cpe:/o:freebsd:freebsd:4.2
cpe:/o:freebsd:freebsd:4.3
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.7
cpe:/o:linux:linux_kernel:2.4.1
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:linux:linux_kernel:2.4.3
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000_terminal_services
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:netbsd:netbsd:1.5
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.6
CVE-2003-0001
2003-01-17T00:00:00.000-05:00
2019-04-30T10:27:13.710-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
VULNWATCH
20030110 More information regarding Etherleak
BUGTRAQ
20030110 More information regarding Etherleak
ATSTAKE
A010603-1
MISC
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
CERT-VN
VU#412115
CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
REDHAT
RHSA-2003:025
REDHAT
RHSA-2003:088
BUGTRAQ
20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)
BUGTRAQ
20030117 Re: More information regarding Etherleak
SECTRACK
1031583
SECTRACK
1040185
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
cpe:/a:microsoft:content_management_server:2001
cpe:/a:microsoft:content_management_server:2001:sp1
CVE-2003-0002
2003-02-07T00:00:00.000-05:00
2018-10-12T17:32:19.100-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20021007 CSS on Microsoft Content Management Server
XF
mcms-manuallogin-reasontxt-xss (10318)
BID
5922
MS
MS03-002
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
cpe:/a:microsoft:windows_2000_terminal_services:-
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000_terminal_services:-:sp3
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:home
cpe:/o:microsoft:windows_xp:-::64-bit
cpe:/o:microsoft:windows_xp:-:sp1:64-bit
CVE-2003-0003
2003-02-07T00:00:00.000-05:00
2019-04-30T10:27:13.710-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
NTBUGTRAQ
20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
CERT
CA-2003-03
CERT-VN
VU#610986
BID
6666
MS
MS03-001
XF
win-locator-bo(11132)
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0004
2003-02-19T00:00:00.000-05:00
2018-10-12T17:32:20.600-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
BUGTRAQ
20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
XF
winxp-windows-redirector-bo(11260)
BID
6778
MS
MS03-005
Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
cpe:/a:microsoft:outlook:2002
cpe:/a:microsoft:outlook:2002:sp1
cpe:/a:microsoft:outlook:2002:sp2
CVE-2003-0007
2003-02-07T00:00:00.000-05:00
2018-10-12T17:32:21.067-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BID
6667
MS
MS03-003
XF
outlook-v1-certificate-plaintext(11133)
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
cpe:/o:microsoft:windows_me
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
CVE-2003-0009
2003-03-07T00:00:00.000-05:00
2018-10-12T17:32:21.380-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
CIAC
N-047
XF
winme-hsc-hcp-bo(11425)
CERT-VN
VU#489721
BID
6966
MS
MS03-006
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000_terminal_services
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000_terminal_services::sp3
cpe:/o:microsoft:windows_98::gold
cpe:/o:microsoft:windows_98se
cpe:/o:microsoft:windows_me
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0010
2003-03-24T00:00:00.000-05:00
2019-04-30T10:27:13.710-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20030319 Windows Scripting Engine issue
IDEFENSE
20030319 Heap Overflow in Windows Script Engine
BUGTRAQ
20030319 iDEFENSE Security Advisory 03.19.03: Heap Overflow in Windows Script Engine
BID
7146
MS
MS03-008
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
cpe:/a:microsoft:isa_server:2000
cpe:/a:microsoft:isa_server:2000:sp1
CVE-2003-0011
2003-03-24T00:00:00.000-05:00
2018-10-12T17:32:23.240-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BID
7145
MS
MS03-009
Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.17
cpe:/a:mozilla:bugzilla:2.17.1
CVE-2003-0012
2003-01-17T00:00:00.000-05:00
2016-10-17T22:28:17.573-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030102 [BUGZILLA] Security Advisory - remote database password disclosure
DEBIAN
DSA-230
XF
bugzilla-mining-world-writable(10971)
REDHAT
RHSA-2003:012
BID
6502
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.17
cpe:/a:mozilla:bugzilla:2.17.1
CVE-2003-0013
2003-01-17T00:00:00.000-05:00
2016-10-17T22:28:18.870-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030102 [BUGZILLA] Security Advisory - remote database password disclosure
DEBIAN
DSA-230
XF
bugzilla-htaccess-database-password(10970)
BID
6501
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
cpe:/a:bmv:bmv:1.2
CVE-2003-0014
2003-01-11T00:00:00.000-05:00
2017-07-10T21:29:26.947-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
CONFIRM
http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog
BID
12229
SECTRACK
1012847
DEBIAN
DSA-633
XF
bmv-symlink(18823)
gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
cpe:/a:cvs:cvs:1.10.7
cpe:/a:cvs:cvs:1.10.8
cpe:/a:cvs:cvs:1.11
cpe:/a:cvs:cvs:1.11.1
cpe:/a:cvs:cvs:1.11.1p1
cpe:/a:cvs:cvs:1.11.2
cpe:/a:cvs:cvs:1.11.3
cpe:/a:cvs:cvs:1.11.4
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:5.0
CVE-2003-0015
2003-02-07T00:00:00.000-05:00
2018-05-02T21:29:18.723-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030120 Advisory 01/2003: CVS remote vulnerability
BUGTRAQ
20030122 [security@slackware.com: [slackware-security] New CVS packages available]
BUGTRAQ
20030124 Test program for CVS double-free.
BUGTRAQ
20030202 Exploit for CVS double free() for Linux pserver
FREEBSD
FreeBSD-SA-03:01
REDHAT
RHSA-2003:013
MISC
http://security.e-matters.de/advisories/012003.html
CERT
CA-2003-02
CIAC
N-032
DEBIAN
DSA-233
CERT-VN
VU#650937
MANDRAKE
MDKSA-2003:009
REDHAT
RHSA-2003:012
BID
6650
XF
cvs-doublefree-memory-corruption(11108)
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
CVE-2003-0016
2003-02-07T00:00:00.000-05:00
2017-10-09T21:30:13.250-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MLIST
[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released
CONFIRM
http://www.apacheweek.com/issues/03-01-24#security
CERT-VN
VU#825177
CERT-VN
VU#979793
BID
6659
XF
apache-device-name-dos(11124)
XF
apache-device-code-execution(11125)
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
CVE-2003-0017
2003-02-07T00:00:00.000-05:00
2016-10-17T22:28:23.027-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.19
CVE-2003-0018
2003-02-19T00:00:00.000-05:00
2008-09-10T20:05:23.477-04:00
3.6
LOCAL
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ
DEBIAN
DSA-358
DEBIAN
DSA-423
XF
linux-odirect-information-leak(11249)
MANDRAKE
MDKSA-2003:014
REDHAT
RHSA-2003:025
BID
6763
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
cpe:/o:redhat:linux:8.0::i386
CVE-2003-0019
2003-02-19T00:00:00.000-05:00
2008-09-10T20:05:23.557-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CIAC
N-044
XF
linux-umlnet-gain-privileges(11276)
CERT-VN
VU#134025
REDHAT
RHSA-2003:056
BID
6801
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.
cpe:/a:apache:http_server
CVE-2003-0020
2003-03-18T00:00:00.000-05:00
2017-10-09T21:30:13.377-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030224 Terminal Emulator Security Issues
MANDRAKE
MDKSA-2004:046
BUGTRAQ
20030224 Terminal Emulator Security Issues
APPLE
APPLE-SA-2004-05-03
BUGTRAQ
20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
HP
SSRT4717
GENTOO
GLSA-200405-22
SUNALERT
101555
SUNALERT
57628
XF
apache-esc-seq-injection(11412)
MANDRAKE
MDKSA-2003:050
REDHAT
RHSA-2003:082
REDHAT
RHSA-2003:083
REDHAT
RHSA-2003:104
REDHAT
RHSA-2003:139
REDHAT
RHSA-2003:243
REDHAT
RHSA-2003:244
BID
9930
SLACKWARE
SSA:2004-133
TRUSTIX
2004-0017
TRUSTIX
2004-0027
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
cpe:/a:michael_jennings:eterm:0.8.10
cpe:/a:michael_jennings:eterm:0.9.1
CVE-2003-0021
2003-03-03T00:00:00.000-05:00
2016-10-17T22:28:25.557-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-screen-dump(11413)
MANDRAKE
MDKSA-2003:040
BID
6936
The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
cpe:/a:rxvt:rxvt:2.6.1
cpe:/a:rxvt:rxvt:2.6.2
cpe:/a:rxvt:rxvt:2.6.3
cpe:/a:rxvt:rxvt:2.6.4
cpe:/a:rxvt:rxvt:2.7.5
cpe:/a:rxvt:rxvt:2.7.6
cpe:/a:rxvt:rxvt:2.7.7
cpe:/a:rxvt:rxvt:2.7.8
CVE-2003-0022
2003-03-03T00:00:00.000-05:00
2016-10-17T22:28:26.933-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-screen-dump(11413)
MANDRAKE
MDKSA-2003:034
REDHAT
RHSA-2003:054
REDHAT
RHSA-2003:055
BID
6938
The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
cpe:/a:rxvt:rxvt:2.6.1
cpe:/a:rxvt:rxvt:2.6.2
cpe:/a:rxvt:rxvt:2.6.3
cpe:/a:rxvt:rxvt:2.6.4
cpe:/a:rxvt:rxvt:2.7.5
cpe:/a:rxvt:rxvt:2.7.6
cpe:/a:rxvt:rxvt:2.7.7
cpe:/a:rxvt:rxvt:2.7.8
CVE-2003-0023
2003-03-03T00:00:00.000-05:00
2016-10-17T22:28:28.417-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-menu-modification(11416)
MANDRAKE
MDKSA-2003:034
REDHAT
RHSA-2003:054
REDHAT
RHSA-2003:055
BID
6947
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
cpe:/a:aterm:aterm:0.42
CVE-2003-0024
2003-03-03T00:00:00.000-05:00
2016-10-17T22:28:29.747-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-menu-modification(11416)
BID
6949
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
cpe:/a:horde:imp:2.2
cpe:/a:horde:imp:2.2.1
cpe:/a:horde:imp:2.2.2
cpe:/a:horde:imp:2.2.3
cpe:/a:horde:imp:2.2.4
cpe:/a:horde:imp:2.2.5
cpe:/a:horde:imp:2.2.6
cpe:/a:horde:imp:2.2.7
cpe:/a:horde:imp:2.2.8
CVE-2003-0025
2003-01-17T00:00:00.000-05:00
2016-10-17T22:28:30.950-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030108 IMP 2.x SQL injection vulnerabilities
DEBIAN
DSA-229
BUGTRAQ
20030108 Re: IMP 2.x SQL injection vulnerabilities
BID
6559
SECTRACK
1005904
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
cpe:/a:isc:dhcpd:3.0
cpe:/a:isc:dhcpd:3.0.1:rc1
cpe:/a:isc:dhcpd:3.0.1:rc2
cpe:/a:isc:dhcpd:3.0.1:rc3
cpe:/a:isc:dhcpd:3.0.1:rc4
cpe:/a:isc:dhcpd:3.0.1:rc5
cpe:/a:isc:dhcpd:3.0.1:rc6
cpe:/a:isc:dhcpd:3.0.1:rc7
cpe:/a:isc:dhcpd:3.0.1:rc8
CVE-2003-0026
2003-01-17T00:00:00.000-05:00
2017-07-10T21:29:27.010-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030122 [securityslackware.com: [slackware-security] New DHCP packages available]
CONECTIVA
CLA-2003:562
CERT
CA-2003-01
CIAC
N-031
DEBIAN
DSA-231
CERT-VN
VU#284857
MANDRAKE
MDKSA-2003:007
OPENPKG
OpenPKG-SA-2003.002
REDHAT
RHSA-2003:011
BID
6627
SECTRACK
1005924
SUSE
SuSE-SA:2003:006
XF
dhcpd-minires-multiple-bo(11073)
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0:x86_update_2
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0027
2003-02-07T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
SUNALERT
50104
MISC
http://www.entercept.com/news/uspr/01-22-03.asp
CERT-VN
VU#850785
BID
6665
XF
solaris-kcms-directory-traversal(11129)
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
cpe:/a:gnu:glibc:2.1
cpe:/a:gnu:glibc:2.1.1
cpe:/a:gnu:glibc:2.1.2
cpe:/a:gnu:glibc:2.1.3
cpe:/a:gnu:glibc:2.2
cpe:/a:gnu:glibc:2.2.1
cpe:/a:gnu:glibc:2.2.2
cpe:/a:gnu:glibc:2.2.3
cpe:/a:gnu:glibc:2.2.4
cpe:/a:gnu:glibc:2.2.5
cpe:/a:gnu:glibc:2.3
cpe:/a:gnu:glibc:2.3.1
cpe:/a:gnu:glibc:2.3.2
cpe:/a:mit:kerberos:5-1.2
cpe:/a:mit:kerberos:5-1.2.1
cpe:/a:mit:kerberos:5-1.2.2
cpe:/a:mit:kerberos:5-1.2.3
cpe:/a:mit:kerberos:5-1.2.4
cpe:/a:mit:kerberos:5-1.2.5
cpe:/a:mit:kerberos:5-1.2.6
cpe:/a:mit:kerberos:5-1.2.7
cpe:/a:openafs:openafs:1.0
cpe:/a:openafs:openafs:1.0.1
cpe:/a:openafs:openafs:1.0.2
cpe:/a:openafs:openafs:1.0.3
cpe:/a:openafs:openafs:1.0.4
cpe:/a:openafs:openafs:1.0.4a
cpe:/a:openafs:openafs:1.1
cpe:/a:openafs:openafs:1.1.1
cpe:/a:openafs:openafs:1.1.1a
cpe:/a:openafs:openafs:1.2
cpe:/a:openafs:openafs:1.2.1
cpe:/a:openafs:openafs:1.2.2
cpe:/a:openafs:openafs:1.2.2a
cpe:/a:openafs:openafs:1.2.2b
cpe:/a:openafs:openafs:1.2.3
cpe:/a:openafs:openafs:1.2.4
cpe:/a:openafs:openafs:1.2.5
cpe:/a:openafs:openafs:1.2.6
cpe:/a:openafs:openafs:1.3
cpe:/a:openafs:openafs:1.3.1
cpe:/a:openafs:openafs:1.3.2
cpe:/o:cray:unicos:6.0
cpe:/o:cray:unicos:6.0e
cpe:/o:cray:unicos:6.1
cpe:/o:cray:unicos:7.0
cpe:/o:cray:unicos:8.0
cpe:/o:cray:unicos:8.3
cpe:/o:cray:unicos:9.0
cpe:/o:cray:unicos:9.0.2.5
cpe:/o:cray:unicos:9.2
cpe:/o:cray:unicos:9.2.4
cpe:/o:freebsd:freebsd:4.0
cpe:/o:freebsd:freebsd:4.1
cpe:/o:freebsd:freebsd:4.1.1
cpe:/o:freebsd:freebsd:4.1.1:release
cpe:/o:freebsd:freebsd:4.1.1:stable
cpe:/o:freebsd:freebsd:4.2
cpe:/o:freebsd:freebsd:4.2:stable
cpe:/o:freebsd:freebsd:4.3
cpe:/o:freebsd:freebsd:4.3:release
cpe:/o:freebsd:freebsd:4.3:stable
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.4:stable
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.5:release
cpe:/o:freebsd:freebsd:4.5:stable
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.6:release
cpe:/o:freebsd:freebsd:4.6:stable
cpe:/o:freebsd:freebsd:4.6.2
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.7:release
cpe:/o:freebsd:freebsd:4.7:stable
cpe:/o:freebsd:freebsd:5.0
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
cpe:/o:hp:hp-ux_series_700:10.20
cpe:/o:hp:hp-ux_series_800:10.20
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
cpe:/o:openbsd:openbsd:2.0
cpe:/o:openbsd:openbsd:2.1
cpe:/o:openbsd:openbsd:2.2
cpe:/o:openbsd:openbsd:2.3
cpe:/o:openbsd:openbsd:2.4
cpe:/o:openbsd:openbsd:2.5
cpe:/o:openbsd:openbsd:2.6
cpe:/o:openbsd:openbsd:2.7
cpe:/o:openbsd:openbsd:2.8
cpe:/o:openbsd:openbsd:2.9
cpe:/o:openbsd:openbsd:3.0
cpe:/o:openbsd:openbsd:3.1
cpe:/o:openbsd:openbsd:3.2
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.2f
cpe:/o:sgi:irix:6.5.2m
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.3f
cpe:/o:sgi:irix:6.5.3m
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.4f
cpe:/o:sgi:irix:6.5.4m
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.5f
cpe:/o:sgi:irix:6.5.5m
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.6f
cpe:/o:sgi:irix:6.5.6m
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.7f
cpe:/o:sgi:irix:6.5.7m
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.8f
cpe:/o:sgi:irix:6.5.8m
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.9f
cpe:/o:sgi:irix:6.5.9m
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.10f
cpe:/o:sgi:irix:6.5.10m
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.11f
cpe:/o:sgi:irix:6.5.11m
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.12f
cpe:/o:sgi:irix:6.5.12m
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.13f
cpe:/o:sgi:irix:6.5.13m
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.14f
cpe:/o:sgi:irix:6.5.14m
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.20
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0028
2003-03-25T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
NETBSD
NetBSD-SA2003-008
VULNWATCH
20030319 EEYE: XDR Integer Overflow
BUGTRAQ
20030319 EEYE: XDR Integer Overflow
BUGTRAQ
20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes
BUGTRAQ
20030325 GLSA: glibc (200303-22)
TRUSTIX
2003-0014
BUGTRAQ
20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)
CERT
CA-2003-10
DEBIAN
DSA-266
DEBIAN
DSA-272
DEBIAN
DSA-282
EEYE
AD20030318
CERT-VN
VU#516825
ENGARDE
ESA-20030321-010
MANDRAKE
MDKSA-2003:037
SUSE
SuSE-SA:2003:027
REDHAT
RHSA-2003:051
REDHAT
RHSA-2003:052
REDHAT
RHSA-2003:089
REDHAT
RHSA-2003:091
BUGTRAQ
20030319 RE: EEYE: XDR Integer Overflow
BUGTRAQ
20030331 GLSA: dietlibc (200303-29)
BUGTRAQ
20030331 GLSA: krb5 & mit-krb5 (200303-28)
CONFIRM
https://security.netapp.com/advisory/ntap-20150122-0002/
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
cpe:/a:protegrity:secure.data:2.2.3.7
cpe:/a:protegrity:secure.data:2.2.3.8
CVE-2003-0030
2003-03-18T00:00:00.000-05:00
2016-10-17T22:28:34.793-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030313 Protegrity buffer overflow
CERT-VN
VU#247545
BID
7083
BID
7084
BID
7085
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.
cpe:/a:mcrypt:libmcrypt:2.5.1_r4
cpe:/a:mcrypt:libmcrypt:2.5.2
cpe:/a:mcrypt:libmcrypt:2.5.3
cpe:/a:mcrypt:libmcrypt:2.5_.0
CVE-2003-0031
2003-01-17T00:00:00.000-05:00
2016-10-17T22:28:36.247-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:567
BUGTRAQ
20030103 Multiple libmcrypt vulnerabilities
BUGTRAQ
20030105 GLSA: libmcrypt
DEBIAN
DSA-228
BID
6510
SECTRACK
1006181
Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).
