Uncategorized CVEs — 2003 (Page 11/11)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2003-03-03

High

CVE-2003-0100

Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.

CVSS: 7.5CWE: N/A

Critical

CVE-2003-0101

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic auth…

CVSS: 10.0CWE: N/A

High

CVE-2003-0068

The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e…

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0070

VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then in…

CVSS: 6.8CWE: N/A

High

CVE-2003-0049

Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.

CVSS: 7.5CWE: N/A

High

CVE-2003-0066

The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.…

CVSS: 7.5CWE: N/A

High

CVE-2003-0065

The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user…

CVSS: 7.5CWE: N/A

High

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user…

CVSS: 7.5CWE: N/A

High

CVE-2003-0063

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's…

CVSS: 7.3CWE: N/A

High

CVE-2002-0842

Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code…

CVSS: 7.5CWE: N/A

High

CVE-2003-0024

The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0023

The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

CVSS: 5.0CWE: N/A

Medium

CVE-2003-0022

The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file c…

CVSS: 5.0CWE: N/A

Medium

CVE-2003-0021

The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user v…

CVSS: 5.0CWE: N/A

Medium

CVE-2002-1511

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.

CVSS: 5.0CWE: N/A

Critical

CVE-2002-1510

xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.

CVSS: 10.0CWE: N/A

Low

CVE-2002-1509

A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to…

CVSS: 3.6CWE: N/A

High

CVE-2002-1472

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that poi…

CVSS: 7.2CWE: N/A

2003-02-28

High

CVE-2003-1078

The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

CVSS: 7.5CWE: N/A

2003-02-19

High

CVE-2003-0056

Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.

CVSS: 7.2CWE: N/A

High

CVE-2003-1328

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execu…

CVSS: 7.5CWE: N/A

High

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Se…

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0076

Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.

CVSS: 6.4CWE: N/A

High

CVE-2003-0075

Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following…

CVSS: 7.5CWE: N/A

High

CVE-2003-0074

Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.

CVSS: 7.2CWE: N/A

Medium

CVE-2003-0073

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

CVSS: 5.0CWE: N/A

High

CVE-2003-0062

Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.

CVSS: 7.2CWE: N/A

High

CVE-2003-0060

Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute a…

CVSS: 7.5CWE: N/A

High

CVE-2003-0059

Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0058

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that…

CVSS: 5.0CWE: N/A

High

CVE-2003-0057

Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly…

CVSS: 7.5CWE: N/A

High

CVE-2002-1160

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth f…

CVSS: 7.2CWE: N/A

Medium

CVE-2003-0048

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

CVSS: 4.6CWE: N/A

High

CVE-2003-0004

Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.

CVSS: 7.2CWE: N/A

Medium

CVE-2002-0036

Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a neg…

CVSS: 5.0CWE: N/A

Medium

CVE-2002-1348

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

CVSS: 5.0CWE: N/A

Medium

CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded car…

CVSS: 5.0CWE: N/A

Low

CVE-2002-1508

slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.

CVSS: 1.2CWE: N/A

Medium

CVE-2002-0669

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force au…

CVSS: 5.0CWE: N/A

Low

CVE-2003-0018

Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file s…

CVSS: 3.6CWE: N/A

High

CVE-2003-0019

uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfa…

CVSS: 7.2CWE: N/A

High

CVE-2003-0040

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0046

AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

CVSS: 4.6CWE: N/A

Medium

CVE-2003-0047

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, wh…

CVSS: 4.6CWE: N/A

2003-02-18

Medium

CVE-2003-1079

Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in…

CVSS: 5.0CWE: N/A

2003-02-11

Low

CVE-2003-1080

Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.

CVSS: 1.2CWE: N/A

2003-02-07

Medium

CVE-2003-0036

ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "m…

CVSS: 6.2CWE: N/A

Medium

CVE-2003-0045

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DO…

CVSS: 5.0CWE: N/A

Medium

CVE-2003-0044

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HT…

CVSS: 6.8CWE: N/A

Medium

CVE-2003-0043

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through…

CVSS: 5.0CWE: N/A

Medium

CVE-2003-0042

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a J…

CVSS: 5.0CWE: N/A

Medium

CVE-2003-0039

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadc…

CVSS: 5.0CWE: N/A

Medium

CVE-2003-0038

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

CVSS: 4.3CWE: N/A

High

CVE-2003-0037

Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.

