CVE Daily
← All years

Uncategorized 2003

Page 8/11.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2003-06-16
Medium

CVE-2003-0283

Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2003-0284

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0285

IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabl…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2003-0288

Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2003-0289

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2003-0290

Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.

CVSS: 5.0CWE: N/A
Read more
2003-06-13
Medium

CVE-2003-0420

Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.

CVSS: 4.6CWE: N/A
Read more
2003-06-09
High

CVE-2003-0307

Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0309

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other r…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0325

Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2003-0318

Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2003-0319

Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0320

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0321

Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nic…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0322

Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash).

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0323

Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0324

Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly h…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2003-0331

SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2003-0326

Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to mall…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2003-0328

EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP reques…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0329

CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2003-0330

Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument.

CVSS: 4.6CWE: N/A
Read more
Critical

CVE-2003-0304

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2003-0332

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers…

CVSS: 7.6CWE: N/A
Read more
Medium

CVE-2003-0355

Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0357

Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissecto…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0360

Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0361

gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0362

Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0305

The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0306

Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2003-0303

SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1463

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1454

MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1455

Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2003-0245

Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly exec…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1457

SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1458

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields includin…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1459

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields includi…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1460

L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1461

Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1462

details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1456

Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1564

Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Scrip…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0225

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a lar…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0188

lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2003-0242

IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0241

FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attacker…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0226

Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an e…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2003-0240

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2003-0224

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long f…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial o…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0194

tcpdump does not properly drop privileges to the pcap user when starting up.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2003-0223

Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL contai…

CVSS: 6.8CWE: N/A
Read more
2003-06-06
High

CVE-2003-1068

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

CVSS: 7.2CWE: N/A
Read more
2003-06-03
Medium

CVE-2003-1206

Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands s…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-1069

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

CVSS: 5.0CWE: N/A
Read more
2003-05-27
Critical

CVE-2003-0274

Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2003-0273

Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2003-0261

fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2003-0271

Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0269

Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2003-0268

SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0267

ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0266

Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0265

Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by…

CVSS: 6.2CWE: N/A
Read more
High

CVE-2003-0264

Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0263

Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2003-0272

admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2003-0262

leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, whic…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2003-0260

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0239

icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) o…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0259

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0228

Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containin…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0235

Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0236

Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0238

The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0237

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0243

Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0244

The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses tha…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2003-0255

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2003-0256

The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0258

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private…

CVSS: 7.5CWE: N/A
Read more
2003-05-22
High

CVE-2003-0335

rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0336

Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly han…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0337

The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.con…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2003-0339

Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests.

CVSS: 7.5CWE: N/A
Read more
2003-05-21
Medium

CVE-2003-0341

Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2003-0343

BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier fo…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2003-0338

Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0340

Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.

CVSS: 7.5CWE: N/A
Read more
2003-05-20
Medium

CVE-2003-0342

BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privi…

CVSS: 4.6CWE: N/A
Read more
2003-05-19
High

CVE-2003-0333

Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3…

CVSS: 7.2CWE: N/A
Read more
2003-05-15
High

CVE-2003-0308

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doubl…

CVSS: 7.2CWE: N/A
Read more
2003-05-12
Medium

CVE-2003-0206

gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0233

Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0221

The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2003-0220

Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0219

Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0215

SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0214

run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2003-0213

ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, le…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0212

handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service an…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0210

Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user para…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0112

Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2003-0205

gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0113

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1562

Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0084

mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands v…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0118

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a requ…

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2002-1563

stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.

CVSS: 1.2CWE: N/A
Read more
Medium

CVE-2003-0114

The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0116

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0117

Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.

CVSS: 7.5CWE: N/A
Read more
2003-05-11
Medium

CVE-2003-1146

Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

CVSS: 6.8CWE: N/A
Read more
2003-05-10
Low

CVE-2003-0334

BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.

CVSS: 2.1CWE: N/A
Read more
2003-05-05
Medium

CVE-2003-0198

Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2003-0211

Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2003-0209

Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-b…

CVSS: 10.0CWE: N/A
Read more
>