cpe:/a:mcrypt:libmcrypt:2.5.1_r4
cpe:/a:mcrypt:libmcrypt:2.5.2
cpe:/a:mcrypt:libmcrypt:2.5.3
cpe:/a:mcrypt:libmcrypt:2.5_.0
CVE-2003-0032
2003-01-17T00:00:00.000-05:00
2016-10-17T22:28:37.483-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:567
BUGTRAQ
20030103 Multiple libmcrypt vulnerabilities
BUGTRAQ
20030105 GLSA: libmcrypt
DEBIAN
DSA-228
XF
libmcrypt-libtool-memory-leak(10988)
BID
6512
Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.
cpe:/a:snort:snort:1.8.0
cpe:/a:snort:snort:1.8.1
cpe:/a:snort:snort:1.8.2
cpe:/a:snort:snort:1.8.3
cpe:/a:snort:snort:1.8.4
cpe:/a:snort:snort:1.8.5
cpe:/a:snort:snort:1.8.6
cpe:/a:snort:snort:1.8.7
cpe:/a:snort:snort:1.9.0
CVE-2003-0033
2003-03-07T00:00:00.000-05:00
2016-10-17T22:28:38.717-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030303 Snort RPC Vulnerability (fwd)
GENTOO
GLSA-200303-6.1
GENTOO
GLSA-200304-06
CERT
CA-2003-13
DEBIAN
DSA-297
ISS
20030303 Snort RPC Preprocessing Vulnerability
XF
snort-rpc-fragment-bo(10956)
CERT-VN
VU#916785
ENGARDE
ESA-20030307-007
MANDRAKE
MDKSA-2003:029
BID
6963
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.
cpe:/a:jean-jacques_sarton:mtink:0.9.32
cpe:/a:jean-jacques_sarton:mtink:0.9.33
cpe:/a:jean-jacques_sarton:mtink:0.9.52
CVE-2003-0034
2003-02-07T00:00:00.000-05:00
2008-09-10T20:05:24.947-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
MISC
http://www.idefense.com/advisory/01.21.03.txt
MANDRAKE
MDKSA-2003:010
BID
6656
SECTRACK
1005959
Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.
cpe:/a:robert_krawitz:escputil:1.15.2.2
CVE-2003-0035
2003-02-07T00:00:00.000-05:00
2018-10-19T11:29:19.040-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
MISC
http://www.idefense.com/advisory/01.21.03.txt
MANDRAKE
MDKSA-2003:010
BUGTRAQ
20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
BID
6658
SECTRACK
1005959
Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.
cpe:/a:rildo_pragana:ml85p
CVE-2003-0036
2003-02-07T00:00:00.000-05:00
2018-10-19T11:29:19.523-04:00
6.2
LOCAL
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
MISC
http://www.idefense.com/advisory/01.21.03.txt
MANDRAKE
MDKSA-2003:010
BUGTRAQ
20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
SECTRACK
1005959
ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".
cpe:/a:noffle:noffle:1.0.1
CVE-2003-0037
2003-02-07T00:00:00.000-05:00
2017-07-10T21:29:27.057-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
DEBIAN
DSA-244
BID
6695
XF
noffle-multiple-bo(11181)
Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.
cpe:/a:gnu:mailman:2.1
CVE-2003-0038
2003-02-07T00:00:00.000-05:00
2017-07-10T21:29:27.117-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030124 Mailman: cross-site scripting bug
CONFIRM
http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
DEBIAN
DSA-436
BID
6677
SECTRACK
1005987
XF
mailman-email-variable-xss(11152)
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
cpe:/a:isc:dhcpd:3.0.1:rc1
cpe:/a:isc:dhcpd:3.0.1:rc10
cpe:/a:isc:dhcpd:3.0.1:rc2
cpe:/a:isc:dhcpd:3.0.1:rc3
cpe:/a:isc:dhcpd:3.0.1:rc4
cpe:/a:isc:dhcpd:3.0.1:rc5
cpe:/a:isc:dhcpd:3.0.1:rc6
cpe:/a:isc:dhcpd:3.0.1:rc7
cpe:/a:isc:dhcpd:3.0.1:rc8
cpe:/a:isc:dhcpd:3.0.1:rc9
CVE-2003-0039
2003-02-07T00:00:00.000-05:00
2017-10-09T21:30:13.580-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
TURBO
TLSA-2003-26
CONECTIVA
CLSA-2003:616
BUGTRAQ
20030115 DoS against DHCP infrastructure with isc dhcrelay
DEBIAN
DSA-245
CERT-VN
VU#149953
BUGTRAQ
20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
REDHAT
RHSA-2003:034
BID
6628
XF
dhcp-dhcrelay-dos(11187)
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
cpe:/a:double_precision_incorporated:courier_mta:0.37.3
cpe:/a:inter7:courier-imap:1.6
CVE-2003-0040
2003-02-19T00:00:00.000-05:00
2017-10-09T21:30:13.640-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
DEBIAN
DSA-247
BID
6738
XF
courierimap-authmysqllib-sql-injection(11213)
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
cpe:/a:mit:kerberos_ftp_client
cpe:/o:redhat:linux:6.2::i386
cpe:/o:redhat:linux:7.0::i386
cpe:/o:redhat:linux:7.1::i386
cpe:/o:redhat:linux:7.2::i386
cpe:/o:redhat:linux:7.2::ia64
cpe:/o:redhat:linux:7.3::i386
cpe:/o:redhat:linux:8.0::i386
CVE-2003-0041
2003-02-19T00:00:00.000-05:00
2008-09-10T15:17:27.977-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030128 MIT Kerberos FTP client remote shell commands execution
MANDRAKE
MDKSA-2003:021
REDHAT
RHSA-2003:020
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
cpe:/a:apache:tomcat:3.0
cpe:/a:apache:tomcat:3.1
cpe:/a:apache:tomcat:3.1.1
cpe:/a:apache:tomcat:3.2
cpe:/a:apache:tomcat:3.2.1
cpe:/a:apache:tomcat:3.2.3
cpe:/a:apache:tomcat:3.2.4
cpe:/a:apache:tomcat:3.3
cpe:/a:apache:tomcat:3.3.1
CVE-2003-0042
2003-02-07T00:00:00.000-05:00
2017-07-10T21:29:27.180-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
CONFIRM
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
BUGTRAQ
20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
CIAC
N-060
DEBIAN
DSA-246
HP
HPSBUX0303-249
BID
6721
XF
tomcat-null-directory-listing(11194)
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
cpe:/a:apache:tomcat:3.0
cpe:/a:apache:tomcat:3.1
cpe:/a:apache:tomcat:3.1.1
cpe:/a:apache:tomcat:3.2
cpe:/a:apache:tomcat:3.2.1
cpe:/a:apache:tomcat:3.2.3
cpe:/a:apache:tomcat:3.2.4
cpe:/a:apache:tomcat:3.3
cpe:/a:apache:tomcat:3.3.1
CVE-2003-0043
2003-02-07T00:00:00.000-05:00
2017-10-09T21:30:13.720-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
CONFIRM
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
CIAC
N-060
DEBIAN
DSA-246
HP
HPSBUX0303-249
BID
6722
XF
tomcat-webxml-read-files(11195)
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
cpe:/a:apache:tomcat:3.0
cpe:/a:apache:tomcat:3.1
cpe:/a:apache:tomcat:3.1.1
cpe:/a:apache:tomcat:3.2
cpe:/a:apache:tomcat:3.2.1
cpe:/a:apache:tomcat:3.2.3
cpe:/a:apache:tomcat:3.2.4
cpe:/a:apache:tomcat:3.3
cpe:/a:apache:tomcat:3.3.1
cpe:/a:apache:tomcat:3.3.1a
CVE-2003-0044
2003-02-07T00:00:00.000-05:00
2017-07-10T21:29:27.243-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
CONFIRM
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
CIAC
N-060
DEBIAN
DSA-246
HP
HPSBUX0303-249
BID
6720
XF
tomcat-web-app-xss(11196)
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
cpe:/a:apache:tomcat:3.0
cpe:/a:apache:tomcat:3.1
cpe:/a:apache:tomcat:3.1.1
cpe:/a:apache:tomcat:3.2
cpe:/a:apache:tomcat:3.2.1
cpe:/a:apache:tomcat:3.2.3
cpe:/a:apache:tomcat:3.2.4
cpe:/a:apache:tomcat:3.3
cpe:/a:apache:tomcat:3.3.1
CVE-2003-0045
2003-02-07T00:00:00.000-05:00
2017-10-09T21:30:13.783-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
XF
jakarta-tomcat-msdos-dos(12102)
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
cpe:/a:celestial_software:absolutetelnet:2.11
CVE-2003-0046
2003-02-19T00:00:00.000-05:00
2016-10-17T22:28:43.903-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
CONFIRM
http://www.celestialsoftware.net/telnet/beta_software.html
MISC
http://www.idefense.com/advisory/01.28.03.txt
BID
6725
SECTRACK
1006013
AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
cpe:/a:van_dyke_technologies:entunnel:1.0.2
cpe:/a:van_dyke_technologies:securecrt:3.4.7
cpe:/a:van_dyke_technologies:securecrt:4.0.2
cpe:/a:van_dyke_technologies:securefx:2.0.4
cpe:/a:van_dyke_technologies:securefx:2.1.2
CVE-2003-0047
2003-02-19T00:00:00.000-05:00
2016-10-17T22:28:45.217-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
MISC
http://www.idefense.com/advisory/01.28.03.txt
BID
6726
BID
6727
BID
6728
SECTRACK
1006010
SECTRACK
1006011
SECTRACK
1006012
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
cpe:/a:putty:putty:0.48
cpe:/a:putty:putty:0.49
cpe:/a:putty:putty:0.53
cpe:/a:putty:putty:0.53b
CVE-2003-0048
2003-02-19T00:00:00.000-05:00
2016-10-17T22:28:46.390-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
MISC
http://www.idefense.com/advisory/01.28.03.txt
BID
6724
SECTRACK
1006014
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
CVE-2003-0049
2003-03-03T00:00:00.000-05:00
2008-09-10T20:05:26.757-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
SECTRACK
1006107
XF
macos-afp-unauthorized-access(11333)
BID
6860
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
cpe:/a:apple:darwin_streaming_server:4.1.2
cpe:/a:apple:quicktime_streaming_server:4.1.1
CVE-2003-0050
2003-03-07T00:00:00.000-05:00
2016-10-17T22:28:47.657-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
BUGTRAQ
20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
XF
quicktime-darwin-command-execution(11401)
BID
6954
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
cpe:/a:apple:darwin_streaming_server:4.1.2
cpe:/a:apple:quicktime_streaming_server:4.1.1
CVE-2003-0051
2003-03-07T00:00:00.000-05:00
2016-10-17T22:28:48.733-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
BUGTRAQ
20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
XF
quicktime-darwin-path-disclosure(11402)
BID
6956
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
cpe:/a:apple:darwin_streaming_server:4.1.2
cpe:/a:apple:quicktime_streaming_server:4.1.1
CVE-2003-0052
2003-03-07T00:00:00.000-05:00
2016-10-17T22:28:49.827-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
BUGTRAQ
20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
XF
quicktime-darwin-directory-disclosure(11403)
BID
6955
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
cpe:/a:apple:darwin_streaming_server:4.1.2
cpe:/a:apple:quicktime_streaming_server:4.1.1
CVE-2003-0053
2003-03-07T00:00:00.000-05:00
2016-10-17T22:28:51.140-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
BUGTRAQ
20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
XF
quicktime-darwin-parsexml-xss(11404)
BID
6958
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
cpe:/a:apple:darwin_streaming_server:4.1.2
cpe:/a:apple:quicktime_streaming_server:4.1.1
CVE-2003-0054
2003-03-07T00:00:00.000-05:00
2016-10-17T22:28:52.343-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
BUGTRAQ
20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
XF
quicktime-darwin-describe-xss(11405)
BID
6960
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.
cpe:/a:apple:quicktime_darwin_mp3_broadcaster
CVE-2003-0055
2003-03-07T00:00:00.000-05:00
2016-10-17T22:28:53.500-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
BUGTRAQ
20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
XF
quicktime-darwin-mp3-bo(11406)
BID
6957
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.
cpe:/a:slocate:slocate:2.5
cpe:/a:slocate:slocate:2.6
CVE-2003-0056
2003-02-19T00:00:00.000-05:00
2017-10-10T21:29:04.700-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CALDERA
CSSA-2003-009.0
SGI
20040202-01-U
BUGTRAQ
20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)
BUGTRAQ
20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)
BUGTRAQ
20030202 GLSA: slocate
REDHAT
RHSA-2004:041
DEBIAN
DSA-252
MANDRAKE
MDKSA-2003:015
CONECTIVA
CLA-2003:643
MISC
http://www.usg.org.uk/advisories/2003.001.txt
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
cpe:/a:hypermail:hypermail:2.0b25
cpe:/a:hypermail:hypermail:2.1.1
cpe:/a:hypermail:hypermail:2.1.2
cpe:/a:hypermail:hypermail:2.1.3
cpe:/a:hypermail:hypermail:2.1.4
cpe:/a:hypermail:hypermail:2.1.5
cpe:/a:hypermail:hypermail:2.1_.0
CVE-2003-0057
2003-02-19T00:00:00.000-05:00
2017-07-10T21:29:27.320-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030126 Hypermail buffer overflows
BUGTRAQ
20030127 Hypermail buffer overflows
DEBIAN
DSA-248
BID
6689
BID
6690
XF
hypermail-mail-attachment-bo(11157)
XF
hypermail-long-hostname-bo(11158)
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.
cpe:/a:mit:kerberos:5-1.2.1
cpe:/a:mit:kerberos:5-1.2.2
cpe:/a:mit:kerberos:5-1.2.3
cpe:/a:mit:kerberos:5-1.2.4
cpe:/a:sun:enterprise_authentication_mechanism:1.0
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:sunos:5.8
CVE-2003-0058
2003-02-19T00:00:00.000-05:00
2018-10-30T12:25:37.090-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLSA-2003:639
SUNALERT
50142
CONFIRM
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
CERT-VN
VU#661243
MANDRAKE
MDKSA-2003:043
REDHAT
RHSA-2003:051
REDHAT
RHSA-2003:052
REDHAT
RHSA-2003:168
BID
6683
XF
kerberos-kdc-null-pointer-dos(10099)
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
cpe:/a:mit:kerberos:5-1.2.1
cpe:/a:mit:kerberos:5-1.2.2
CVE-2003-0059
2003-02-19T00:00:00.000-05:00
2017-10-09T21:30:13.953-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLSA-2003:639
CONFIRM
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
CERT-VN
VU#684563
MANDRAKE
MDKSA-2003:043
REDHAT
RHSA-2003:051
REDHAT
RHSA-2003:052
REDHAT
RHSA-2003:168
BID
6714
XF
kerberos-kdc-user-spoofing(11188)
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
cpe:/a:mit:kerberos:5-1.2.1
cpe:/a:mit:kerberos:5-1.2.2
cpe:/a:mit:kerberos:5-1.2.3
cpe:/a:mit:kerberos:5-1.2.4
CVE-2003-0060
2003-02-19T00:00:00.000-05:00
2017-07-10T21:29:27.383-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLSA-2003:639
CONFIRM
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
CERT-VN
VU#787523
BID
6712
XF
kerberos-kdc-format-string(11189)
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
cpe:/o:hp:hp-ux:10.20
CVE-2003-0061
2002-01-11T00:00:00.000-05:00
2008-09-05T16:33:21.787-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2005-05-25T11:27:00.000-04:00
ALLOWS_ADMIN_ACCESS
IDEFENSE
20030203 HP UX passwd Binary Buffer Overflow Vulnerability
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.
cpe:/a:eset_software:nod32_antivirus:1.0.11
cpe:/a:eset_software:nod32_antivirus:1.0.12
CVE-2003-0062
2003-02-19T00:00:00.000-05:00
2016-10-17T22:28:57.360-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix
MISC
http://www.idefense.com/advisory/02.10.03.txt
XF
nod32-pathname-bo(11282)
BID
6803
Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.
