Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0560 | 1 Virtual Programming | 1 Vp-asp | 2016-10-18 | 10.0 HIGH | N/A |
| SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter. | |||||
| CVE-2003-0561 | 1 Iglooftp | 1 Iglooftp Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands. | |||||
| CVE-2003-0562 | 1 Novell | 1 Netware | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string. | |||||
| CVE-2003-0578 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 4.6 MEDIUM | N/A |
| cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. | |||||
| CVE-2003-0579 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 4.6 MEDIUM | N/A |
| uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user. | |||||
| CVE-2003-0580 | 1 Ibm | 1 U2 Universe | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument. | |||||
| CVE-2003-0581 | 1 Xfstt | 1 Xfstt | 2016-10-18 | 7.5 HIGH | N/A |
| X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access. | |||||
| CVE-2003-0583 | 1 Tolis Group | 1 Bru | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2003-0584 | 1 Tolis Group | 1 Bru | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument. | |||||
| CVE-2003-0585 | 1 Brooky | 1 Estore | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters. | |||||
| CVE-2003-0586 | 1 Brooky | 1 Estore | 2016-10-18 | 7.5 HIGH | N/A |
| Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php. | |||||
| CVE-2003-0587 | 1 Infopop | 1 Ultimate Bulletin Board | 2016-10-18 | 6.9 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie. | |||||
| CVE-2003-0588 | 1 Digi-fx | 1 Digi-news | 2016-10-18 | 10.0 HIGH | N/A |
| admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2003-0589 | 1 Digi-fx | 1 Digi-news | 2016-10-18 | 10.0 HIGH | N/A |
| admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2003-0590 | 1 Splatt | 1 Splatt Forum | 2016-10-18 | 7.1 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. | |||||
| CVE-2003-0597 | 1 Sco | 1 Openserver | 2016-10-18 | 7.2 HIGH | N/A |
| Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges. | |||||
| CVE-2003-0617 | 1 Hugo Rabson | 1 Mindi | 2016-10-18 | 4.6 MEDIUM | N/A |
| mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0620 | 1 Andries Brouwer | 1 Man | 2016-10-18 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable. | |||||
| CVE-2003-0453 | 1 Ehud Gavron | 1 Traceroute-nanog | 2016-10-18 | 10.0 HIGH | N/A |
| traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. | |||||
| CVE-2003-0455 | 1 Imagemagick | 1 Libmagick Library | 2016-10-18 | 4.6 MEDIUM | N/A |
| The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files. | |||||
| CVE-2003-0467 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. | |||||
| CVE-2003-0471 | 1 Alt-n | 1 Webadmin | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument. | |||||
| CVE-2003-0474 | 1 Ashley Brown | 1 Iweb Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475. | |||||
| CVE-2003-0475 | 1 Ashley Brown | 1 Iweb Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474. | |||||
| CVE-2003-0477 | 1 Wzdftpd | 1 Wzdftpd | 2016-10-18 | 5.0 MEDIUM | N/A |
| wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument. | |||||
| CVE-2003-0478 | 5 Andromede, Bahamut, Daniel Moss and 2 more | 5 Adromedeircd, Ircd, Methane and 2 more | 2016-10-18 | 10.0 HIGH | N/A |
| Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings. | |||||
| CVE-2003-0479 | 1 Affordable Web Space Design | 1 Affordable Web Space Design Webbbs | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields. | |||||
| CVE-2003-0480 | 1 Vmware | 1 Workstation | 2016-10-18 | 3.7 LOW | N/A |
| VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation." | |||||
| CVE-2003-0481 | 1 Gero Kohnert | 1 Tutos | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php. | |||||
| CVE-2003-0482 | 1 Gero Kohnert | 1 Tutos | 2016-10-18 | 7.5 HIGH | N/A |
| TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code. | |||||
| CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | |||||
| CVE-2003-0485 | 1 Progress | 1 4gl Compiler | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type. | |||||
| CVE-2003-0490 | 1 Dantz | 1 Retrospect Client | 2016-10-18 | 7.2 HIGH | N/A |
| The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code. | |||||
| CVE-2003-0491 | 1 Mytutorials | 1 Tutorials | 2016-10-18 | 7.5 HIGH | N/A |
| The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file. | |||||
| CVE-2003-0493 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2016-10-18 | 10.0 HIGH | N/A |
| Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID. | |||||
| CVE-2003-0503 | 1 Microsoft | 1 Windows 2000 | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. | |||||
| CVE-2003-0504 | 1 Phpgroupware | 1 Phpgroupware | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | |||||
| CVE-2003-0505 | 1 Microsoft | 1 Netmeeting | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. | |||||
| CVE-2003-0506 | 1 Microsoft | 1 Netmeeting | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. | |||||
| CVE-2003-0507 | 1 Microsoft | 1 Windows 2000 | 2016-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. | |||||
| CVE-2003-0508 | 1 Adobe | 1 Acrobat Reader | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link. | |||||
| CVE-2003-0510 | 1 Ezbounce | 1 Ezbounce | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command. | |||||
| CVE-2003-0520 | 1 Cerulean Studios | 1 Trillian | 2016-10-18 | 5.0 MEDIUM | N/A |
| Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified. | |||||
| CVE-2003-0521 | 1 Cpanel | 1 Cpanel | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens. | |||||
| CVE-2003-0522 | 1 Early Impact | 1 Productcart | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp. | |||||
| CVE-2003-0523 | 1 Early Impact | 1 Productcart | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter. | |||||
| CVE-2003-0524 | 1 Knoppix | 1 Knoppix | 2016-10-18 | 6.2 MEDIUM | N/A |
| Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory. | |||||
| CVE-2003-0365 | 1 Icq Inc | 1 Icqlite | 2016-10-18 | 4.6 MEDIUM | N/A |
| ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs. | |||||
| CVE-2003-0371 | 1 Prishtina Soft | 1 Prishtina Ftp | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner. | |||||
| CVE-2003-0372 | 1 Nessus | 1 Nessus | 2016-10-18 | 4.6 MEDIUM | N/A |
| Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. | |||||