CVE Daily
← All years

Uncategorized 2003

Page 9/11.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2003-05-05
Medium

CVE-2003-0208

Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2003-0207

ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2003-0204

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when usi…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2003-0201

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2003-0196

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2003-0110

The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0171

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a d…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2003-0163

decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negati…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2003-0136

psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2003-0133

GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0111

The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0173

xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.

CVSS: 7.2CWE: N/A
Read more
2003-04-28
Medium

CVE-2003-1070

Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2003-1072

Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).

CVSS: 2.1CWE: N/A
Read more
2003-04-22
Medium

CVE-2002-1480

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the ent…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2002-1477

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2002-1478

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1479

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly g…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2002-1475

Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1481

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modif…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2002-1482

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1483

db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absol…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1476

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a us…

CVSS: 4.6CWE: N/A
Read more
Low

CVE-2002-1470

SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2002-1474

Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1467

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3)…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1473

Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2002-1465

SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2002-1466

CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1464

Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2002-1468

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2002-1469

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote att…

CVSS: 5.0CWE: N/A
Read more
2003-04-16
Medium

CVE-2003-1054

mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in A…

CVSS: 5.0CWE: N/A
Read more
2003-04-11
Critical

CVE-2002-1428

index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1438

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1429

Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1430

Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1431

Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1433

Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1434

Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2002-1435

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1436

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1437

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-enc…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1443

The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1439

Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.

CVSS: 4.6CWE: N/A
Read more
Critical

CVE-2002-1440

The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2002-1441

Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2)…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0134

Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0135

vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as inten…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0169

hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0197

Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).

CVSS: 7.2CWE: N/A
Read more
High

CVE-2003-0203

Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1426

HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2002-1427

The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1418

Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (A…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1425

Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.

CVSS: 6.4CWE: N/A
Read more
High

CVE-2002-1413

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1424

Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2002-0690

Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1143

Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Wo…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1406

Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."

CVSS: 7.2CWE: N/A
Read more
High

CVE-2002-1408

Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an e…

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2002-1409

ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."

CVSS: 2.1CWE: N/A
Read more
High

CVE-2002-1410

Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access o…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1411

Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1412

Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1407

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-mid…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1414

Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2002-1416

The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct b…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1417

Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1419

The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2002-1420

Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check…

CVSS: 7.2CWE: N/A
Read more
High

CVE-2002-1421

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1422

admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1415

Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1423

tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.

CVSS: 5.0CWE: N/A
Read more
2003-04-02
Medium

CVE-2003-0072

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain prot…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0181

Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a lo…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0106

The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0092

Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2003-0091

Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2003-0083

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into t…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0082

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain prot…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1526

Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2002-1561

The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1528

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1527

emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error tha…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1525

Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1524

Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0152

Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1523

Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0141

The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memo…

CVSS: 5.1CWE: N/A
Read more
High

CVE-2003-0167

Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and pos…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0153

bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2003-0154

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the fil…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2003-0155

bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2003-0159

Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0160

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

CVSS: 5.8CWE: N/A
Read more
Critical

CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disable…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2003-0162

Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0165

Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2003-0166

Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0168

Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2003-0172

Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filenam…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2003-0178

Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields param…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2003-0179

Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the Initializ…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2003-0180

Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2002-1521

Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2002-1522

Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2002-1502

Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.

CVSS: 2.1CWE: N/A
Read more
Critical

CVE-2002-1520

The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-1498

Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2002-1519

Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arb…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2002-0030

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2002-1486

Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2002-1487

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217,…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2002-1488

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian u…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2002-1489

Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.

CVSS: 7.5CWE: N/A
Read more
>