cpe:/a:xfree86_project:x11r6:4.0
cpe:/a:xfree86_project:x11r6:4.0.1
cpe:/a:xfree86_project:x11r6:4.0.3
cpe:/a:xfree86_project:x11r6:4.1.0
cpe:/a:xfree86_project:x11r6:4.2.0
cpe:/a:xfree86_project:x11r6:4.2.1
CVE-2003-0063
2003-03-03T00:00:00.000-05:00
2016-10-17T22:28:58.830-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
DEBIAN
DSA-380
XF
terminal-emulator-window-title(11414)
REDHAT
RHSA-2003:064
REDHAT
RHSA-2003:065
REDHAT
RHSA-2003:066
REDHAT
RHSA-2003:067
BID
6940
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:10.26
cpe:/o:hp:hp-ux:10.30
cpe:/o:hp:hp-ux:10.34
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
cpe:/o:ibm:aix:4.3
cpe:/o:ibm:aix:4.3.1
cpe:/o:ibm:aix:4.3.2
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
cpe:/o:sgi:irix:5.0
cpe:/o:sgi:irix:5.0.1
cpe:/o:sgi:irix:5.1
cpe:/o:sgi:irix:5.1.1
cpe:/o:sgi:irix:5.2
cpe:/o:sgi:irix:5.3
cpe:/o:sgi:irix:6.0
cpe:/o:sgi:irix:6.0.1
cpe:/o:sgi:irix:6.1
cpe:/o:sgi:irix:6.2
cpe:/o:sgi:irix:6.3
cpe:/o:sgi:irix:6.4
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.2f
cpe:/o:sgi:irix:6.5.2m
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.3f
cpe:/o:sgi:irix:6.5.3m
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.4f
cpe:/o:sgi:irix:6.5.4m
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.5f
cpe:/o:sgi:irix:6.5.5m
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.6f
cpe:/o:sgi:irix:6.5.6m
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.7f
cpe:/o:sgi:irix:6.5.7m
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.8f
cpe:/o:sgi:irix:6.5.8m
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.9f
cpe:/o:sgi:irix:6.5.9m
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.10f
cpe:/o:sgi:irix:6.5.10m
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.11f
cpe:/o:sgi:irix:6.5.11m
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.12f
cpe:/o:sgi:irix:6.5.12m
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.13f
cpe:/o:sgi:irix:6.5.13m
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.14f
cpe:/o:sgi:irix:6.5.14m
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0064
2003-03-03T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-window-title(11414)
HP
HPSBUX0401-309
BID
6942
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:national_university_of_singapore:uxterm:2.3
cpe:/a:national_university_of_singapore:uxterm:2.4.1
CVE-2003-0065
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:01.440-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-window-title(11414)
BID
6945
The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:rxvt:rxvt:2.6.1
cpe:/a:rxvt:rxvt:2.6.2
cpe:/a:rxvt:rxvt:2.6.3
cpe:/a:rxvt:rxvt:2.6.4
cpe:/a:rxvt:rxvt:2.7.5
cpe:/a:rxvt:rxvt:2.7.6
cpe:/a:rxvt:rxvt:2.7.7
cpe:/a:rxvt:rxvt:2.7.8
CVE-2003-0066
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:02.690-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-window-title(11414)
MANDRAKE
MDKSA-2003:003
REDHAT
RHSA-2003:054
REDHAT
RHSA-2003:055
GENTOO
200303-16
BID
6953
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:aterm:aterm:0.42
CVE-2003-0067
2003-03-18T00:00:00.000-05:00
2016-10-17T22:29:03.753-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-window-title(11414)
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:michael_jennings:eterm:0.8.10
cpe:/a:michael_jennings:eterm:0.9.1
CVE-2003-0068
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:05.207-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
DEBIAN
DSA-496
XF
terminal-emulator-window-title(11414)
MANDRAKE
MDKSA-2003:040
BID
10237
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:putty:putty:0.53
CVE-2003-0069
2003-03-18T00:00:00.000-05:00
2016-10-17T22:29:06.423-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-window-title(11414)
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:gnome:gnome-terminal:2.0
cpe:/a:gnome:gnome-terminal:2.2
cpe:/a:nalin_dahyabhai:vte:0.11.21
cpe:/a:nalin_dahyabhai:vte:0.12.2
cpe:/a:nalin_dahyabhai:vte:0.14.2
cpe:/a:nalin_dahyabhai:vte:0.15.0
cpe:/a:nalin_dahyabhai:vte:0.16.14
cpe:/a:nalin_dahyabhai:vte:0.17.4
cpe:/a:nalin_dahyabhai:vte:0.20.5
cpe:/a:nalin_dahyabhai:vte:0.22.5
cpe:/a:nalin_dahyabhai:vte:0.24.3
cpe:/a:nalin_dahyabhai:vte:0.25.1
CVE-2003-0070
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:07.657-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
GENTOO
GLSA-200303-2
XF
terminal-emulator-window-title(11414)
REDHAT
RHSA-2003:053
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:xfree86_project:x11r6:4.0
cpe:/a:xfree86_project:x11r6:4.0.1
cpe:/a:xfree86_project:x11r6:4.0.3
cpe:/a:xfree86_project:x11r6:4.1.0
cpe:/a:xfree86_project:x11r6:4.2.0
cpe:/a:xfree86_project:x11r6:4.2.1
CVE-2003-0071
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:08.910-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
DEBIAN
DSA-380
XF
terminal-emulator-dec-udk(11415)
REDHAT
RHSA-2003:064
REDHAT
RHSA-2003:065
REDHAT
RHSA-2003:066
REDHAT
RHSA-2003:067
BID
6950
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
cpe:/a:mit:kerberos:1.0
cpe:/a:mit:kerberos:1.2.2.beta1
cpe:/a:mit:kerberos:5-1.2
cpe:/a:mit:kerberos:5-1.2.1
cpe:/a:mit:kerberos:5-1.2.2
cpe:/a:mit:kerberos:5-1.2.3
cpe:/a:mit:kerberos:5-1.2.4
cpe:/a:mit:kerberos:5-1.2.5
cpe:/a:mit:kerberos:5-1.2.6
cpe:/a:mit:kerberos:5-1.2.7
cpe:/a:mit:kerberos:5-1.3:alpha1
cpe:/a:mit:kerberos:5_1.0.6
cpe:/a:mit:kerberos:5_1.1
cpe:/a:mit:kerberos:5_1.1.1
CVE-2003-0072
2003-04-02T00:00:00.000-05:00
2018-10-19T11:29:19.757-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
54042
CONFIRM
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
DEBIAN
DSA-266
REDHAT
RHSA-2003:051
REDHAT
RHSA-2003:052
BUGTRAQ
20030331 GLSA: krb5 & mit-krb5 (200303-28)
BID
7184
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
cpe:/a:oracle:mysql:3.23.31
cpe:/a:oracle:mysql:3.23.36
cpe:/a:oracle:mysql:3.23.41
cpe:/a:oracle:mysql:3.23.47
cpe:/a:oracle:mysql:3.23.52
cpe:/a:oracle:mysql:3.23.53
cpe:/a:oracle:mysql:3.23.54
cpe:/a:oracle:mysql:3.23.54a
CVE-2003-0073
2003-02-19T00:00:00.000-05:00
2019-10-07T12:41:09.083-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:743
BUGTRAQ
20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)
DEBIAN
DSA-303
XF
mysql-mysqlchangeuser-doublefree-dos(11199)
ENGARDE
ESA-20030220-004
MANDRAKE
MDKSA-2003:013
CONFIRM
http://www.mysql.com/doc/en/News-3.23.55.html
REDHAT
RHSA-2003:093
REDHAT
RHSA-2003:094
REDHAT
RHSA-2003:166
BID
6718
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
cpe:/a:plptools:plptools:0.6
CVE-2003-0074
2003-02-19T00:00:00.000-05:00
2016-10-17T22:29:11.800-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030129 Local root vuln in SuSE 8.0 plptools package
BUGTRAQ
20030129 Re: Local root vuln in SuSE 8.0 plptools package
XF
plptools-plpnsfd-format-string(11193)
BID
6715
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.
cpe:/a:bladeenc:bladeenc:0.92.7
cpe:/a:bladeenc:bladeenc:0.93.10
cpe:/a:bladeenc:bladeenc:0.94.0
cpe:/a:bladeenc:bladeenc:0.94.1
cpe:/a:bladeenc:bladeenc:0.94.2
CVE-2003-0075
2003-02-19T00:00:00.000-05:00
2016-10-17T22:29:13.067-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030202 Bladeenc 0.94.2 code execution
GENTOO
GLSA-200302-04
XF
bladeenc-myfseek-code-execution(11227)
MISC
http://www.pivx.com/luigi/adv/blade942-adv.txt
BID
6745
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
cpe:/a:dcgui:dcgui:0.2
cpe:/a:dcgui:dcgui:0.2.1
cpe:/a:qt-dcgui:qt-dcgui:0.2
cpe:/a:qt-dcgui:qt-dcgui:0.2.1
CVE-2003-0076
2003-02-19T00:00:00.000-05:00
2016-10-17T22:29:14.253-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html
BUGTRAQ
20030204 GLSA: qt-dcgui
XF
qtdcgui-directory-download-files(11246)
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.
cpe:/a:hanterm:hanterm-xf:2.0.5
CVE-2003-0077
2003-03-18T00:00:00.000-05:00
2016-10-17T22:29:15.410-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-window-title(11414)
REDHAT
RHSA-2003:070
REDHAT
RHSA-2003:071
The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
cpe:/a:openssl:openssl:0.9.1c
cpe:/a:openssl:openssl:0.9.2b
cpe:/a:openssl:openssl:0.9.3
cpe:/a:openssl:openssl:0.9.4
cpe:/a:openssl:openssl:0.9.5
cpe:/a:openssl:openssl:0.9.5a
cpe:/a:openssl:openssl:0.9.6
cpe:/a:openssl:openssl:0.9.6a
cpe:/a:openssl:openssl:0.9.6b
cpe:/a:openssl:openssl:0.9.6c
cpe:/a:openssl:openssl:0.9.6d
cpe:/a:openssl:openssl:0.9.6e
cpe:/a:openssl:openssl:0.9.6g
cpe:/a:openssl:openssl:0.9.6h
cpe:/a:openssl:openssl:0.9.7
cpe:/a:openssl:openssl:0.9.7:beta1
cpe:/a:openssl:openssl:0.9.7:beta2
cpe:/a:openssl:openssl:0.9.7:beta3
cpe:/o:freebsd:freebsd:4.2
cpe:/o:freebsd:freebsd:4.3
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.8:pre-release
cpe:/o:freebsd:freebsd:5.0
cpe:/o:openbsd:openbsd:3.1
cpe:/o:openbsd:openbsd:3.2
CVE-2003-0078
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:16.643-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
NETBSD
NetBSD-SA2003-001
SGI
20030501-01-I
CONECTIVA
CLSA-2003:570
BUGTRAQ
20030219 OpenSSL 0.9.7a and 0.9.6i released
BUGTRAQ
20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
GENTOO
GLSA-200302-10
CIAC
N-051
DEBIAN
DSA-253
XF
ssl-cbc-information-leak(11369)
ENGARDE
ESA-20030220-005
MANDRAKE
MDKSA-2003:020
CONFIRM
http://www.openssl.org/news/secadv_20030219.txt
REDHAT
RHSA-2003:062
REDHAT
RHSA-2003:063
REDHAT
RHSA-2003:082
REDHAT
RHSA-2003:104
REDHAT
RHSA-2003:205
BID
6884
TRUSTIX
2003-0005
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
cpe:/a:hanterm:hanterm-xf:2.0
CVE-2003-0079
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:18.130-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030224 Terminal Emulator Security Issues
BUGTRAQ
20030224 Terminal Emulator Security Issues
XF
terminal-emulator-dec-udk(11415)
REDHAT
RHSA-2003:070
REDHAT
RHSA-2003:071
BID
6944
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
cpe:/a:gnome:gnome-lokkit:0.50_21
CVE-2003-0080
2003-03-31T00:00:00.000-05:00
2017-07-10T21:29:27.447-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
REDHAT
RHSA-2003:072
BID
7128
XF
gnomelokkit-forward-bypass-firewall(11552)
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
cpe:/a:ethereal_group:ethereal:0.8.18
cpe:/a:ethereal_group:ethereal:0.9.0
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.9.9
CVE-2003-0081
2003-03-18T00:00:00.000-05:00
2017-10-09T21:30:14.093-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLSA-2003:627
MANDRAKE
MDKSA-2003:051
FULLDISC
20030308 Ethereal format string bug, yet still ethereal much better than windows
DEBIAN
DSA-258
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00008.html
MISC
http://www.guninski.com/etherre.html
GENTOO
GLSA-200303-10
SUSE
SuSE-SA:2003:019
REDHAT
RHSA-2003:076
REDHAT
RHSA-2003:077
BID
7049
XF
ethereal-socks-format-string(11497)
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
cpe:/a:mit:kerberos:1.0
cpe:/a:mit:kerberos:1.2.2.beta1
cpe:/a:mit:kerberos:5-1.2
cpe:/a:mit:kerberos:5-1.2.1
cpe:/a:mit:kerberos:5-1.2.2
cpe:/a:mit:kerberos:5-1.2.3
cpe:/a:mit:kerberos:5-1.2.4
cpe:/a:mit:kerberos:5-1.2.5
cpe:/a:mit:kerberos:5-1.2.6
cpe:/a:mit:kerberos:5-1.2.7
cpe:/a:mit:kerberos:5-1.3:alpha1
cpe:/a:mit:kerberos:5_1.0.6
cpe:/a:mit:kerberos:5_1.1
cpe:/a:mit:kerberos:5_1.1.1
CVE-2003-0082
2003-04-02T00:00:00.000-05:00
2018-10-19T11:29:20.493-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
54042
CONFIRM
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
DEBIAN
DSA-266
REDHAT
RHSA-2003:051
REDHAT
RHSA-2003:052
REDHAT
RHSA-2003:091
BUGTRAQ
20030331 GLSA: krb5 & mit-krb5 (200303-28)
BID
7185
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
cpe:/a:apache:http_server:1.3
cpe:/a:apache:http_server:2.0
CVE-2003-0083
2003-04-02T00:00:00.000-05:00
2017-10-10T21:29:04.840-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25
CONFIRM
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH
BUGTRAQ
20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2
BUGTRAQ
20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
REDHAT
RHSA-2003:139
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
cpe:/a:mod_auth_any:mod_auth_any:1.2.2
CVE-2003-0084
2003-05-12T00:00:00.000-04:00
2017-07-10T21:29:27.493-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
REDHAT
RHSA-2003:114
CIAC
N-090
CONFIRM
http://www.itlab.musc.edu/webNIS/mod_auth_any.html
REDHAT
RHSA-2003:113
BID
7448
XF
modauthany-command-execution(11893)
mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.
cpe:/a:hp:cifs-9000_server:a.01.05
cpe:/a:hp:cifs-9000_server:a.01.06
cpe:/a:hp:cifs-9000_server:a.01.07
cpe:/a:hp:cifs-9000_server:a.01.08
cpe:/a:hp:cifs-9000_server:a.01.08.01
cpe:/a:hp:cifs-9000_server:a.01.09
cpe:/a:hp:cifs-9000_server:a.01.09.01
cpe:/a:samba:samba:2.0.0
cpe:/a:samba:samba:2.0.1
cpe:/a:samba:samba:2.0.2
cpe:/a:samba:samba:2.0.3
cpe:/a:samba:samba:2.0.4
cpe:/a:samba:samba:2.0.5
cpe:/a:samba:samba:2.0.6
cpe:/a:samba:samba:2.0.7
cpe:/a:samba:samba:2.0.8
cpe:/a:samba:samba:2.0.9
cpe:/a:samba:samba:2.0.10
cpe:/a:samba:samba:2.2.0
cpe:/a:samba:samba:2.2.0a
cpe:/a:samba:samba:2.2.1a
cpe:/a:samba:samba:2.2.2
cpe:/a:samba:samba:2.2.3
cpe:/a:samba:samba:2.2.3a
cpe:/a:samba:samba:2.2.4
cpe:/a:samba:samba:2.2.5
cpe:/a:samba:samba:2.2.6
cpe:/a:samba:samba:2.2.7
cpe:/a:samba:samba:2.2.7a
CVE-2003-0085
2003-03-31T00:00:00.000-05:00
2018-10-19T11:29:21.197-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SGI
20030302-01-I
BUGTRAQ
20030317 GLSA: samba (200303-11)
BUGTRAQ
20030317 Security Bugfix for Samba - Samba 2.2.8 Released
BUGTRAQ
20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
DEBIAN
DSA-262
GENTOO
GLSA-200303-11
CERT-VN
VU#298233
MANDRAKE
MDKSA-2003:032
SUSE
SuSE-SA:2003:016
REDHAT
RHSA-2003:095
REDHAT
RHSA-2003:096
BUGTRAQ
20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
IMMUNIX
IMNX-2003-7+-003-01
BID
7106
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
cpe:/a:samba:samba:2.0.0
cpe:/a:samba:samba:2.0.1
cpe:/a:samba:samba:2.0.2
cpe:/a:samba:samba:2.0.3
cpe:/a:samba:samba:2.0.4
cpe:/a:samba:samba:2.0.5
cpe:/a:samba:samba:2.0.6
cpe:/a:samba:samba:2.0.7
cpe:/a:samba:samba:2.0.8
cpe:/a:samba:samba:2.0.9
cpe:/a:samba:samba:2.0.10
cpe:/a:samba:samba:2.2.0
cpe:/a:samba:samba:2.2.0a
cpe:/a:samba:samba:2.2.1a
cpe:/a:samba:samba:2.2.2
cpe:/a:samba:samba:2.2.3
cpe:/a:samba:samba:2.2.3a
cpe:/a:samba:samba:2.2.4
cpe:/a:samba:samba:2.2.5
cpe:/a:samba:samba:2.2.6
cpe:/a:samba:samba:2.2.7
cpe:/a:samba:samba:2.2.7a
CVE-2003-0086
2003-03-31T00:00:00.000-05:00
2018-10-19T11:29:22.320-04:00
1.2
LOCAL
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SGI
20030302-01-I
BUGTRAQ
20030317 GLSA: samba (200303-11)
BUGTRAQ
20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
DEBIAN
DSA-262
GENTOO
GLSA-200303-11
MANDRAKE
MDKSA-2003:032
SUSE
SuSE-SA:2003:016
REDHAT
RHSA-2003:095
REDHAT
RHSA-2003:096
BUGTRAQ
20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
BID
7107
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
cpe:/a:national_language_support:libim
CVE-2003-0087
2003-03-03T00:00:00.000-05:00
2017-10-09T21:30:14.157-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
BUGTRAQ
20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
BUGTRAQ
20030212 libIM.a buffer overflow vulnerability
MISC
http://www.idefense.com/advisory/02.12.03.txt
BID
6840
AIXAPAR
IY40307
AIXAPAR
IY40317
AIXAPAR
IY40320
XF
aix-aixterm-libim-bo(11309)
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
CVE-2003-0088
2003-03-03T00:00:00.000-05:00
2008-09-10T20:05:48.070-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
ATSTAKE
A021403-1
XF
macos-trublueenvironment-gain-privileges(11332)
BID
6859
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.11
CVE-2003-0089
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:05.057-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
BUGTRAQ
20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
HP
HPSBUX0311-293
BID
8986
XF
hp-sd-utilities-bo(13623)
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.
CVE-2003-0090
2003-12-15T00:00:00.000-05:00
2008-09-10T15:17:53.633-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
CVE-2003-0091
2003-04-02T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability
MISC
http://packetstormsecurity.org/0304-advisories/sa2003-02.txt
SUNALERT
52443
CIAC
N-068
MISC
http://www.nsfocus.com/english/homepage/sa2003-02.htm
BUGTRAQ
20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0092
2003-04-02T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
SUNALERT
52388
BUGTRAQ
20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
BID
7240
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
cpe:/a:lbl:tcpdump:3.4
cpe:/a:lbl:tcpdump:3.4a6
cpe:/a:lbl:tcpdump:3.5
cpe:/a:lbl:tcpdump:3.5.2
cpe:/a:lbl:tcpdump:3.6.2
CVE-2003-0093
2003-03-03T00:00:00.000-05:00
2017-10-09T21:30:14.220-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
DEBIAN
DSA-261
MANDRAKE
MDKSA-2003:027
REDHAT
RHSA-2003:032
REDHAT
RHSA-2003:033
REDHAT
RHSA-2003:214
MISC
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585
XF
tcpdump-radius-decoder-dos(11324)
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.