CVSS: 7.5CWE: N/A

High

CVE-2003-0034

Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.

CVSS: 7.2CWE: N/A

High

CVE-2003-0035

Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.

CVSS: 7.2CWE: N/A

Medium

CVE-2003-0027

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

CVSS: 5.0CWE: N/A

Medium

CVE-2003-0017

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filenam…

CVSS: 5.0CWE: N/A

High

CVE-2003-0016

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-D…

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0007

Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how…

CVSS: 5.0CWE: N/A

High

CVE-2003-0003

Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC c…

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0002

Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.

CVSS: 6.8CWE: N/A

Medium

CVE-2002-1252

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fie…

CVSS: 5.0CWE: N/A

2003-02-06

Critical

CVE-2003-1090

Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.

CVSS: 10.0CWE: N/A

2003-01-27

Medium

CVE-2003-1075

Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clien…

CVSS: 5.0CWE: N/A

2003-01-17

High

CVE-2002-1400

Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string.

CVSS: 7.5CWE: N/A

Medium

CVE-2003-0032

Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load a…

CVSS: 5.0CWE: N/A

High

CVE-2003-0031

Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).

CVSS: 7.5CWE: N/A

High

CVE-2003-0026

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute…

CVSS: 7.5CWE: N/A

High

CVE-2003-0025

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as…

CVSS: 7.5CWE: N/A

High

CVE-2003-0013

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from e…

CVSS: 7.5CWE: N/A

Low

CVE-2003-0012

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows l…

CVSS: 2.1CWE: N/A

High

CVE-2002-1403

dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.

CVSS: 7.2CWE: N/A

Medium

CVE-2002-1402

Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.

CVSS: 4.6CWE: N/A

Low

CVE-2002-1395

Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwage…

CVSS: 2.1CWE: N/A

Critical

CVE-2002-1399

Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which…

CVSS: 10.0CWE: N/A

Medium

CVE-2002-1390

The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL.

CVSS: 5.0CWE: N/A

High

CVE-2002-1397

Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly t…

CVSS: 7.5CWE: N/A

High

CVE-2002-1396

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

CVSS: 7.5CWE: N/A

Medium

CVE-2002-1398

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handli…

CVSS: 4.6CWE: N/A

High

CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of…

CVSS: 7.5CWE: N/A

High

CVE-2002-1393

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands vi…

CVSS: 7.5CWE: N/A

Low

CVE-2002-1392

faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.

CVSS: 2.1CWE: N/A

High

CVE-2002-1391

Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.

CVSS: 7.5CWE: N/A

2003-01-11

Medium

CVE-2003-0014

gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6CWE: N/A

2003-01-07

Critical

CVE-2002-0626

Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.

CVSS: 10.0CWE: N/A

High

CVE-2002-0627

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.

CVSS: 7.5CWE: N/A

Medium

CVE-2002-0629

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.

CVSS: 5.0CWE: N/A

Medium

CVE-2002-0630

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.

CVSS: 5.0CWE: N/A

2003-01-03

Low

CVE-2003-1071

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supp…

CVSS: 2.1CWE: N/A

2003-01-02

Medium

CVE-2002-1386

Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument.

CVSS: 4.6CWE: N/A

Medium

CVE-2002-1389

Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.

CVSS: 4.6CWE: N/A

Medium

CVE-2002-1388

Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.

CVSS: 4.3CWE: N/A

Medium

CVE-2002-1387

The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument.

CVSS: 4.6CWE: N/A

High

CVE-2002-1379

OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.

CVSS: 7.5CWE: N/A

High

CVE-2002-1378

Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file…

CVSS: 7.5CWE: N/A

High

CVE-2002-1384

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as…

CVSS: 7.2CWE: N/A