE-2003-1275 | 1 Microsoft | 1 Pocket Ie | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function. | |||||
| CVE-2003-1254 | 1 Active Php Bookmarks | 1 Active Php Bookmarks | 2008-09-05 | 5.0 MEDIUM | N/A |
| Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-1271 | 1 An | 1 An-http | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script. | |||||
| CVE-2003-1313 | 1 Eternalmart | 1 Mailing List Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php. | |||||
| CVE-2003-1363 | 1 Aprelium Technologies | 1 Abyss Web Server | 2008-09-05 | 6.4 MEDIUM | N/A |
| The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection. | |||||
| CVE-2003-1270 | 1 An | 1 An-http | 2008-09-05 | 5.0 MEDIUM | N/A |
| AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability. | |||||
| CVE-2003-1269 | 1 An | 1 An-http | 2008-09-05 | 5.0 MEDIUM | N/A |
| AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message. | |||||
| CVE-2003-1268 | 1 Urlogy | 1 A.shop.kart | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters. | |||||
| CVE-2003-1267 | 1 Steve Poulsen | 1 Guildftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1. | |||||
| CVE-2003-1266 | 1 Etype | 1 Eserv | 2008-09-05 | 5.0 MEDIUM | N/A |
| The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data. | |||||
| CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-05 | 2.1 LOW | N/A |
| Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | |||||
| CVE-2003-1170 | 1 Gernot Stocker | 1 Kpopup | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments. | |||||
| CVE-2003-1263 | 1 Brown Bear Software | 1 Ical | 2008-09-05 | 5.0 MEDIUM | N/A |
| ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name. | |||||
| CVE-2003-1261 | 1 Globalscape | 1 Cuteftp | 2008-09-05 | 2.1 LOW | N/A |
| Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard. | |||||
| CVE-2003-1168 | 1 Http Commander | 1 Http Commander | 2008-09-05 | 5.0 MEDIUM | N/A |
| HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message. | |||||
| CVE-2003-1260 | 1 Globalscape | 1 Cuteftp | 2008-09-05 | 7.6 HIGH | N/A |
| Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command. | |||||
| CVE-2003-1161 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.2 HIGH | N/A |
| exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function. | |||||
| CVE-2003-1264 | 2 D-link, Longshine Technologie | 2 Di-614\+, Longshine Wireless Ethernet Access Point | 2008-09-05 | 5.0 MEDIUM | N/A |
| TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication. | |||||
| CVE-2003-1259 | 1 Globalscape | 1 Cuteftp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | |||||
| CVE-2003-1146 | 1 John Beatty | 1 Easy Php Photo Album | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2003-1138 | 1 Redhat | 1 Interchange | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//). | |||||
| CVE-2003-1135 | 1 Yahoo | 1 Messenger | 2008-09-05 | 2.6 LOW | N/A |
| Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID. | |||||
| CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2008-09-05 | 4.3 MEDIUM | N/A |
| siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||||
| CVE-2003-1325 | 1 Valve Software | 1 Half-life Cstrike Dedicated Server | 2008-09-05 | 5.2 MEDIUM | N/A |
| The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734. | |||||
| CVE-2003-1324 | 1 Elmme-mailer | 1 Elm Me\+ | 2008-09-05 | 4.6 MEDIUM | N/A |
| Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group. | |||||
| CVE-2003-1323 | 1 Elm Development Group | 1 Elm | 2008-09-05 | 6.8 MEDIUM | N/A |
| Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors. | |||||
| CVE-2003-1322 | 1 Atrium Software | 1 Mercur Mailserver | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command. | |||||
| CVE-2003-1134 | 1 Sun | 1 Java | 2008-09-05 | 2.1 LOW | N/A |
| Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception. | |||||
| CVE-2003-1311 | 1 Netegrity | 1 Siteminder | 2008-09-05 | 6.8 MEDIUM | N/A |
| siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter. | |||||
| CVE-2003-1258 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2008-09-05 | 7.5 HIGH | N/A |
| activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid. | |||||
| CVE-2003-1126 | 1 Sun | 1 One Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service. | |||||
| CVE-2003-1257 | 1 E-theni | 1 E-theni | 2008-09-05 | 5.0 MEDIUM | N/A |
| find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo. | |||||
| CVE-2003-1119 | 1 Ssh | 1 Secure Shell | 2008-09-05 | 5.0 MEDIUM | N/A |
| SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets. | |||||
| CVE-2003-1125 | 1 Sun | 1 One Directory Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt). | |||||
| CVE-2003-1308 | 1 Fvwm | 1 Fvwm | 2008-09-05 | 4.6 MEDIUM | N/A |
| CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename. | |||||
| CVE-2003-1256 | 1 E-theni | 1 E-theni | 2008-09-05 | 6.8 MEDIUM | N/A |
| aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php. | |||||
| CVE-2003-1306 | 1 Microsoft | 1 Urlscan | 2008-09-05 | 2.6 LOW | N/A |
| Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response. | |||||
| CVE-2003-1279 | 1 Insightful | 1 S-plus | 2008-09-05 | 4.6 MEDIUM | N/A |
| S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html. | |||||
| CVE-2003-1288 | 1 Vserver | 1 Linux-vserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions. | |||||
| CVE-2003-1235 | 1 Brs | 1 Webweaver | 2008-09-05 | 5.0 MEDIUM | N/A |
| BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | |||||
| CVE-2003-1236 | 1 Tanne | 1 Tanne | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog. | |||||
| CVE-2003-1237 | 1 Matt Wright | 1 Wwwboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post. | |||||
| CVE-2003-1251 | 1 Nx | 1 N X Web Content Management System 2002 | 2008-09-05 | 7.5 HIGH | N/A |
| The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code. | |||||
| CVE-2003-1238 | 1 Nuked-klan | 1 Nuked-klan | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules. | |||||
| CVE-2003-1239 | 1 Wihphoto | 1 Wihphoto | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter. | |||||