cpe:/a:andries_brouwer:util-linux:2.11n
cpe:/a:andries_brouwer:util-linux:2.11u
CVE-2003-0094
2003-03-03T00:00:00.000-05:00
2017-10-09T21:30:14.283-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
MANDRAKE
MDKSA-2003:016
BID
6855
XF
utillinux-mcookie-cookie-predictable(11318)
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
cpe:/a:oracle:database_server:8.0.6
cpe:/a:oracle:database_server:9.2.1
cpe:/a:oracle:database_server:9.2.2
cpe:/a:oracle:oracle8i:8.1.7
cpe:/a:oracle:oracle8i:8.1.7.1
cpe:/a:oracle:oracle9i:9.0
cpe:/a:oracle:oracle9i:9.0.1
cpe:/a:oracle:oracle9i:9.0.1.2
cpe:/a:oracle:oracle9i:9.0.1.3
cpe:/a:oracle:oracle9i:9.0.2
CVE-2003-0095
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:25.943-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
CERT
CA-2003-05
CIAC
N-046
XF
oracle-username-bo(11328)
CERT-VN
VU#953746
BID
6849
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
cpe:/a:oracle:database_server:8.0.6
cpe:/a:oracle:database_server:9.2.1
cpe:/a:oracle:database_server:9.2.2
cpe:/a:oracle:oracle8i:8.1.7
cpe:/a:oracle:oracle8i:8.1.7.1
cpe:/a:oracle:oracle9i:9.0
cpe:/a:oracle:oracle9i:9.0.1
cpe:/a:oracle:oracle9i:9.0.1.2
cpe:/a:oracle:oracle9i:9.0.1.3
cpe:/a:oracle:oracle9i:9.0.2
CVE-2003-0096
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:27.257-04:00
9.0
NETWORK
LOW
SINGLE_INSTANCE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
VULNWATCH
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
VULNWATCH
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
BUGTRAQ
20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
BUGTRAQ
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
BUGTRAQ
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
CERT
CA-2003-05
CIAC
N-046
XF
oracle-bfilename-directory-bo(11325)
XF
oracle-tzoffset-bo(11326)
XF
oracle-totimestamptz-bo(11327)
CERT-VN
VU#663786
CERT-VN
VU#743954
CERT-VN
VU#840666
MISC
http://www.nextgenss.com/advisories/ora-bfilebo.txt
MISC
http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
MISC
http://www.nextgenss.com/advisories/ora-tzofstbo.txt
BID
6847
BID
6848
BID
6850
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
cpe:/a:php:php:4.3.0
CVE-2003-0097
2003-03-03T00:00:00.000-05:00
2018-10-30T12:25:35.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
GENTOO
GLSA-200302-09
GENTOO
GLSA-200302-09.1
XF
php-cgi-sapi-access(11343)
BID
6875
CONFIRM
http://www.slackware.com/changelog/current.php?cpu=i386
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
cpe:/a:apcupsd:apcupsd:0.3.91_5
cpe:/a:apcupsd:apcupsd:3.8.5
cpe:/a:apcupsd:apcupsd:3.10.0
cpe:/a:apcupsd:apcupsd:3.10.1
cpe:/a:apcupsd:apcupsd:3.10.2
cpe:/a:apcupsd:apcupsd:3.10.3
cpe:/a:apcupsd:apcupsd:3.10.4
cpe:/o:debian:debian_linux:2.2
cpe:/o:debian:debian_linux:3.0
CVE-2003-0098
2003-03-03T00:00:00.000-05:00
2018-09-26T11:59:18.560-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2018-09-25T12:53:34.317-04:00
ALLOWS_ADMIN_ACCESS
CALDERA
CSSA-2003-015.0
CONFIRM
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
MISC
http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
SECTRACK
1006108
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=137900
DEBIAN
DSA-277
XF
apcupsd-logevent-format-string(11334)
MANDRAKE
MDKSA-2003:018
SUSE
SuSE-SA:2003:022
BID
6828
BID
7200
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
cpe:/a:apc:apcupsd:3.8.5
CVE-2003-0099
2003-03-03T00:00:00.000-05:00
2008-09-10T15:17:55.960-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CALDERA
CSSA-2003-015.0
SECTRACK
1006108
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=137892
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=137900
DEBIAN
DSA-277
XF
apcupsd-vsprintf-multiple-bo(11491)
MANDRAKE
MDKSA-2003:018
SUSE
SuSE-SA:2003:022
BID
7200
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.
cpe:/o:cisco:ios:11.1
cpe:/o:cisco:ios:11.1%287%29aa
cpe:/o:cisco:ios:11.1%287%29ca
cpe:/o:cisco:ios:11.1%289%29ia
cpe:/o:cisco:ios:11.1%2813%29
cpe:/o:cisco:ios:11.1%2813%29aa
cpe:/o:cisco:ios:11.1%2813%29ca
cpe:/o:cisco:ios:11.1%2813%29ia
cpe:/o:cisco:ios:11.1%2815%29aa
cpe:/o:cisco:ios:11.1%2815%29ca
cpe:/o:cisco:ios:11.1%2815%29ia
cpe:/o:cisco:ios:11.1%2816%29aa
cpe:/o:cisco:ios:11.1%2816%29ia
cpe:/o:cisco:ios:11.1%2817%29cc
cpe:/o:cisco:ios:11.1%2817%29ct
cpe:/o:cisco:ios:11.1%2820%29aa4
cpe:/o:cisco:ios:11.1%2824a%29
cpe:/o:cisco:ios:11.1%2824b%29
cpe:/o:cisco:ios:11.1%2828a%29ct
cpe:/o:cisco:ios:11.1%2828a%29ia
cpe:/o:cisco:ios:11.1%2836%29ca2
cpe:/o:cisco:ios:11.1%2836%29cc2
cpe:/o:cisco:ios:11.1%2836%29cc4
cpe:/o:cisco:ios:11.1aa
cpe:/o:cisco:ios:11.1ca
cpe:/o:cisco:ios:11.1cc
cpe:/o:cisco:ios:11.1ct
cpe:/o:cisco:ios:11.1ia
cpe:/o:cisco:ios:11.2
cpe:/o:cisco:ios:11.2%284%29
cpe:/o:cisco:ios:11.2%284%29f
cpe:/o:cisco:ios:11.2%284%29f1
cpe:/o:cisco:ios:11.2%284%29xa
cpe:/o:cisco:ios:11.2%284%29xaf
cpe:/o:cisco:ios:11.2%288%29p
cpe:/o:cisco:ios:11.2%288%29sa1
cpe:/o:cisco:ios:11.2%288%29sa3
cpe:/o:cisco:ios:11.2%288%29sa5
cpe:/o:cisco:ios:11.2%288.9%29sa6
cpe:/o:cisco:ios:11.2%289%29p
cpe:/o:cisco:ios:11.2%289%29xa
cpe:/o:cisco:ios:11.2%2810%29bc
cpe:/o:cisco:ios:11.2%2811b%29t2
cpe:/o:cisco:ios:11.2%2817%29
cpe:/o:cisco:ios:11.2%2819%29gs0.2
cpe:/o:cisco:ios:11.2%2819a%29gs6
cpe:/o:cisco:ios:11.2%2823a%29bc1
cpe:/o:cisco:ios:11.2%2826%29p2
cpe:/o:cisco:ios:11.2%2826a%29
cpe:/o:cisco:ios:11.2%2826b%29
cpe:/o:cisco:ios:11.2bc
cpe:/o:cisco:ios:11.2f
cpe:/o:cisco:ios:11.2gs
cpe:/o:cisco:ios:11.2p
cpe:/o:cisco:ios:11.2sa
cpe:/o:cisco:ios:11.2wa3
cpe:/o:cisco:ios:11.2wa4
cpe:/o:cisco:ios:11.2xa
cpe:/o:cisco:ios:11.3
cpe:/o:cisco:ios:11.3%281%29ed
cpe:/o:cisco:ios:11.3%281%29t
cpe:/o:cisco:ios:11.3%282%29xa
cpe:/o:cisco:ios:11.3%287%29db1
cpe:/o:cisco:ios:11.3%288%29db2
cpe:/o:cisco:ios:11.3%2811%29b
cpe:/o:cisco:ios:11.3%2811b%29
cpe:/o:cisco:ios:11.3%2811b%29t2
cpe:/o:cisco:ios:11.3%2811c%29
cpe:/o:cisco:ios:11.3aa
cpe:/o:cisco:ios:11.3da
cpe:/o:cisco:ios:11.3db
cpe:/o:cisco:ios:11.3ha
cpe:/o:cisco:ios:11.3ma
cpe:/o:cisco:ios:11.3na
cpe:/o:cisco:ios:11.3t
cpe:/o:cisco:ios:11.3wa4
cpe:/o:cisco:ios:11.3xa
cpe:/o:cisco:ios:12.0
cpe:/o:cisco:ios:12.0%281%29
cpe:/o:cisco:ios:12.0%281%29w
cpe:/o:cisco:ios:12.0%281%29xa3
cpe:/o:cisco:ios:12.0%281%29xb
cpe:/o:cisco:ios:12.0%281%29xe
cpe:/o:cisco:ios:12.0%282%29
cpe:/o:cisco:ios:12.0%282%29xc
cpe:/o:cisco:ios:12.0%282%29xd
cpe:/o:cisco:ios:12.0%282%29xe
cpe:/o:cisco:ios:12.0%282%29xf
cpe:/o:cisco:ios:12.0%282%29xg
cpe:/o:cisco:ios:12.0%282b%29
cpe:/o:cisco:ios:12.0%283%29
cpe:/o:cisco:ios:12.0%283%29t2
cpe:/o:cisco:ios:12.0%283d%29
cpe:/o:cisco:ios:12.0%284%29s
cpe:/o:cisco:ios:12.0%284%29t
cpe:/o:cisco:ios:12.0%284%29xe
cpe:/o:cisco:ios:12.0%284%29xe1
cpe:/o:cisco:ios:12.0%284%29xm
cpe:/o:cisco:ios:12.0%284%29xm1
cpe:/o:cisco:ios:12.0%285%29t
cpe:/o:cisco:ios:12.0%285%29t1
cpe:/o:cisco:ios:12.0%285%29wc
cpe:/o:cisco:ios:12.0%285%29wc2
cpe:/o:cisco:ios:12.0%285%29wc2b
cpe:/o:cisco:ios:12.0%285%29wc3
cpe:/o:cisco:ios:12.0%285%29wc3b
cpe:/o:cisco:ios:12.0%285%29wx
cpe:/o:cisco:ios:12.0%285%29xe
cpe:/o:cisco:ios:12.0%285%29xk
cpe:/o:cisco:ios:12.0%285%29xk2
cpe:/o:cisco:ios:12.0%285%29xn
cpe:/o:cisco:ios:12.0%285%29xn1
cpe:/o:cisco:ios:12.0%285%29xs
cpe:/o:cisco:ios:12.0%285%29xu
cpe:/o:cisco:ios:12.0%285%29yb4
cpe:/o:cisco:ios:12.0%285.1%29xp
cpe:/o:cisco:ios:12.0%285.2%29xu
cpe:/o:cisco:ios:12.0%285.3%29wc1
cpe:/o:cisco:ios:12.0%285.4%29wc1
cpe:/o:cisco:ios:12.0%286b%29
cpe:/o:cisco:ios:12.0%287%29db2
cpe:/o:cisco:ios:12.0%287%29dc1
cpe:/o:cisco:ios:12.0%287%29s1
cpe:/o:cisco:ios:12.0%287%29sc
cpe:/o:cisco:ios:12.0%287%29t
cpe:/o:cisco:ios:12.0%287%29t2
cpe:/o:cisco:ios:12.0%287%29wx5%2815a%29
cpe:/o:cisco:ios:12.0%287%29xe
cpe:/o:cisco:ios:12.0%287%29xe2
cpe:/o:cisco:ios:12.0%287%29xf
cpe:/o:cisco:ios:12.0%287%29xf1
cpe:/o:cisco:ios:12.0%287%29xk
cpe:/o:cisco:ios:12.0%287%29xk3
cpe:/o:cisco:ios:12.0%287%29xv
cpe:/o:cisco:ios:12.0%287.4%29s
cpe:/o:cisco:ios:12.0%287a%29
cpe:/o:cisco:ios:12.0%288%29
cpe:/o:cisco:ios:12.0%288%29s1
cpe:/o:cisco:ios:12.0%288.0.2%29s
cpe:/o:cisco:ios:12.0%288.3%29sc
cpe:/o:cisco:ios:12.0%288a%29
cpe:/o:cisco:ios:12.0%289%29
cpe:/o:cisco:ios:12.0%289%29s
cpe:/o:cisco:ios:12.0%289%29s8
cpe:/o:cisco:ios:12.0%289a%29
cpe:/o:cisco:ios:12.0%2810%29s7
cpe:/o:cisco:ios:12.0%2810%29w5
cpe:/o:cisco:ios:12.0%2810%29w5%2818f%29
cpe:/o:cisco:ios:12.0%2810%29w5%2818g%29
cpe:/o:cisco:ios:12.0%2810a%29
cpe:/o:cisco:ios:12.0%2811%29s6
cpe:/o:cisco:ios:12.0%2811%29st4
cpe:/o:cisco:ios:12.0%2811a%29
cpe:/o:cisco:ios:12.0%2812%29s3
cpe:/o:cisco:ios:12.0%2812a%29
cpe:/o:cisco:ios:12.0%2813%29s6
cpe:/o:cisco:ios:12.0%2813%29w5%2819c%29
cpe:/o:cisco:ios:12.0%2813%29wt6%281%29
cpe:/o:cisco:ios:12.0%2813a%29
cpe:/o:cisco:ios:12.0%2814%29s7
cpe:/o:cisco:ios:12.0%2814%29st
cpe:/o:cisco:ios:12.0%2814%29st3
cpe:/o:cisco:ios:12.0%2814%29w5%2820%29
cpe:/o:cisco:ios:12.0%2814a%29
cpe:/o:cisco:ios:12.0%2815%29s3
cpe:/o:cisco:ios:12.0%2815%29s6
cpe:/o:cisco:ios:12.0%2815a%29
cpe:/o:cisco:ios:12.0%2816%29s8
cpe:/o:cisco:ios:12.0%2816%29sc3
cpe:/o:cisco:ios:12.0%2816%29st1
cpe:/o:cisco:ios:12.0%2816%29w5%2821%29
cpe:/o:cisco:ios:12.0%2816.06%29s
cpe:/o:cisco:ios:12.0%2816a%29
cpe:/o:cisco:ios:12.0%2817%29
cpe:/o:cisco:ios:12.0%2817%29s
cpe:/o:cisco:ios:12.0%2817%29s4
cpe:/o:cisco:ios:12.0%2817%29sl2
cpe:/o:cisco:ios:12.0%2817%29sl6
cpe:/o:cisco:ios:12.0%2817%29st1
cpe:/o:cisco:ios:12.0%2817%29st5
cpe:/o:cisco:ios:12.0%2817a%29
cpe:/o:cisco:ios:12.0%2818%29s
cpe:/o:cisco:ios:12.0%2818%29s5
cpe:/o:cisco:ios:12.0%2818%29st1
cpe:/o:cisco:ios:12.0%2818%29w5%2822b%29
cpe:/o:cisco:ios:12.0%2818b%29
cpe:/o:cisco:ios:12.0da
cpe:/o:cisco:ios:12.0db
cpe:/o:cisco:ios:12.0dc
cpe:/o:cisco:ios:12.0s
cpe:/o:cisco:ios:12.0sc
cpe:/o:cisco:ios:12.0sl
cpe:/o:cisco:ios:12.0sp
cpe:/o:cisco:ios:12.0st
cpe:/o:cisco:ios:12.0sx
cpe:/o:cisco:ios:12.0t
cpe:/o:cisco:ios:12.0w5
cpe:/o:cisco:ios:12.0wc
cpe:/o:cisco:ios:12.0wt
cpe:/o:cisco:ios:12.0wx
cpe:/o:cisco:ios:12.0xa
cpe:/o:cisco:ios:12.0xb
cpe:/o:cisco:ios:12.0xc
cpe:/o:cisco:ios:12.0xd
cpe:/o:cisco:ios:12.0xe
cpe:/o:cisco:ios:12.0xf
cpe:/o:cisco:ios:12.0xg
cpe:/o:cisco:ios:12.0xh
cpe:/o:cisco:ios:12.0xi
cpe:/o:cisco:ios:12.0xj
cpe:/o:cisco:ios:12.0xk
cpe:/o:cisco:ios:12.0xl
cpe:/o:cisco:ios:12.0xm
cpe:/o:cisco:ios:12.0xn
cpe:/o:cisco:ios:12.0xp
cpe:/o:cisco:ios:12.0xq
cpe:/o:cisco:ios:12.0xr
cpe:/o:cisco:ios:12.0xs
cpe:/o:cisco:ios:12.0xu
cpe:/o:cisco:ios:12.0xv
cpe:/o:cisco:ios:12.0xw
CVE-2003-0100
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:29.727-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030220 Cisco IOS OSPF exploit
BUGTRAQ
20030221 Re: Cisco IOS OSPF exploit
XF
cisco-ios-ospf-bo(11373)
BID
6895
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
cpe:/a:engardelinux:guardian_digital_webtool:1.2
cpe:/a:usermin:usermin:0.4
cpe:/a:usermin:usermin:0.5
cpe:/a:usermin:usermin:0.6
cpe:/a:usermin:usermin:0.7
cpe:/a:usermin:usermin:0.8
cpe:/a:usermin:usermin:0.9
cpe:/a:usermin:usermin:0.91
cpe:/a:usermin:usermin:0.92
cpe:/a:usermin:usermin:0.93
cpe:/a:usermin:usermin:0.94
cpe:/a:usermin:usermin:0.95
cpe:/a:usermin:usermin:0.96
cpe:/a:usermin:usermin:0.97
cpe:/a:usermin:usermin:0.98
cpe:/a:usermin:usermin:0.99
cpe:/a:webmin:webmin:1.0.50
cpe:/a:webmin:webmin:1.0.60
CVE-2003-0101
2003-03-03T00:00:00.000-05:00
2016-10-17T22:29:30.850-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SGI
20030602-01-I
HP
HPSBUX0303-250
ENGARDE
ESA-20030225-006
BUGTRAQ
20030224 Webmin 1.050 - 1.060 remote exploit
BUGTRAQ
20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
BUGTRAQ
20030224 GLSA: usermin (200302-14)
CONFIRM
http://marc.info/?l=webmin-announce&m=104587858408101&w=2
CIAC
N-058
DEBIAN
DSA-319
XF
webmin-usermin-root-access(11390)
MISC
http://www.lac.co.jp/security/english/snsadv_e/62_e.html
CONFIRM
http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
MANDRAKE
MDKSA-2003:025
BID
6915
SECTRACK
1006160
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
cpe:/a:file:file:3.28
cpe:/a:file:file:3.30
cpe:/a:file:file:3.32
cpe:/a:file:file:3.33
cpe:/a:file:file:3.34
cpe:/a:file:file:3.35
cpe:/a:file:file:3.36
cpe:/a:file:file:3.37
cpe:/a:file:file:3.39
cpe:/a:file:file:3.40
cpe:/o:netbsd:netbsd:1.5
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.6
CVE-2003-0102
2003-03-18T00:00:00.000-05:00
2018-05-02T21:29:19.100-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
NETBSD
NetBSD-SA2003-003
IMMUNIX
IMNX-2003-7+-012-01
BUGTRAQ
20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)
DEBIAN
DSA-260
MISC
http://www.idefense.com/advisory/03.04.03.txt
CERT-VN
VU#611865
MANDRAKE
MDKSA-2003:030
SUSE
SuSE-SA:2003:017
REDHAT
RHSA-2003:086
REDHAT
RHSA-2003:087
BID
7008
XF
file-afctr-read-bo(11469)
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
cpe:/h:nokia:6210_handset:5.27
CVE-2003-0103
2003-03-07T00:00:00.000-05:00
2008-09-05T16:33:29.380-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
XF
nokia-6210-vcard-dos(11421)
BID
6952
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
cpe:/a:peoplesoft:peopletools:8.10
cpe:/a:peoplesoft:peopletools:8.11
cpe:/a:peoplesoft:peopletools:8.12
cpe:/a:peoplesoft:peopletools:8.13
cpe:/a:peoplesoft:peopletools:8.14
cpe:/a:peoplesoft:peopletools:8.15
cpe:/a:peoplesoft:peopletools:8.16
cpe:/a:peoplesoft:peopletools:8.17
cpe:/a:peoplesoft:peopletools:8.18
cpe:/a:peoplesoft:peopletools:8.40
cpe:/a:peoplesoft:peopletools:8.41
CVE-2003-0104
2003-03-18T00:00:00.000-05:00
2008-09-05T16:33:29.537-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ISS
20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability
XF
peoplesoft-schedulertransfer-create-files(10962)
BID
7053
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
cpe:/a:port80_software:servermask:2.2
CVE-2003-0105
2004-09-28T00:00:00.000-04:00
2017-07-10T21:29:27.617-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20040810 Corsaire Security Advisory - Port80 Software ServerMask inconsistencies
MISC
http://www.corsaire.com/advisories/c030224-001.txt
XF
servermask-header-obtain-info(16947)
ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.
cpe:/a:symantec:enterprise_firewall:7.0
CVE-2003-0106
2003-04-02T00:00:00.000-05:00
2016-10-17T22:29:34.990-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
BUGTRAQ
20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
NTBUGTRAQ
20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
CONFIRM
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754
BID
7196
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
cpe:/a:gnu:zlib:1.1.4
CVE-2003-0107
2003-03-07T00:00:00.000-05:00
2017-01-02T21:59:00.327-05:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CALDERA
CSSA-2003-011.0
NETBSD
NetBSD-SA2003-004
CONECTIVA
CLSA-2003:619
JVN
JVN#78689801
JVNDB
JVNDB-2015-000066
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
BUGTRAQ
20030223 poc zlib sploit just for fun :)
BUGTRAQ
20030224 Re: buffer overrun in zlib 1.1.4
BUGTRAQ
20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25
GENTOO
GLSA-200303-25
BUGTRAQ
20030222 buffer overrun in zlib 1.1.4
SUNALERT
57405
XF
zlib-gzprintf-bo(11381)
CERT-VN
VU#142121
MANDRAKE
MDKSA-2003:033
REDHAT
RHSA-2003:079
REDHAT
RHSA-2003:081
BID
6913
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
cpe:/a:lbl:tcpdump:3.5.2
cpe:/a:lbl:tcpdump:3.6.2
cpe:/a:lbl:tcpdump:3.7
cpe:/a:lbl:tcpdump:3.7.1
CVE-2003-0108
2003-03-07T00:00:00.000-05:00
2016-10-17T22:29:37.587-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:629
BUGTRAQ
20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin
BUGTRAQ
20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)
DEBIAN
DSA-255
MISC
http://www.idefense.com/advisory/02.27.03.txt
XF
tcpdump-isakmp-dos(11434)
MANDRAKE
MDKSA-2003:027
SUSE
SuSE-SA:2003:0015
REDHAT
RHSA-2003:032
REDHAT
RHSA-2003:085
REDHAT
RHSA-2003:214
BID
6974
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000_terminal_services
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000_terminal_services::sp3
CVE-2003-0109
2003-03-31T00:00:00.000-05:00
2019-04-30T10:27:13.710-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030321 New attack vectors and a vulnerability dissection of MS03-007
BUGTRAQ
20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.
