Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0314 | 1 Snowblind.net | 1 Snowblind Web Server | 2016-10-18 | 6.4 MEDIUM | N/A |
| Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence. | |||||
| CVE-2003-0315 | 1 Snowblind.net | 1 Snowblind Web Server | 2016-10-18 | 7.5 HIGH | N/A |
| Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow. | |||||
| CVE-2003-0318 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. | |||||
| CVE-2003-0319 | 1 Smartmax Software | 1 Mailmax | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command. | |||||
| CVE-2003-0320 | 1 Andy Prevost | 1 Ttcms | 2016-10-18 | 7.5 HIGH | N/A |
| header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script. | |||||
| CVE-2003-0321 | 1 Colten Edwards | 1 Bitchx | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it. | |||||
| CVE-2003-0323 | 1 Michael Sandrof | 1 Ircii | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions. | |||||
| CVE-2003-0324 | 1 Epic | 1 Epic4 | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability. | |||||
| CVE-2003-0325 | 1 Ambrosia Software | 1 Maelstrom | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument. | |||||
| CVE-2003-0326 | 1 Slocate | 1 Slocate | 2016-10-18 | 4.6 MEDIUM | N/A |
| Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to malloc. | |||||
| CVE-2003-0329 | 1 Aclogic | 1 Cesarftp | 2016-10-18 | 4.6 MEDIUM | N/A |
| CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges. | |||||
| CVE-2003-0330 | 1 Ambrosia Software | 1 Maelstrom | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument. | |||||
| CVE-2003-0331 | 1 Ttcms | 1 Ttforum | 2016-10-18 | 10.0 HIGH | N/A |
| SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page. | |||||
| CVE-2003-0332 | 1 Working Resources Inc. | 1 Badblue | 2016-10-18 | 7.6 HIGH | N/A |
| The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. | |||||
| CVE-2003-0335 | 1 Slackware | 1 Slackware Linux | 2016-10-18 | 7.5 HIGH | N/A |
| rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec. | |||||
| CVE-2003-0336 | 1 Qualcomm | 1 Eudora | 2016-10-18 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora. | |||||
| CVE-2003-0337 | 1 Platform | 1 Lsadmin | 2016-10-18 | 4.6 MEDIUM | N/A |
| The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes. | |||||
| CVE-2003-0338 | 1 Wsmp3 | 2 Wsmp3 Daemon, Wsmp3 Web Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests. | |||||
| CVE-2003-0339 | 1 Wsmp3 | 2 Wsmp3 Daemon, Wsmp3 Web Server | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests. | |||||
| CVE-2003-0341 | 1 Owl | 1 Owl Intranet Engine | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field. | |||||
| CVE-2003-0342 | 1 Selom Ofori | 1 Blackmoon Ftp Server | 2016-10-18 | 4.6 MEDIUM | N/A |
| BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges. | |||||
| CVE-2003-0343 | 1 Selom Ofori | 1 Blackmoon Ftp Server | 2016-10-18 | 4.6 MEDIUM | N/A |
| BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks. | |||||
| CVE-2003-0265 | 1 Sap | 1 Sap Db | 2016-10-18 | 6.2 MEDIUM | N/A |
| Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed. | |||||
| CVE-2003-0266 | 1 Bvrp Software | 1 Slwebmail | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll. | |||||
| CVE-2003-0267 | 1 Bvrp Software | 1 Slwebmail | 2016-10-18 | 5.0 MEDIUM | N/A |
| ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file. | |||||
| CVE-2003-0268 | 1 Bvrp Software | 1 Slwebmail | 2016-10-18 | 5.0 MEDIUM | N/A |
| SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. | |||||
| CVE-2003-0271 | 1 Cooolsoft | 1 Personal Ftp Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument. | |||||
| CVE-2003-0272 | 1 Miniportal | 1 Miniportal | 2016-10-18 | 10.0 HIGH | N/A |
| admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value. | |||||
| CVE-2003-0273 | 1 Best Practical Solutions | 1 Request Tracker | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies. | |||||
| CVE-2003-0274 | 1 Cren | 1 Listproc | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value. | |||||
| CVE-2003-0275 | 1 Yabb | 1 Yabb | 2016-10-18 | 5.1 MEDIUM | N/A |
| SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-0292 | 1 Inktomi | 1 Inktomi Traffic-server | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS. | |||||
| CVE-2003-0293 | 1 Palm | 1 Palmos | 2016-10-18 | 5.0 MEDIUM | N/A |
| PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets. | |||||
| CVE-2003-0294 | 1 Php-proxima | 1 Php-proxima | 2016-10-18 | 5.0 MEDIUM | N/A |
| autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation. | |||||
| CVE-2003-0295 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. | |||||
| CVE-2003-0141 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2016-10-18 | 5.1 MEDIUM | N/A |
| The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. | |||||
| CVE-2003-0151 | 1 Bea | 1 Weblogic Server | 2016-10-18 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. | |||||
| CVE-2003-0154 | 1 Mozilla | 1 Bonsai | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. | |||||
| CVE-2003-0156 | 1 Cross Referencer | 1 Lxr | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter. | |||||
| CVE-2003-0163 | 1 Gaim-encryption | 1 Gaim-encryption | 2016-10-18 | 5.0 MEDIUM | N/A |
| decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte. | |||||
| CVE-2003-0169 | 1 Hp | 1 Instant Toptools | 2016-10-18 | 5.0 MEDIUM | N/A |
| hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop. | |||||
| CVE-2003-0197 | 2 Borland Software, Firebirdsql | 2 Interbase, Firebird | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK). | |||||
| CVE-2003-0204 | 1 Kde | 1 Kde | 2016-10-18 | 7.5 HIGH | N/A |
| KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | |||||
| CVE-2003-0205 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2016-10-18 | 7.5 HIGH | N/A |
| gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI. | |||||
| CVE-2003-0206 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2016-10-18 | 5.0 MEDIUM | N/A |
| gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. | |||||
| CVE-2003-0208 | 1 Macromedia | 1 Flash | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. | |||||
| CVE-2003-0209 | 2 Smoothwall, Sourcefire | 2 Smoothwall, Snort | 2016-10-18 | 10.0 HIGH | N/A |
| Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. | |||||
| CVE-2003-0210 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. | |||||
| CVE-2003-0212 | 1 Rinetd | 1 Rinetd | 2016-10-18 | 7.5 HIGH | N/A |
| handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections. | |||||
| CVE-2003-0213 | 1 Poptop | 1 Pptp Server | 2016-10-18 | 7.5 HIGH | N/A |
| ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow. | |||||