BUGTRAQ
20030326 WebDAV exploit: using wide character decoder scheme
BUGTRAQ
20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit
BUGTRAQ
20030708 WDAV exploit without netcat and with pretty magic number
NTBUGTRAQ
20030321 New attack vectors and a vulnerability dissection of MS03-007
CONFIRM
http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
MSKB
Q815021
CERT
CA-2003-09
ISS
20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability
XF
http-webdav-long-request(11533)
CERT-VN
VU#117394
MISC
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
BID
7116
MS
MS03-007
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
cpe:/a:microsoft:isa_server:2000
cpe:/a:microsoft:isa_server:2000:fp1
cpe:/a:microsoft:isa_server:2000:sp1
cpe:/a:microsoft:proxy_server:2.0
cpe:/a:microsoft:proxy_server:2.0:sp1
CVE-2003-0110
2003-05-05T00:00:00.000-04:00
2018-10-12T17:32:25.600-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000
MISC
http://www.idefense.com/advisory/04.09.03.txt
MS
MS03-012
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
cpe:/a:microsoft:virtual_machine:3802
cpe:/a:microsoft:virtual_machine:3805
cpe:/a:microsoft:virtual_machine:3809
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000_terminal_services
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000_terminal_services::sp3
CVE-2003-0111
2003-05-05T00:00:00.000-04:00
2019-04-30T10:27:13.710-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
XF
msvm-bytecode-improper-validation(11751)
CERT-VN
VU#447569
MS
MS03-011
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000_terminal_services
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000_terminal_services::sp3
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0112
2003-05-12T00:00:00.000-04:00
2019-04-30T10:27:13.710-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT-VN
VU#446338
BID
7370
MS
MS03-013
XF
win-kernel-lpcrequestwaitreplyport-bo(11803)
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0113
2003-05-12T00:00:00.000-04:00
2018-10-12T17:32:28.210-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030426 Buffer overflow in Internet Explorer's HTTP parsing code
BUGTRAQ
20030701 URLMON.DLL buffer overflow - technical details
CERT-VN
VU#169753
MS
MS03-015
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0114
2003-05-12T00:00:00.000-04:00
2018-10-12T17:32:28.943-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030203 internet explorer local file reading
MS
MS03-015
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0115
2003-05-12T00:00:00.000-04:00
2018-10-12T17:32:29.333-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
XF
ie-improper-thirdparty-rendering(11848)
MS
MS03-015
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0116
2003-05-12T00:00:00.000-04:00
2018-10-12T17:32:29.537-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CERT-VN
VU#244729
BUGTRAQ
20021203 Poisonous Style for Dialog window turns the zone off.
BID
6306
MS
MS03-015
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
cpe:/a:microsoft:biztalk_server:2002::developer
cpe:/a:microsoft:biztalk_server:2002::enterprise
CVE-2003-0117
2003-05-12T00:00:00.000-04:00
2018-10-12T17:32:29.867-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030505 Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow
MS
MS03-016
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
cpe:/a:microsoft:biztalk_server:2000::developer
cpe:/a:microsoft:biztalk_server:2000::enterprise
cpe:/a:microsoft:biztalk_server:2000::standard
cpe:/a:microsoft:biztalk_server:2000:sp1a:developer
cpe:/a:microsoft:biztalk_server:2000:sp1a:enterprise
cpe:/a:microsoft:biztalk_server:2000:sp1a:standard
cpe:/a:microsoft:biztalk_server:2000:sp2:developer
cpe:/a:microsoft:biztalk_server:2000:sp2:enterprise
cpe:/a:microsoft:biztalk_server:2000:sp2:standard
cpe:/a:microsoft:biztalk_server:2002::developer
cpe:/a:microsoft:biztalk_server:2002::enterprise
CVE-2003-0118
2003-05-12T00:00:00.000-04:00
2018-10-12T17:32:30.117-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030505 Microsoft Biztalk Server DTA vulnerable to SQL injection
MS
MS03-016
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
CVE-2003-0119
2004-02-03T00:00:00.000-05:00
2008-09-05T16:33:31.973-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CERT-VN
VU#624713
BID
7264
IBM
MSS-OAR-E01-2003:0245.1
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
cpe:/a:mhc-utils:mhc-utils:0.25_snap2001-06-25
CVE-2003-0120
2003-03-07T00:00:00.000-05:00
2008-09-05T16:33:32.130-04:00
1.2
LOCAL
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-256
XF
mhc-adb2mhc-insecure-tmp(11439)
BID
6978
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
cpe:/a:clearswift:mailsweeper:4.0
cpe:/a:clearswift:mailsweeper:4.1
cpe:/a:clearswift:mailsweeper:4.2
cpe:/a:clearswift:mailsweeper:4.3
CVE-2003-0121
2003-03-18T00:00:00.000-05:00
2016-10-17T22:29:45.917-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
BUGTRAQ
20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
BID
7044
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.
cpe:/a:ibm:lotus_domino:4.6.1
cpe:/a:ibm:lotus_domino:4.6.3
cpe:/a:ibm:lotus_domino:4.6.4
cpe:/a:ibm:lotus_domino:5.0
cpe:/a:ibm:lotus_domino:5.0.1
cpe:/a:ibm:lotus_domino:5.0.2
cpe:/a:ibm:lotus_domino:5.0.3
cpe:/a:ibm:lotus_domino:5.0.4
cpe:/a:ibm:lotus_domino:5.0.4a
cpe:/a:ibm:lotus_domino:5.0.5
cpe:/a:ibm:lotus_domino:5.0.6
cpe:/a:ibm:lotus_domino:5.0.6a
cpe:/a:ibm:lotus_domino:5.0.7a
cpe:/a:ibm:lotus_domino:5.0.8
cpe:/a:ibm:lotus_domino:5.0.8a
cpe:/a:ibm:lotus_domino:5.0.9
cpe:/a:ibm:lotus_domino:5.0.9a
cpe:/a:ibm:lotus_domino:5.0.10
cpe:/a:ibm:lotus_domino:5.0.11
cpe:/a:ibm:lotus_notes_client:5.0
cpe:/a:ibm:lotus_notes_client:5.0.1
cpe:/a:ibm:lotus_notes_client:5.0.2
cpe:/a:ibm:lotus_notes_client:5.0.3
cpe:/a:ibm:lotus_notes_client:5.0.4
cpe:/a:ibm:lotus_notes_client:5.0.5
cpe:/a:ibm:lotus_notes_client:5.0.9a
cpe:/a:ibm:lotus_notes_client:5.0.10
cpe:/a:ibm:lotus_notes_client:5.0.11
cpe:/a:ibm:lotus_notes_client:r5
CVE-2003-0122
2003-03-18T00:00:00.000-05:00
2017-12-12T12:05:18.547-05:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2017-12-12T10:33:09.027-05:00
VULNWATCH
20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
BUGTRAQ
20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
CERT
CA-2003-11
CIAC
N-065
CERT-VN
VU#433489
MISC
http://www.rapid7.com/advisories/R7-0010.html
BID
7037
CONFIRM
http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101
XF
lotus-nrpc-bo(11526)
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
cpe:/a:ibm:lotus_domino:4.6.1
cpe:/a:ibm:lotus_domino:4.6.3
cpe:/a:ibm:lotus_domino:4.6.4
cpe:/a:ibm:lotus_domino:5.0
cpe:/a:ibm:lotus_domino:5.0.1
cpe:/a:ibm:lotus_domino:5.0.2
cpe:/a:ibm:lotus_domino:5.0.3
cpe:/a:ibm:lotus_domino:5.0.4
cpe:/a:ibm:lotus_domino:5.0.4a
cpe:/a:ibm:lotus_domino:5.0.5
cpe:/a:ibm:lotus_domino:5.0.6
cpe:/a:ibm:lotus_domino:5.0.6a
cpe:/a:ibm:lotus_domino:5.0.7
cpe:/a:ibm:lotus_domino:5.0.7a
cpe:/a:ibm:lotus_domino:5.0.8
cpe:/a:ibm:lotus_domino:5.0.8a
cpe:/a:ibm:lotus_domino:5.0.9
cpe:/a:ibm:lotus_domino:5.0.9a
cpe:/a:ibm:lotus_domino:5.0.10
cpe:/a:ibm:lotus_domino:5.0.11
cpe:/a:ibm:lotus_notes_client:5.0
cpe:/a:ibm:lotus_notes_client:5.0.1
cpe:/a:ibm:lotus_notes_client:5.0.2
cpe:/a:ibm:lotus_notes_client:5.0.3
cpe:/a:ibm:lotus_notes_client:5.0.4
cpe:/a:ibm:lotus_notes_client:5.0.5
cpe:/a:ibm:lotus_notes_client:5.0.9a
cpe:/a:ibm:lotus_notes_client:5.0.10
cpe:/a:ibm:lotus_notes_client:5.0.11
cpe:/a:ibm:lotus_notes_client:r5
CVE-2003-0123
2003-03-18T00:00:00.000-05:00
2017-11-22T09:04:35.223-05:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2017-11-21T14:45:06.977-05:00
BUGTRAQ
20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow
CERT
CA-2003-11
CIAC
N-065
CERT-VN
VU#411489
MISC
http://www.rapid7.com/advisories/R7-0011.html
BID
7038
CONFIRM
http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
XF
lotus-web-retriever-bo(11525)
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
cpe:/a:andries_brouwer:man:1.5h1
cpe:/a:andries_brouwer:man:1.5i
cpe:/a:andries_brouwer:man:1.5i2
cpe:/a:andries_brouwer:man:1.5j
cpe:/a:andries_brouwer:man:1.5k
CVE-2003-0124
2003-03-18T00:00:00.000-05:00
2017-10-09T21:30:14.500-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONECTIVA
CLSA-2003:620
BUGTRAQ
20030311 Vulnerability in man < 1.5l
GENTOO
GLSA-200303-13
REDHAT
RHSA-2003:133
REDHAT
RHSA-2003:134
BID
7066
XF
man-myxsprintf-code-execution(11512)
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.
cpe:/h:multitech:routefinder_550_vpn:4.63
CVE-2003-0125
2003-03-18T00:00:00.000-05:00
2018-05-02T21:29:19.333-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
ftp://ftp.multitech.com/Routers/RF550VPN.TXT
MISC
http://www.krusesecurity.dk/advisories/routefind550bof.txt
BID
7067
XF
routefinder-vpn-options-bo(11514)
Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.
cpe:/h:multitech:routefinder_550_vpn:4.63
cpe:/h:multitech:routefinder_550_vpn:4.64_beta
CVE-2003-0126
2003-03-18T00:00:00.000-05:00
2008-09-05T16:33:33.083-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
MISC
http://www.krusesecurity.dk/advisories/routefind550bof.txt
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.
cpe:/o:linux:linux_kernel:2.2.0
cpe:/o:linux:linux_kernel:2.2.1
cpe:/o:linux:linux_kernel:2.2.2
cpe:/o:linux:linux_kernel:2.2.3
cpe:/o:linux:linux_kernel:2.2.4
cpe:/o:linux:linux_kernel:2.2.5
cpe:/o:linux:linux_kernel:2.2.6
cpe:/o:linux:linux_kernel:2.2.7
cpe:/o:linux:linux_kernel:2.2.8
cpe:/o:linux:linux_kernel:2.2.9
cpe:/o:linux:linux_kernel:2.2.10
cpe:/o:linux:linux_kernel:2.2.11
cpe:/o:linux:linux_kernel:2.2.12
cpe:/o:linux:linux_kernel:2.2.13
cpe:/o:linux:linux_kernel:2.2.14
cpe:/o:linux:linux_kernel:2.2.15
cpe:/o:linux:linux_kernel:2.2.16
cpe:/o:linux:linux_kernel:2.2.17
cpe:/o:linux:linux_kernel:2.2.18
cpe:/o:linux:linux_kernel:2.2.19
cpe:/o:linux:linux_kernel:2.2.20
cpe:/o:linux:linux_kernel:2.2.21
cpe:/o:linux:linux_kernel:2.2.22
cpe:/o:linux:linux_kernel:2.2.23
cpe:/o:linux:linux_kernel:2.2.24
cpe:/o:linux:linux_kernel:2.4.0
cpe:/o:linux:linux_kernel:2.4.1
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:linux:linux_kernel:2.4.3
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:linux:linux_kernel:2.4.21:pre1
CVE-2003-0127
2003-03-31T00:00:00.000-05:00
2018-05-02T21:29:19.460-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CALDERA
CSSA-2003-020.0
VULNWATCH
20030317 Fwd: Ptrace hole / Linux 2.2.25
ENGARDE
ESA-20030515-017
REDHAT
RHSA-2003:088
REDHAT
RHSA-2003:098
GENTOO
GLSA-200303-17
DEBIAN
DSA-270
DEBIAN
DSA-276
DEBIAN
DSA-311
DEBIAN
DSA-312
DEBIAN
DSA-332
DEBIAN
DSA-336
DEBIAN
DSA-423
DEBIAN
DSA-495
CERT-VN
VU#628849
MANDRAKE
MDKSA-2003:038
MANDRAKE
MDKSA-2003:039
REDHAT
RHSA-2003:103
REDHAT
RHSA-2003:145
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
cpe:/a:ximian:evolution:1.0.3
cpe:/a:ximian:evolution:1.0.4
cpe:/a:ximian:evolution:1.0.5
cpe:/a:ximian:evolution:1.0.6
cpe:/a:ximian:evolution:1.0.7
cpe:/a:ximian:evolution:1.0.8
cpe:/a:ximian:evolution:1.1.1
cpe:/a:ximian:evolution:1.2
cpe:/a:ximian:evolution:1.2.1
cpe:/a:ximian:evolution:1.2.2
CVE-2003-0128
2003-03-24T00:00:00.000-05:00
2017-10-10T21:29:05.620-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
CONECTIVA
CLA-2003:648
BUGTRAQ
20030321 GLSA: evolution (200303-18)
MISC
http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
GENTOO
GLSA-200303-18
MANDRAKE
MDKSA-2003:045
REDHAT
RHSA-2003:108
BID
7117
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.
cpe:/a:ximian:evolution:1.0.3
cpe:/a:ximian:evolution:1.0.4
cpe:/a:ximian:evolution:1.0.5
cpe:/a:ximian:evolution:1.0.6
cpe:/a:ximian:evolution:1.0.7
cpe:/a:ximian:evolution:1.0.8
cpe:/a:ximian:evolution:1.1.1
cpe:/a:ximian:evolution:1.2
cpe:/a:ximian:evolution:1.2.1
cpe:/a:ximian:evolution:1.2.2
CVE-2003-0129
2003-03-24T00:00:00.000-05:00
2017-10-10T21:29:05.700-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
CONECTIVA
CLA-2003:648
BUGTRAQ
20030321 GLSA: evolution (200303-18)
MISC
http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
GENTOO
GLSA-200303-18
MANDRAKE
MDKSA-2003:045
REDHAT
RHSA-2003:108
BID
7118
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.
cpe:/a:ximian:evolution:1.0.3
cpe:/a:ximian:evolution:1.0.4
cpe:/a:ximian:evolution:1.0.5
cpe:/a:ximian:evolution:1.0.6
cpe:/a:ximian:evolution:1.0.7
cpe:/a:ximian:evolution:1.0.8
cpe:/a:ximian:evolution:1.1.1
cpe:/a:ximian:evolution:1.2
cpe:/a:ximian:evolution:1.2.1
cpe:/a:ximian:evolution:1.2.2
CVE-2003-0130
2003-03-24T00:00:00.000-05:00
2017-10-10T21:29:05.760-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
CONECTIVA
CLA-2003:648
BUGTRAQ
20030321 GLSA: evolution (200303-18)
MISC
http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
GENTOO
GLSA-200303-18
MANDRAKE
MDKSA-2003:045
REDHAT
RHSA-2003:108
BID
7119
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
cpe:/a:openssl:openssl:0.9.6
cpe:/a:openssl:openssl:0.9.6a
cpe:/a:openssl:openssl:0.9.6b
cpe:/a:openssl:openssl:0.9.6c
cpe:/a:openssl:openssl:0.9.6d
cpe:/a:openssl:openssl:0.9.6e
cpe:/a:openssl:openssl:0.9.6g
cpe:/a:openssl:openssl:0.9.6h
cpe:/a:openssl:openssl:0.9.6i
cpe:/a:openssl:openssl:0.9.7
cpe:/a:openssl:openssl:0.9.7a
CVE-2003-0131
2003-03-24T00:00:00.000-05:00
2018-10-19T11:29:23.713-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
NETBSD
NetBSD-SA2003-007
CALDERA
CSSA-2003-014.0
SGI
20030501-01-I
CONECTIVA
CLA-2003:625
MISC
http://eprint.iacr.org/2003/052/
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00028.html
BUGTRAQ
20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
BUGTRAQ
20030324 GLSA: openssl (200303-20)
TRUSTIX
2003-0013
DEBIAN
DSA-288
GENTOO
GLSA-200303-20
CERT-VN
VU#888801
MISC
http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
MANDRAKE
MDKSA-2003:035
OPENPKG
OpenPKG-SA-2003.026
CONFIRM
http://www.openssl.org/news/secadv_20030319.txt
REDHAT
RHSA-2003:101
REDHAT
RHSA-2003:102
IMMUNIX
IMNX-2003-7+-001-01
BID
7148
XF
ssl-premaster-information-leak(11586)
SUSE
SuSE-SA:2003:024
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
cpe:/a:apache:http_server:2.0
cpe:/a:apache:http_server:2.0.9
cpe:/a:apache:http_server:2.0.28
cpe:/a:apache:http_server:2.0.32
cpe:/a:apache:http_server:2.0.35
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
CVE-2003-0132
2003-04-11T00:00:00.000-04:00
2017-10-10T21:29:05.840-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00028.html
BUGTRAQ
20030402 [ANNOUNCE] Apache 2.0.45 Released
BUGTRAQ
20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x
BUGTRAQ
20030409 GLSA: apache (200304-01)
BUGTRAQ
20030408 Exploit Code Released for Apache 2.x Memory Leak
BUGTRAQ
20030410 working apache <= 2.0.44 DoS exploit for linux.
BUGTRAQ
20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service
MISC
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147
MISC
http://www.idefense.com/advisory/04.08.03.txt
CERT-VN
VU#206537
REDHAT
RHSA-2003:139
VUPEN
ADV-2009-1233
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
cpe:/a:gnome:gtkhtml:1.1.9
cpe:/a:gnome:gtkhtml:1.1.10
CVE-2003-0133
2003-05-05T00:00:00.000-04:00
2017-10-10T21:29:05.903-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:737
MANDRAKE
MDKSA-2003:046
REDHAT
RHSA-2003:126
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
cpe:/a:apache:http_server:2.0
cpe:/a:apache:http_server:2.0.9
cpe:/a:apache:http_server:2.0.28
cpe:/a:apache:http_server:2.0.32
cpe:/a:apache:http_server:2.0.35
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
CVE-2003-0134
2003-04-11T00:00:00.000-04:00
2016-10-17T22:29:58.353-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35
BUGTRAQ
20030402 [ANNOUNCE] Apache 2.0.45 Released
BUGTRAQ
20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
cpe:/o:redhat:linux:9.0::i386
CVE-2003-0135
2003-04-11T00:00:00.000-04:00
2017-10-10T21:29:05.950-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
REDHAT
RHSA-2003:084
BID
7253
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
cpe:/o:astart_technologies:lprng:3.7.4
cpe:/o:astart_technologies:lprng:3.8.9
cpe:/o:astart_technologies:lprng:3.8.10.1
cpe:/o:astart_technologies:lprng:3.8.19
CVE-2003-0136
2003-05-05T00:00:00.000-04:00
2017-10-10T21:29:06.027-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366
DEBIAN
DSA-285
REDHAT
RHSA-2003:142
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
cpe:/a:nokia:sgsn_dx200
CVE-2003-0137
2003-03-18T00:00:00.000-05:00
2008-09-10T15:18:02.773-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ATSTAKE
A031303-2
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
cpe:/a:mit:kerberos:4
CVE-2003-0138
2003-03-24T00:00:00.000-05:00
2018-10-19T11:29:25.227-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
CONFIRM
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
DEBIAN
DSA-266
DEBIAN
DSA-269
DEBIAN
DSA-273
CERT-VN
VU#623217
REDHAT
RHSA-2003:051
REDHAT
RHSA-2003:052
REDHAT
RHSA-2003:091
BUGTRAQ
20030331 GLSA: krb5 & mit-krb5 (200303-28)
BID
7113
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
cpe:/a:mit:kerberos:4
CVE-2003-0139
2003-03-24T00:00:00.000-05:00
2018-10-19T11:29:25.930-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4
CONFIRM
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
DEBIAN
DSA-266
DEBIAN
DSA-273
CERT-VN
VU#442569
REDHAT
RHSA-2003:051
REDHAT
RHSA-2003:052
REDHAT
RHSA-2003:091
BUGTRAQ
20030331 GLSA: krb5 & mit-krb5 (200303-28)
BUGTRAQ
20030330 GLSA: openafs (200303-26)
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
cpe:/a:mutt:mutt:1.3.12
cpe:/a:mutt:mutt:1.3.16
cpe:/a:mutt:mutt:1.3.17
cpe:/a:mutt:mutt:1.3.22
cpe:/a:mutt:mutt:1.3.24
cpe:/a:mutt:mutt:1.3.25
cpe:/a:mutt:mutt:1.3.27
cpe:/a:mutt:mutt:1.4.0
cpe:/a:mutt:mutt:1.5.3
CVE-2003-0140
2003-03-24T00:00:00.000-05:00
2017-10-10T21:29:06.247-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONECTIVA
CLA-2003:626
CONECTIVA
CLA-2003:630
BUGTRAQ
20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)
BUGTRAQ
20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent
BUGTRAQ
20030322 GLSA: mutt (200303-19)
BUGTRAQ
20030430 GLSA: balsa (200304-10)
MISC
http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
DEBIAN
DSA-268
GENTOO
GLSA-200303-19
MANDRAKE
MDKSA-2003:041
SUSE
SuSE-SA:2003:020
REDHAT
RHSA-2003:109
BUGTRAQ
20030319 mutt-1.4.1 fixes a buffer overflow.
BID
7120
XF
mutt-folder-name-bo(11583)
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774
cpe:/a:realnetworks:realone_player:2.0
cpe:/a:realnetworks:realone_player:6.0.10.505:gold
cpe:/a:realnetworks:realone_player:6.0.11.818
cpe:/a:realnetworks:realone_player:6.0.11.830
cpe:/a:realnetworks:realone_player:6.0.11.841
cpe:/a:realnetworks:realone_player:6.0.11.853
cpe:/a:realnetworks:realone_player:9.0.0.288
cpe:/a:realnetworks:realone_player:9.0.0.297
cpe:/a:realnetworks:realplayer:8.0
CVE-2003-0141
2003-04-02T00:00:00.000-05:00
2016-10-17T22:30:03.217-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
BUGTRAQ
20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
MISC
http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
CERT-VN
VU#705761
BID
7177
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
cpe:/a:adobe:acrobat_reader:6.0
CVE-2003-0142
2003-08-18T00:00:00.000-04:00
2008-09-05T16:33:35.757-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CERT-VN
VU#689835
BUGTRAQ
20030708 Adobe Acrobat and PDF security: no improvements for 2 years
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.
cpe:/a:qualcomm:qpopper:4.0.1
cpe:/a:qualcomm:qpopper:4.0.2
cpe:/a:qualcomm:qpopper:4.0.3
cpe:/a:qualcomm:qpopper:4.0.4
CVE-2003-0143
2003-03-18T00:00:00.000-05:00
2017-10-09T21:30:14.593-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030310 QPopper 4.0.x buffer overflow vulnerability
BUGTRAQ
20030312 Re: QPopper 4.0.x buffer overflow vulnerability
BUGTRAQ
20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)
GENTOO
GLSA-200303-12
DEBIAN
DSA-259
SUSE
SuSE-SA:2003:018
BID
7058
XF
qpopper-popmsg-macroname-bo(11516)
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.
cpe:/a:lprold:lprold:3.0.48
cpe:/o:bsd:lpr:0.48
cpe:/o:bsd:lpr:2000-05-07
cpe:/o:freebsd:freebsd:2.2
cpe:/o:freebsd:freebsd:2.2.2
cpe:/o:freebsd:freebsd:2.2.3
cpe:/o:freebsd:freebsd:2.2.4
cpe:/o:freebsd:freebsd:2.2.5
cpe:/o:freebsd:freebsd:2.2.6
cpe:/o:openbsd:openbsd:2.0
cpe:/o:openbsd:openbsd:2.1
cpe:/o:openbsd:openbsd:2.2
cpe:/o:openbsd:openbsd:2.3
cpe:/o:openbsd:openbsd:2.4
cpe:/o:openbsd:openbsd:2.5
cpe:/o:openbsd:openbsd:2.6
cpe:/o:openbsd:openbsd:2.7
cpe:/o:openbsd:openbsd:2.8
cpe:/o:openbsd:openbsd:2.9
cpe:/o:openbsd:openbsd:3.0
cpe:/o:openbsd:openbsd:3.1
cpe:/o:openbsd:openbsd:3.2
CVE-2003-0144
2003-03-31T00:00:00.000-05:00
2017-07-10T21:29:27.900-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
SGI
20030406-02-P
BUGTRAQ
20030305 potential buffer overflow in lprm (fwd)
BUGTRAQ
20030308 OpenBSD lprm(1) exploit
DEBIAN
DSA-267
DEBIAN
DSA-275
MANDRAKE
MDKSA-2003:059
SUSE
SuSE-SA:2003:0014
BID
7025
XF
lprm-bo(11473)
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
cpe:/a:lbl:tcpdump:3.5.2
cpe:/a:lbl:tcpdump:3.6.2
cpe:/a:lbl:tcpdump:3.7
cpe:/a:lbl:tcpdump:3.7.1
CVE-2003-0145
2003-03-31T00:00:00.000-05:00
2017-10-09T21:30:14.640-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
DEBIAN
DSA-261
MANDRAKE
MDKSA-2003:027
REDHAT
RHSA-2003:032
REDHAT
RHSA-2003:151
REDHAT
RHSA-2003:214
CONFIRM
http://www.tcpdump.org/tcpdump-changes.txt
XF
tcpdump-radius-attribute-dos(11857)
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
cpe:/a:netpbm:netpbm:9.20
CVE-2003-0146
2003-03-31T00:00:00.000-05:00
2017-07-10T21:29:27.947-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLSA-2003:656
BUGTRAQ
20030228 NetPBM, multiple vulnerabilities
DEBIAN
DSA-263
CERT-VN
VU#630433
REDHAT
RHSA-2003:060
BID
6979
XF
netpbm-multiple-bo(11463)
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
cpe:/a:openpkg:openpkg
cpe:/a:openpkg:openpkg:1.1
cpe:/a:openpkg:openpkg:1.2
cpe:/a:openssl:openssl:0.9.6
cpe:/a:openssl:openssl:0.9.6a
cpe:/a:openssl:openssl:0.9.6b
cpe:/a:openssl:openssl:0.9.6c
cpe:/a:openssl:openssl:0.9.6d
cpe:/a:openssl:openssl:0.9.6e
cpe:/a:openssl:openssl:0.9.6g
cpe:/a:openssl:openssl:0.9.6h
cpe:/a:openssl:openssl:0.9.6i
cpe:/a:openssl:openssl:0.9.7
cpe:/a:openssl:openssl:0.9.7a
cpe:/a:stunnel:stunnel:3.7
cpe:/a:stunnel:stunnel:3.8
cpe:/a:stunnel:stunnel:3.9
cpe:/a:stunnel:stunnel:3.10
cpe:/a:stunnel:stunnel:3.11
cpe:/a:stunnel:stunnel:3.12
cpe:/a:stunnel:stunnel:3.13
cpe:/a:stunnel:stunnel:3.14
cpe:/a:stunnel:stunnel:3.15
cpe:/a:stunnel:stunnel:3.16
cpe:/a:stunnel:stunnel:3.17
cpe:/a:stunnel:stunnel:3.18
cpe:/a:stunnel:stunnel:3.19
cpe:/a:stunnel:stunnel:3.20
cpe:/a:stunnel:stunnel:3.21
cpe:/a:stunnel:stunnel:3.22
cpe:/a:stunnel:stunnel:4.0
cpe:/a:stunnel:stunnel:4.01
cpe:/a:stunnel:stunnel:4.02
cpe:/a:stunnel:stunnel:4.03
cpe:/a:stunnel:stunnel:4.04
CVE-2003-0147
2003-03-31T00:00:00.000-05:00
2018-10-19T11:29:26.540-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CALDERA
CSSA-2003-014.0
SGI
20030501-01-I
VULNWATCH
20030313 OpenSSL Private Key Disclosure
MISC
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
CONECTIVA
CLA-2003:625
BUGTRAQ
20030313 Vulnerability in OpenSSL
BUGTRAQ
20030317 [ADVISORY] Timing Attack on OpenSSL
BUGTRAQ
20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)
GENTOO
GLSA-200303-15
GENTOO
GLSA-200303-24
DEBIAN
DSA-288
GENTOO
GLSA-200303-23
CERT-VN
VU#997481
MANDRAKE
MDKSA-2003:035
OPENPKG
OpenPKG-SA-2003.019
CONFIRM
http://www.openssl.org/news/secadv_20030317.txt
REDHAT
RHSA-2003:101
REDHAT
RHSA-2003:102
BUGTRAQ
20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
IMMUNIX
IMNX-2003-7+-001-01
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
cpe:/a:mcafee:epolicy_orchestrator:2.0
cpe:/a:mcafee:epolicy_orchestrator:2.5
cpe:/a:mcafee:epolicy_orchestrator:2.5:sp1
cpe:/a:mcafee:epolicy_orchestrator:2.5.1
cpe:/a:mcafee:epolicy_orchestrator:3.0
CVE-2003-0148
2003-08-27T00:00:00.000-04:00
2008-09-10T15:18:05.197-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
ATSTAKE
A073103-1
CONFIRM
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.
cpe:/a:mcafee:epolicy_orchestrator:2.0
cpe:/a:mcafee:epolicy_orchestrator:2.5
cpe:/a:mcafee:epolicy_orchestrator:2.5:sp1
cpe:/a:mcafee:epolicy_orchestrator:2.5.1
CVE-2003-0149
2003-08-27T00:00:00.000-04:00
2008-09-10T15:18:05.273-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A073103-1
CONFIRM
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.
cpe:/a:oracle:mysql:3.23.52
cpe:/a:oracle:mysql:3.23.53
cpe:/a:oracle:mysql:3.23.53a
cpe:/a:oracle:mysql:3.23.54
cpe:/a:oracle:mysql:3.23.54a
cpe:/a:oracle:mysql:3.23.55
CVE-2003-0150
2003-03-24T00:00:00.000-05:00
2019-10-07T12:41:11.647-04:00
9.0
NETWORK
LOW
SINGLE_INSTANCE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONECTIVA
CLA-2003:743
BUGTRAQ
20030308 MySQL_user_can_be_changed_to_root?
BUGTRAQ
20030310 Re: MySQL user can be changed to root
BUGTRAQ
20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)
BUGTRAQ
20030318 GLSA: mysql (200303-14)
REDHAT
RHSA-2003:094
DEBIAN
DSA-303
CERT-VN
VU#203897
ENGARDE
ESA-20030324-012
MANDRAKE
MDKSA-2003:057
REDHAT
RHSA-2003:093
BID
7052
XF
mysql-datadir-root-privileges(11510)
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
cpe:/a:bea:weblogic_server:6.0
cpe:/a:bea:weblogic_server:6.0::express
cpe:/a:bea:weblogic_server:6.0:sp1
cpe:/a:bea:weblogic_server:6.0:sp1:express
cpe:/a:bea:weblogic_server:6.0:sp2
cpe:/a:bea:weblogic_server:6.0:sp2:express
cpe:/a:bea:weblogic_server:6.1
cpe:/a:bea:weblogic_server:6.1::express
cpe:/a:bea:weblogic_server:6.1:sp1
cpe:/a:bea:weblogic_server:6.1:sp1:express
cpe:/a:bea:weblogic_server:6.1:sp2
cpe:/a:bea:weblogic_server:6.1:sp2:express
cpe:/a:bea:weblogic_server:6.1:sp3
cpe:/a:bea:weblogic_server:6.1:sp3:express
cpe:/a:bea:weblogic_server:6.1:sp4
cpe:/a:bea:weblogic_server:6.1:sp4:express
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
CVE-2003-0151
2003-03-24T00:00:00.000-05:00
2016-10-17T22:30:09.873-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
BUGTRAQ
20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express
BUGTRAQ
20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server
MISC
http://www.s21sec.com/en/avisos/s21sec-011-en.txt
BID
7122
BID
7124
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
cpe:/a:mozilla:bonsai:1.3
CVE-2003-0152
2003-04-02T00:00:00.000-05:00
2008-09-05T16:33:37.443-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
DEBIAN
DSA-265
BID
7162
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
cpe:/a:mozilla:bonsai:1.3
CVE-2003-0153
2003-04-02T00:00:00.000-05:00
2017-07-10T21:29:28.057-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=187230
BUGTRAQ
20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
DEBIAN
DSA-265
BID
5517
XF
bonsai-path-disclosure(9921)
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
cpe:/a:mozilla:bonsai:1.3
CVE-2003-0154
2003-04-02T00:00:00.000-05:00
2016-10-17T22:30:12.153-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
CONFIRM
http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
MISC
http://bugzilla.mozilla.org/show_bug.cgi?id=146244
CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=163573
BUGTRAQ
20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
DEBIAN
DSA-265
XF
bonsai-error-message-xss(9920)
BID
5516
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
cpe:/a:mozilla:bonsai:1.3
CVE-2003-0155
2003-04-02T00:00:00.000-05:00
2008-09-05T16:33:37.863-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-265
BID
7163
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
cpe:/a:cross_referencer:lxr:0.3
cpe:/a:cross_referencer:lxr:0.8
cpe:/a:cross_referencer:lxr:0.9
cpe:/a:cross_referencer:lxr:0.9.1
cpe:/a:cross_referencer:lxr:0.9.2
CVE-2003-0156
2003-03-24T00:00:00.000-05:00
2016-10-17T22:30:13.200-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030311 Cross-Referencing Linux vulnerability
DEBIAN
DSA-264
BID
7062
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.
CVE-2003-0157
2003-03-24T00:00:00.000-05:00
2008-09-10T15:18:08.460-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0138. Reason: This candidate is a reservation duplicate of CVE-2003-0138 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0138 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2003-0158
2003-03-24T00:00:00.000-05:00
2008-09-10T15:18:08.710-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0139. Reason: This candidate is a reservation duplicate of CVE-2003-0139 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:ethereal_group:ethereal:0.8.18
cpe:/a:ethereal_group:ethereal:0.9.0
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.9.9
CVE-2003-0159
2003-04-02T00:00:00.000-05:00
2017-10-10T21:29:06.370-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030309 GLSA: ethereal (200303-10)
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00008.html
MANDRAKE
MDKSA-2003:051
SUSE
SuSE-SA:2003:019
REDHAT
RHSA-2003:077
BID
7050
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
cpe:/a:squirrelmail:squirrelmail:1.2.11
CVE-2003-0160
2003-04-02T00:00:00.000-05:00
2017-10-10T21:29:06.433-04:00
5.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988
REDHAT
RHSA-2003:112
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
cpe:/a:sendmail:sendmail:2.6
cpe:/a:sendmail:sendmail:2.6.1
cpe:/a:sendmail:sendmail:2.6.2
cpe:/a:sendmail:sendmail:3.0
cpe:/a:sendmail:sendmail:3.0.1
cpe:/a:sendmail:sendmail:3.0.2
cpe:/a:sendmail:sendmail:3.0.3
cpe:/a:sendmail:sendmail:8.9.0
cpe:/a:sendmail:sendmail:8.9.1
cpe:/a:sendmail:sendmail:8.9.2
cpe:/a:sendmail:sendmail:8.9.3
cpe:/a:sendmail:sendmail:8.10
cpe:/a:sendmail:sendmail:8.10.1
cpe:/a:sendmail:sendmail:8.10.2
cpe:/a:sendmail:sendmail:8.11.0
cpe:/a:sendmail:sendmail:8.11.1
cpe:/a:sendmail:sendmail:8.11.2
cpe:/a:sendmail:sendmail:8.11.3
cpe:/a:sendmail:sendmail:8.11.4
cpe:/a:sendmail:sendmail:8.11.5
cpe:/a:sendmail:sendmail:8.11.6
cpe:/a:sendmail:sendmail:8.12:beta10
cpe:/a:sendmail:sendmail:8.12:beta12
cpe:/a:sendmail:sendmail:8.12:beta16
cpe:/a:sendmail:sendmail:8.12:beta5
cpe:/a:sendmail:sendmail:8.12:beta7
cpe:/a:sendmail:sendmail:8.12.0
cpe:/a:sendmail:sendmail:8.12.1
cpe:/a:sendmail:sendmail:8.12.2
cpe:/a:sendmail:sendmail:8.12.3
cpe:/a:sendmail:sendmail:8.12.4
cpe:/a:sendmail:sendmail:8.12.5
cpe:/a:sendmail:sendmail:8.12.6
cpe:/a:sendmail:sendmail:8.12.7
cpe:/a:sendmail:sendmail:8.12.8
cpe:/a:sendmail:sendmail_switch:2.1
cpe:/a:sendmail:sendmail_switch:2.1.1
cpe:/a:sendmail:sendmail_switch:2.1.2
cpe:/a:sendmail:sendmail_switch:2.1.3
cpe:/a:sendmail:sendmail_switch:2.1.4
cpe:/a:sendmail:sendmail_switch:2.1.5
cpe:/a:sendmail:sendmail_switch:2.2
cpe:/a:sendmail:sendmail_switch:2.2.1
cpe:/a:sendmail:sendmail_switch:2.2.2
cpe:/a:sendmail:sendmail_switch:2.2.3
cpe:/a:sendmail:sendmail_switch:2.2.4
cpe:/a:sendmail:sendmail_switch:2.2.5
cpe:/a:sendmail:sendmail_switch:3.0
cpe:/a:sendmail:sendmail_switch:3.0.1
cpe:/a:sendmail:sendmail_switch:3.0.2
cpe:/a:sendmail:sendmail_switch:3.0.3
cpe:/o:compaq:tru64:4.0b
cpe:/o:compaq:tru64:4.0d
cpe:/o:compaq:tru64:4.0d_pk9_bl17
cpe:/o:compaq:tru64:4.0f
cpe:/o:compaq:tru64:4.0f_pk6_bl17
cpe:/o:compaq:tru64:4.0f_pk7_bl18
cpe:/o:compaq:tru64:4.0g
cpe:/o:compaq:tru64:4.0g_pk3_bl17
cpe:/o:compaq:tru64:5.0
cpe:/o:compaq:tru64:5.0_pk4_bl17
cpe:/o:compaq:tru64:5.0_pk4_bl18
cpe:/o:compaq:tru64:5.0a
cpe:/o:compaq:tru64:5.0a_pk3_bl17
cpe:/o:compaq:tru64:5.0f
cpe:/o:compaq:tru64:5.1
cpe:/o:compaq:tru64:5.1_pk3_bl17
cpe:/o:compaq:tru64:5.1_pk4_bl18
cpe:/o:compaq:tru64:5.1_pk5_bl19
cpe:/o:compaq:tru64:5.1_pk6_bl20
cpe:/o:compaq:tru64:5.1a
cpe:/o:compaq:tru64:5.1a_pk1_bl1
cpe:/o:compaq:tru64:5.1a_pk2_bl2
cpe:/o:compaq:tru64:5.1a_pk3_bl3
cpe:/o:compaq:tru64:5.1b
cpe:/o:compaq:tru64:5.1b_pk1_bl1
cpe:/o:hp:hp-ux:10.00
cpe:/o:hp:hp-ux:10.01
cpe:/o:hp:hp-ux:10.08
cpe:/o:hp:hp-ux:10.09
cpe:/o:hp:hp-ux:10.10
cpe:/o:hp:hp-ux:10.16
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:10.26
cpe:/o:hp:hp-ux:10.30
cpe:/o:hp:hp-ux:10.34
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.0.4
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
cpe:/o:hp:hp-ux_series_700:10.20
cpe:/o:hp:hp-ux_series_800:10.20
cpe:/o:hp:sis
cpe:/o:sun:solaris:2.4::x86
cpe:/o:sun:solaris:2.5::x86
cpe:/o:sun:solaris:2.5.1::ppc
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:solaris:9.0:x86_update_2
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.4
cpe:/o:sun:sunos:5.5
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0161
2003-04-02T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CALDERA
CSSA-2003-016.0
FREEBSD
FreeBSD-SA-03:07
SCO
SCOSA-2004.11
SGI
20030401-01-P
CONECTIVA
CLA-2003:614
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00028.html
FULLDISC
20030329 Sendmail: -1 gone wild
BUGTRAQ
20030329 sendmail 8.12.9 available
BUGTRAQ
20030329 Sendmail: -1 gone wild
BUGTRAQ
20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)
SUNALERT
52620
SUNALERT
52700
SUNALERT
1001088
CERT
CA-2003-12
DEBIAN
DSA-278
DEBIAN
DSA-290
GENTOO
GLSA-200303-27
CERT-VN
VU#897604
REDHAT
RHSA-2003:120
REDHAT
RHSA-2003:121
BUGTRAQ
20030331 GLSA: sendmail (200303-27)
BUGTRAQ
20030401 Immunix Secured OS 7+ openssl update
BUGTRAQ
20030520 [Fwd: 127 Research and Development: 127 Day!]
BID
7230
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
cpe:/a:ecartis:ecartis:1.0.0_snapshot_2002-10-13
CVE-2003-0162
2003-04-02T00:00:00.000-05:00
2017-07-10T21:29:28.117-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030227 Ecardis Password Reseting Vulnerability
BUGTRAQ
20030303 Re: Ecardis Password Reseting Vulnerability
DEBIAN
DSA-271
BID
6971
XF
ecartis-password-reset(11431)
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.
cpe:/a:gaim-encryption:gaim-encryption:1.13
cpe:/a:gaim-encryption:gaim-encryption:1.14
cpe:/a:gaim-encryption:gaim-encryption:1.15
CVE-2003-0163
2003-05-05T00:00:00.000-04:00
2016-10-17T22:30:17.873-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030412 R7-0013: Heap Corruption in Gaim-Encryption Plugin
MISC
http://www.rapid7.com/advisories/R7-0013.html
BID
7182
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
cpe:/a:gnome:eog:1.0.0
cpe:/a:gnome:eog:1.0.1
cpe:/a:gnome:eog:1.0.2
cpe:/a:gnome:eog:1.0.3
cpe:/a:gnome:eog:1.0.4
cpe:/a:gnome:eog:1.1.1
cpe:/a:gnome:eog:1.1.2
cpe:/a:gnome:eog:1.1.3
cpe:/a:gnome:eog:1.1.4
cpe:/a:gnome:eog:2.2.0
CVE-2003-0165
2003-04-02T00:00:00.000-05:00
2017-10-10T21:29:06.510-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20030328 Vulnerability in GNOME's Eye of Gnome
BUGTRAQ
20030328 CORE-2003-0304-03: Vulnerability in GNOME's Eye of Gnome
MISC
http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10
CERT-VN
VU#363001
MANDRAKE
MDKSA-2003:048
REDHAT
RHSA-2003:128
BID
7121
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
cpe:/a:php:php:4.0
cpe:/a:php:php:4.0.1
cpe:/a:php:php:4.0.2
cpe:/a:php:php:4.0.3
cpe:/a:php:php:4.0.4
cpe:/a:php:php:4.0.5
cpe:/a:php:php:4.0.6
cpe:/a:php:php:4.0.7
cpe:/a:php:php:4.1.0
cpe:/a:php:php:4.1.1
cpe:/a:php:php:4.1.2
cpe:/a:php:php:4.2.0
cpe:/a:php:php:4.2.1
cpe:/a:php:php:4.2.2
cpe:/a:php:php:4.2.3
cpe:/a:php:php:4.3.0
cpe:/a:php:php:4.3.1
CVE-2003-0166
2003-04-02T00:00:00.000-05:00
2018-10-30T12:25:35.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLSA-2003:691
BUGTRAQ
20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
BUGTRAQ
20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
BUGTRAQ
20030402 Inaccurate Reports Concerning PHP Vulnerabilities
BID
7197
BID
7198
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
cpe:/a:mutt:mutt:1.3.12
cpe:/a:mutt:mutt:1.3.12.1
cpe:/a:mutt:mutt:1.3.16
cpe:/a:mutt:mutt:1.3.17
cpe:/a:mutt:mutt:1.3.22
cpe:/a:mutt:mutt:1.3.24
cpe:/a:mutt:mutt:1.3.25
cpe:/a:mutt:mutt:1.3.27
cpe:/a:mutt:mutt:1.3.28
CVE-2003-0167
2003-04-02T00:00:00.000-05:00
2008-09-05T16:33:39.630-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-274
DEBIAN
DSA-300
BID
7229
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
cpe:/a:apple:quicktime:5.0
cpe:/a:apple:quicktime:6.0
CVE-2003-0168
2003-04-02T00:00:00.000-05:00
2018-10-19T11:29:33.167-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030331 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00027.html
MISC
http://www.idefense.com/advisory/03.31.03.txt
CERT-VN
VU#112553
BUGTRAQ
20030401 Fwd: QuickTime 6.1 for Windows is available
BUGTRAQ
20030401 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
BID
7247
XF
quicktime-url-bo(11671)
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
cpe:/a:hp:instant_toptools:5.04
CVE-2003-0169
2003-04-11T00:00:00.000-04:00
2016-10-17T22:30:21.157-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools
BUGTRAQ
20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools
BID
7246
hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.
cpe:/o:ibm:aix:5.2
CVE-2003-0170
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:28.227-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BID
7346
IBM
MSS-OAR-E01-2003.0469.1
AIXAPAR
IY42424
XF
aix-ftpd-gain-access(11823)
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
cpe:/o:apple:mac_os_x:10.0
cpe:/o:apple:mac_os_x:10.0.1
cpe:/o:apple:mac_os_x:10.0.2
cpe:/o:apple:mac_os_x:10.0.3
cpe:/o:apple:mac_os_x:10.0.4
cpe:/o:apple:mac_os_x:10.1
cpe:/o:apple:mac_os_x:10.1.1
cpe:/o:apple:mac_os_x:10.1.2
cpe:/o:apple:mac_os_x:10.1.3
cpe:/o:apple:mac_os_x:10.1.4
cpe:/o:apple:mac_os_x:10.1.5
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x_server:10.0
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
CVE-2003-0171
2003-05-05T00:00:00.000-04:00
2008-09-10T15:18:10.087-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00028.html
ATSTAKE
A041003-1
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
cpe:/a:php:php:4.3.1
CVE-2003-0172
2003-04-02T00:00:00.000-05:00
2017-07-10T21:29:28.273-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030327 @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
BUGTRAQ
20030402 Inaccurate Reports Concerning PHP Vulnerabilities
BUGTRAQ
20030327 Re: @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
BUGTRAQ
20041222 PHP v4.3.x exploit for Windows.
BID
7210
XF
php-openlog-stack-bo(11637)
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
cpe:/a:xfsdump:xfsdump:2.0.0
cpe:/a:xfsdump:xfsdump:2.0.1
cpe:/a:xfsdump:xfsdump:2.0.2
cpe:/a:xfsdump:xfsdump:2.0.3
cpe:/a:xfsdump:xfsdump:2.0.4
cpe:/a:xfsdump:xfsdump:2.0.5
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.2f
cpe:/o:sgi:irix:6.5.2m
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.3f
cpe:/o:sgi:irix:6.5.3m
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.4f
cpe:/o:sgi:irix:6.5.4m
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.5f
cpe:/o:sgi:irix:6.5.5m
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.6f
cpe:/o:sgi:irix:6.5.6m
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.7f
cpe:/o:sgi:irix:6.5.7m
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.8f
cpe:/o:sgi:irix:6.5.8m
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.9f
cpe:/o:sgi:irix:6.5.9m
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.10f
cpe:/o:sgi:irix:6.5.10m
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.11f
cpe:/o:sgi:irix:6.5.11m
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.12f
cpe:/o:sgi:irix:6.5.12m
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.13f
cpe:/o:sgi:irix:6.5.13m
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.14f
cpe:/o:sgi:irix:6.5.14m
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
CVE-2003-0173
2003-05-05T00:00:00.000-04:00
2008-09-10T15:18:10.320-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
SGI
20030404-01-P
DEBIAN
DSA-283
CERT-VN
VU#111673
MANDRAKE
MDKSA-2003:047
xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.2f
cpe:/o:sgi:irix:6.5.2m
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.3f
cpe:/o:sgi:irix:6.5.3m
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.4f
cpe:/o:sgi:irix:6.5.4m
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.5f
cpe:/o:sgi:irix:6.5.5m
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.6f
cpe:/o:sgi:irix:6.5.6m
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.7f
cpe:/o:sgi:irix:6.5.7m
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.8f
cpe:/o:sgi:irix:6.5.8m
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.9f
cpe:/o:sgi:irix:6.5.9m
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.10f
cpe:/o:sgi:irix:6.5.10m
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.11f
cpe:/o:sgi:irix:6.5.11m
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.12f
cpe:/o:sgi:irix:6.5.12m
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.13f
cpe:/o:sgi:irix:6.5.13m
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.14f
cpe:/o:sgi:irix:6.5.14m
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
CVE-2003-0174
2003-05-12T00:00:00.000-04:00
2017-07-10T21:29:28.337-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SGI
20030407-01-P
CIAC
N-084
BID
7442
XF
irix-ldap-authentication-bypass(11860)
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.2f
cpe:/o:sgi:irix:6.5.2m
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.3f
cpe:/o:sgi:irix:6.5.3m
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.4f
cpe:/o:sgi:irix:6.5.4m
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.5f
cpe:/o:sgi:irix:6.5.5m
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.6f
cpe:/o:sgi:irix:6.5.6m
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.7f
cpe:/o:sgi:irix:6.5.7m
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.8f
cpe:/o:sgi:irix:6.5.8m
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.9f
cpe:/o:sgi:irix:6.5.9m
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.10f
cpe:/o:sgi:irix:6.5.10m
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.11f
cpe:/o:sgi:irix:6.5.11m
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.12f
cpe:/o:sgi:irix:6.5.12m
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.13f
cpe:/o:sgi:irix:6.5.13m
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.14f
cpe:/o:sgi:irix:6.5.14m
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
CVE-2003-0175
2004-02-03T00:00:00.000-05:00
2017-07-10T21:29:28.400-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20030603-01-P
CERT-VN
VU#142228
BID
7868
SECTRACK
1008770
XF
irix-piocswatch-ioctl-dos(12241)
SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
CVE-2003-0176
2003-08-18T00:00:00.000-04:00
2008-09-05T16:33:41.363-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SGI
20030701-01-P
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
CVE-2003-0177
2003-08-18T00:00:00.000-04:00
2008-09-05T16:33:41.550-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
SGI
20030701-01-P
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently.
cpe:/a:ibm:lotus_domino_web_server:6.0
CVE-2003-0178
2003-04-02T00:00:00.000-05:00
2017-07-10T21:29:28.477-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
VULNWATCH
20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
VULNWATCH
20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
BUGTRAQ
20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
BUGTRAQ
20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
BUGTRAQ
20030217 Domino Advisories UPDATE
NTBUGTRAQ
20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
NTBUGTRAQ
20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
NTBUGTRAQ
20030217 Domino Advisories UPDATE
CERT
CA-2003-11
CIAC
N-065
CERT-VN
VU#206361
CERT-VN
VU#542873
CERT-VN
VU#772817
MISC
http://www.nextgenss.com/advisories/lotus-hostlocbo.txt
MISC
http://www.nextgenss.com/advisories/lotus-inotesoflow.txt
BID
6870
BID
6871
XF
lotus-domino-inotes-bo(11336)
XF
lotus-domino-hostname-bo(11337)
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
cpe:/a:ibm:lotus_domino_web_server:6.0
cpe:/a:ibm:lotus_notes_client:6.0
CVE-2003-0179
2003-04-02T00:00:00.000-05:00
2017-07-10T21:29:28.570-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
BUGTRAQ
20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
BUGTRAQ
20030217 Domino Advisories UPDATE
NTBUGTRAQ
20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
NTBUGTRAQ
20030217 Domino Advisories UPDATE
CERT
CA-2003-11
CIAC
N-065
CERT-VN
VU#571297
MISC
http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt
BID
6872
CONFIRM
http://www-1.ibm.com/support/docview.wss?uid=swg21104543
XF
lotus-notes-activex-bo(11339)
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.
cpe:/a:ibm:lotus_domino_web_server:6.0
CVE-2003-0180
2003-04-02T00:00:00.000-05:00
2017-07-10T21:29:28.633-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030218 More Lotus Domino Advisories
CERT
CA-2003-11
CIAC
N-065
CERT-VN
VU#355169
MISC
http://www.nextgenss.com/advisories/lotus-60dos.txt
BID
6951
CONFIRM
http://www-1.ibm.com/support/docview.wss?uid=swg21104528
XF
lotus-incomplete-post-dos(11360)
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
cpe:/a:ibm:lotus_domino_web_server:6.0
CVE-2003-0181
2003-04-02T00:00:00.000-05:00
2017-07-10T21:29:28.697-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030218 More Lotus Domino Advisories
CERT
CA-2003-11
MISC
http://www.nextgenss.com/advisories/lotus-60dos.txt
BID
6951
CONFIRM
http://www-1.ibm.com/support/docview.wss?uid=swg21104528
XF
lotus-invalid-field-dos(11361)
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
cpe:/o:linux:linux_kernel:2.4.20
CVE-2003-0187
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:06.573-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030802 [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS
The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.
cpe:/a:lv:lv:4.49.1
cpe:/a:lv:lv:4.49.2
cpe:/a:lv:lv:4.49.3
cpe:/a:lv:lv:4.49.4
cpe:/a:redhat:lv:4.49.4-1::i386
cpe:/a:redhat:lv:4.49.4-3::i386
cpe:/a:redhat:lv:4.49.4-7::i386
cpe:/a:redhat:lv:4.49.4-9::i386
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0::i386
CVE-2003-0188
2003-06-09T00:00:00.000-04:00
2017-10-10T21:29:06.637-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-304
REDHAT
RHSA-2003:167
REDHAT
RHSA-2003:169
TURBO
TLSA-2003-35
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
CVE-2003-0189
2003-06-09T00:00:00.000-04:00
2017-07-10T21:29:28.760-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:661
BUGTRAQ
20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
CONFIRM
http://www.apache.org/dist/httpd/Announcement2.html
CERT-VN
VU#479268
REDHAT
RHSA-2003:186
BID
7725
XF
apache-aprpasswordvalidate-dos(12091)
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
cpe:/a:openbsd:openssh:3.4p1
cpe:/a:openbsd:openssh:3.6.1p1
CVE-2003-0190
2003-05-12T00:00:00.000-04:00
2017-10-10T21:29:06.700-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
MISC
http://lab.mediaservice.net/advisory/2003-01-openssh.txt
FULLDISC
20030430 OpenSSH/PAM timing attack allows remote users identification
BUGTRAQ
20030430 OpenSSH/PAM timing attack allows remote users identification
BUGTRAQ
20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)
REDHAT
RHSA-2003:222
REDHAT
RHSA-2003:224
BID
7467
TURBO
TLSA-2003-31
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
cpe:/a:apache:http_server:2.0
cpe:/a:apache:http_server:2.0.28
cpe:/a:apache:http_server:2.0.32
cpe:/a:apache:http_server:2.0.35
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
cpe:/a:apache:http_server:2.0.46
CVE-2003-0192
2003-08-18T00:00:00.000-04:00
2018-05-02T21:29:19.850-04:00
6.4
NETWORK
LOW
NONE
NONE
PARTIAL
PARTIAL
http://nvd.nist.gov
SCO
SCOSA-2004.6
BUGTRAQ
20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
MANDRAKE
MDKSA-2003:075
REDHAT
RHSA-2003:240
REDHAT
RHSA-2003:243
REDHAT
RHSA-2003:244
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
cpe:/a:catdoc:catdoc:0.91
CVE-2003-0193
2004-08-18T00:00:00.000-04:00
2017-07-10T21:29:28.820-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525
DEBIAN
DSA-575
BID
11560
XF
catdoc-xlsview-symlink(16335)
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").
cpe:/a:redhat:tcpdump:3.4-39::i386
cpe:/a:redhat:tcpdump:3.6.2-9::i386
cpe:/a:redhat:tcpdump:3.6.2-9::ia64
cpe:/a:redhat:tcpdump:3.6.2-12::i386
cpe:/a:redhat:tcpdump:3.6.3-3::i386
cpe:/a:redhat:tcpdump:3.7.2-1::i386
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0::i386
CVE-2003-0194
2003-06-09T00:00:00.000-04:00
2008-09-05T16:33:43.270-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
REDHAT
RHSA-2003:151
REDHAT
RHSA-2003:174
tcpdump does not properly drop privileges to the pcap user when starting up.
cpe:/o:slackware:slackware_linux:8.1
cpe:/o:slackware:slackware_linux:9.0
CVE-2003-0195
2003-06-16T00:00:00.000-04:00
2017-10-10T21:29:06.760-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLSA-2003:678
BUGTRAQ
20030529 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)
DEBIAN
DSA-317
MANDRAKE
MDKSA-2003:062
SUSE
SuSE-SA:2003:028
REDHAT
RHSA-2003:171
BID
7637
TURBO
TLSA-2003-33
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
cpe:/a:hp:cifs-9000_server:a.01.05
cpe:/a:hp:cifs-9000_server:a.01.06
cpe:/a:hp:cifs-9000_server:a.01.07
cpe:/a:hp:cifs-9000_server:a.01.08
cpe:/a:hp:cifs-9000_server:a.01.08.01
cpe:/a:hp:cifs-9000_server:a.01.09
cpe:/a:hp:cifs-9000_server:a.01.09.01
cpe:/a:hp:cifs-9000_server:a.01.09.02
cpe:/a:samba:samba:2.0.0
cpe:/a:samba:samba:2.0.1
cpe:/a:samba:samba:2.0.2
cpe:/a:samba:samba:2.0.3
cpe:/a:samba:samba:2.0.4
cpe:/a:samba:samba:2.0.5
cpe:/a:samba:samba:2.0.6
cpe:/a:samba:samba:2.0.7
cpe:/a:samba:samba:2.0.8
cpe:/a:samba:samba:2.0.9
cpe:/a:samba:samba:2.0.10
cpe:/a:samba:samba:2.2.0
cpe:/a:samba:samba:2.2.0a
cpe:/a:samba:samba:2.2.1a
cpe:/a:samba:samba:2.2.2
cpe:/a:samba:samba:2.2.3
cpe:/a:samba:samba:2.2.3a
cpe:/a:samba:samba:2.2.4
cpe:/a:samba:samba:2.2.5
cpe:/a:samba:samba:2.2.6
cpe:/a:samba:samba:2.2.7
cpe:/a:samba:samba:2.2.7a
cpe:/a:samba:samba:2.2.8
cpe:/a:samba-tng:samba-tng:0.3
cpe:/a:samba-tng:samba-tng:0.3.1
cpe:/o:compaq:tru64:4.0b
cpe:/o:compaq:tru64:4.0d
cpe:/o:compaq:tru64:4.0d_pk9_bl17
cpe:/o:compaq:tru64:4.0f
cpe:/o:compaq:tru64:4.0f_pk6_bl17
cpe:/o:compaq:tru64:4.0f_pk7_bl18
cpe:/o:compaq:tru64:4.0g
cpe:/o:compaq:tru64:4.0g_pk3_bl17
cpe:/o:compaq:tru64:5.0
cpe:/o:compaq:tru64:5.0_pk4_bl17
cpe:/o:compaq:tru64:5.0_pk4_bl18
cpe:/o:compaq:tru64:5.0a
cpe:/o:compaq:tru64:5.0a_pk3_bl17
cpe:/o:compaq:tru64:5.0f
cpe:/o:compaq:tru64:5.1
cpe:/o:compaq:tru64:5.1_pk3_bl17
cpe:/o:compaq:tru64:5.1_pk4_bl18
cpe:/o:compaq:tru64:5.1_pk5_bl19
cpe:/o:compaq:tru64:5.1_pk6_bl20
cpe:/o:compaq:tru64:5.1a
cpe:/o:compaq:tru64:5.1a_pk1_bl1
cpe:/o:compaq:tru64:5.1a_pk2_bl2
cpe:/o:compaq:tru64:5.1a_pk3_bl3
cpe:/o:compaq:tru64:5.1b
cpe:/o:compaq:tru64:5.1b_pk1_bl1
cpe:/o:hp:hp-ux:10.01
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
cpe:/o:sun:solaris:2.5.1::ppc
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0196
2003-05-05T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)
BUGTRAQ
20030407 Immunix Secured OS 7+ samba update
DEBIAN
DSA-280
MANDRAKE
MDKSA-2003:044
REDHAT
RHSA-2003:137
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
cpe:/a:borland_software:interbase:6.0
cpe:/a:borland_software:interbase:6.4
cpe:/a:borland_software:interbase:6.5
cpe:/a:firebirdsql:firebird:1.0.2
CVE-2003-0197
2003-04-11T00:00:00.000-04:00
2016-10-17T22:30:32.580-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
BUGTRAQ
20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
MISC
http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
cpe:/o:apple:mac_os_x:10.0
cpe:/o:apple:mac_os_x:10.0.1
cpe:/o:apple:mac_os_x:10.0.2
cpe:/o:apple:mac_os_x:10.0.3
cpe:/o:apple:mac_os_x:10.0.4
cpe:/o:apple:mac_os_x:10.1
cpe:/o:apple:mac_os_x:10.1.1
cpe:/o:apple:mac_os_x:10.1.2
cpe:/o:apple:mac_os_x:10.1.3
cpe:/o:apple:mac_os_x:10.1.4
cpe:/o:apple:mac_os_x:10.1.5
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x_server:10.0
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
CVE-2003-0198
2003-05-05T00:00:00.000-04:00
2008-09-10T15:18:13.383-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00028.html
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
CVE-2003-0199
2017-05-11T10:29:00.777-04:00
2017-05-11T10:29:00.777-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0200
2017-05-11T10:29:00.807-04:00
2017-05-11T10:29:00.807-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:hp:cifs-9000_server:a.01.05
cpe:/a:hp:cifs-9000_server:a.01.06
cpe:/a:hp:cifs-9000_server:a.01.07
cpe:/a:hp:cifs-9000_server:a.01.08
cpe:/a:hp:cifs-9000_server:a.01.08.01
cpe:/a:hp:cifs-9000_server:a.01.09
cpe:/a:hp:cifs-9000_server:a.01.09.01
cpe:/a:hp:cifs-9000_server:a.01.09.02
cpe:/a:samba:samba:2.0.0
cpe:/a:samba:samba:2.0.1
cpe:/a:samba:samba:2.0.2
cpe:/a:samba:samba:2.0.3
cpe:/a:samba:samba:2.0.4
cpe:/a:samba:samba:2.0.5
cpe:/a:samba:samba:2.0.6
cpe:/a:samba:samba:2.0.7
cpe:/a:samba:samba:2.0.8
cpe:/a:samba:samba:2.0.9
cpe:/a:samba:samba:2.0.10
cpe:/a:samba:samba:2.2.0
cpe:/a:samba:samba:2.2.0a
cpe:/a:samba:samba:2.2.1a
cpe:/a:samba:samba:2.2.3a
cpe:/a:samba:samba:2.2.4
cpe:/a:samba:samba:2.2.5
cpe:/a:samba:samba:2.2.6
cpe:/a:samba:samba:2.2.7
cpe:/a:samba:samba:2.2.7a
cpe:/a:samba:samba:2.2.8
cpe:/a:samba-tng:samba-tng:0.3
cpe:/a:samba-tng:samba-tng:0.3.1
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:compaq:tru64:4.0b
cpe:/o:compaq:tru64:4.0d
cpe:/o:compaq:tru64:4.0d_pk9_bl17
cpe:/o:compaq:tru64:4.0f
cpe:/o:compaq:tru64:4.0f_pk6_bl17
cpe:/o:compaq:tru64:4.0f_pk7_bl18
cpe:/o:compaq:tru64:4.0g
cpe:/o:compaq:tru64:4.0g_pk3_bl17
cpe:/o:compaq:tru64:5.0
cpe:/o:compaq:tru64:5.0_pk4_bl17
cpe:/o:compaq:tru64:5.0_pk4_bl18
cpe:/o:compaq:tru64:5.0a
cpe:/o:compaq:tru64:5.0a_pk3_bl17
cpe:/o:compaq:tru64:5.0f
cpe:/o:compaq:tru64:5.1
cpe:/o:compaq:tru64:5.1_pk3_bl17
cpe:/o:compaq:tru64:5.1_pk4_bl18
cpe:/o:compaq:tru64:5.1_pk5_bl19
cpe:/o:compaq:tru64:5.1_pk6_bl20
cpe:/o:compaq:tru64:5.1a
cpe:/o:compaq:tru64:5.1a_pk1_bl1
cpe:/o:compaq:tru64:5.1a_pk2_bl2
cpe:/o:compaq:tru64:5.1a_pk3_bl3
cpe:/o:compaq:tru64:5.1b
cpe:/o:compaq:tru64:5.1b_pk1_bl1
cpe:/o:hp:hp-ux:10.01
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
cpe:/o:sun:solaris:2.5.1::ppc
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:solaris:9.0:x86_update_2
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0201
2003-05-05T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SGI
20030403-01-P
CONECTIVA
CLA-2003:624
BUGTRAQ
20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise
BUGTRAQ
20030407 Immunix Secured OS 7+ samba update
BUGTRAQ
20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08
BUGTRAQ
20030409 GLSA: samba (200304-02)
DEBIAN
DSA-280
MISC
http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
CERT-VN
VU#267873
MANDRAKE
MDKSA-2003:044
SUSE
SuSE-SA:2003:025
REDHAT
RHSA-2003:137
BID
7294
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
cpe:/a:brian_renaud:metrics:1.0
CVE-2003-0202
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:28.883-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-279
BID
7293
XF
metrics-tmpfile-symlink(11734)
The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
cpe:/a:moxftp:moxftp:2.2
cpe:/a:xftp:xftp:2.2
CVE-2003-0203
2003-04-11T00:00:00.000-04:00
2017-07-10T21:29:28.947-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030223 moxftp arbitrary code execution poc/advisory
DEBIAN
DSA-281
FULLDISC
20030223 moxftp arbitrary code execution poc/advisory
BID
6921
SECTRACK
1006156
XF
moxftp-welcome-banner-bo(11399)
Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.
cpe:/o:kde:kde:2.0
cpe:/o:kde:kde:2.0.1
cpe:/o:kde:kde:2.1
cpe:/o:kde:kde:2.1.1
cpe:/o:kde:kde:2.1.2
cpe:/o:kde:kde:2.2
cpe:/o:kde:kde:2.2.1
cpe:/o:kde:kde:2.2.2
cpe:/o:kde:kde:3.0
cpe:/o:kde:kde:3.0.1
cpe:/o:kde:kde:3.0.2
cpe:/o:kde:kde:3.0.3
cpe:/o:kde:kde:3.0.3a
cpe:/o:kde:kde:3.0.4
cpe:/o:kde:kde:3.0.5
cpe:/o:kde:kde:3.0.5a
cpe:/o:kde:kde:3.1
cpe:/o:kde:kde:3.1.1
CVE-2003-0204
2003-05-05T00:00:00.000-04:00
2016-10-17T22:30:36.440-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://bugs.kde.org/show_bug.cgi?id=53343
CONFIRM
http://bugs.kde.org/show_bug.cgi?id=56808
CONECTIVA
CLA-2003:668
CONECTIVA
CLA-2003:747
BUGTRAQ
20030410 GLSA: kde-3.x (200304-04)
BUGTRAQ
20030411 GLSA: kde-2.x (200304-05)
BUGTRAQ
20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12
BUGTRAQ
20030414 GLSA: kde-2.x (200304-05.1)
DEBIAN
DSA-284
DEBIAN
DSA-293
DEBIAN
DSA-296
CONFIRM
http://www.kde.org/info/security/advisory-20030409-1.txt
MANDRAKE
MDKSA-2003:049
REDHAT
RHSA-2003:002
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
cpe:/a:gkrellm_newsticker:gkrellm_newsticker:0.3
CVE-2003-0205
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:37.737-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030423 Security problems in gkrellm-newsticker
DEBIAN
DSA-294
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI.
cpe:/a:gkrellm_newsticker:gkrellm_newsticker:0.3
CVE-2003-0206
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:39.033-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030423 Security problems in gkrellm-newsticker
DEBIAN
DSA-294
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines.
cpe:/a:gs-common:gs-common:0.3.3
CVE-2003-0207
2003-05-05T00:00:00.000-04:00
2008-09-10T15:18:15.070-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-286
ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.
cpe:/a:macromedia:flash
CVE-2003-0208
2003-05-05T00:00:00.000-04:00
2016-10-17T22:30:40.440-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
FULLDISC
20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
BUGTRAQ
20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
CONFIRM
http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm
MISC
http://www.securiteam.com/securitynews/5XP0B0U9PE.html
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
cpe:/a:smoothwall:smoothwall:2.0_beta_4
cpe:/a:sourcefire:snort:1.8
cpe:/a:sourcefire:snort:1.8.1
cpe:/a:sourcefire:snort:1.8.2
cpe:/a:sourcefire:snort:1.8.3
cpe:/a:sourcefire:snort:1.8.4
cpe:/a:sourcefire:snort:1.8.5
cpe:/a:sourcefire:snort:1.8.6
cpe:/a:sourcefire:snort:1.8.7
cpe:/a:sourcefire:snort:1.9
cpe:/a:sourcefire:snort:1.9.1
CVE-2003-0209
2003-05-05T00:00:00.000-04:00
2016-10-17T22:30:41.597-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability
BUGTRAQ
20030422 GLSA: snort (200304-05)
BUGTRAQ
20030423 Snort <=1.9.1 exploit
BUGTRAQ
20030428 GLSA: snort (200304-06)
ENGARDE
ESA-20030430-013
CERT
CA-2003-13
MISC
http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
DEBIAN
DSA-297
CERT-VN
VU#139129
MANDRAKE
MDKSA-2003:052
BID
7178
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
cpe:/a:cisco:secure_access_control_server:2.1
cpe:/a:cisco:secure_access_control_server:2.3
cpe:/a:cisco:secure_access_control_server:2.4
cpe:/a:cisco:secure_access_control_server:2.5
cpe:/a:cisco:secure_access_control_server:2.6
cpe:/a:cisco:secure_access_control_server:2.6.2
cpe:/a:cisco:secure_access_control_server:2.6.3
cpe:/a:cisco:secure_access_control_server:2.6.4
cpe:/a:cisco:secure_access_control_server:3.0
cpe:/a:cisco:secure_access_control_server:3.0.1
cpe:/a:cisco:secure_access_control_server:3.0.3
cpe:/a:cisco:secure_access_control_server:3.1.1
CVE-2003-0210
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:42.893-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
NTBUGTRAQ
20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
CISCO
20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability
CERT-VN
VU#697049
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
cpe:/a:xinetd:xinetd:2.3.0
cpe:/a:xinetd:xinetd:2.3.1
cpe:/a:xinetd:xinetd:2.3.2
cpe:/a:xinetd:xinetd:2.3.3
cpe:/a:xinetd:xinetd:2.3.4
cpe:/a:xinetd:xinetd:2.3.5
cpe:/a:xinetd:xinetd:2.3.6
cpe:/a:xinetd:xinetd:2.3.7
cpe:/a:xinetd:xinetd:2.3.8
cpe:/a:xinetd:xinetd:2.3.9
cpe:/a:xinetd:xinetd:2.3.10
CVE-2003-0211
2003-05-05T00:00:00.000-04:00
2017-10-10T21:29:06.997-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537
CONECTIVA
CLA-2003:782
BUGTRAQ
20030418 Xinetd 2.3.10 Memory Leaks
MANDRAKE
MDKSA-2003:056
REDHAT
RHSA-2003:160
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
cpe:/a:rinetd:rinetd:0.52
cpe:/a:rinetd:rinetd:0.61
CVE-2003-0212
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:45.660-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030417 Vulnerability in rinetd
DEBIAN
DSA-289
handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.
cpe:/a:poptop:pptp_server:1.0.1
cpe:/a:poptop:pptp_server:1.1.2
cpe:/a:poptop:pptp_server:1.1.3
cpe:/a:poptop:pptp_server:1.1.3_2002-10-09
cpe:/a:poptop:pptp_server:1.1.4b1
cpe:/a:poptop:pptp_server:1.1.4b2
CVE-2003-0213
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:46.817-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030418 Exploit for PoPToP PPTP server
BUGTRAQ
20030428 GLSA: pptpd (200304-08)
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=138437
DEBIAN
DSA-295
CERT-VN
VU#673993
SUSE
SuSE-SA:2003:029
BUGTRAQ
20030409 PoPToP PPTP server remotely exploitable buffer overflow
BUGTRAQ
20030422 Re: Exploit for PoPToP PPTP server - Linux version
BID
7316
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
cpe:/a:debian:mime-support:3.9
cpe:/a:debian:mime-support:3.10
cpe:/a:debian:mime-support:3.11
cpe:/a:debian:mime-support:3.12
cpe:/a:debian:mime-support:3.13
cpe:/a:debian:mime-support:3.14
cpe:/a:debian:mime-support:3.15
cpe:/a:debian:mime-support:3.16
cpe:/a:debian:mime-support:3.17
cpe:/a:debian:mime-support:3.18
cpe:/a:debian:mime-support:3.19
cpe:/a:debian:mime-support:3.20
cpe:/a:debian:mime-support:3.21
CVE-2003-0214
2003-05-12T00:00:00.000-04:00
2008-09-05T16:33:46.443-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
DEBIAN
DSA-292
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
cpe:/a:battleaxe_software:bttlxeforum:2.0_beta_3
CVE-2003-0215
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:48.537-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030424 SQL injection in BttlxeForum
SECTRACK
1006632
CONFIRM
http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
cpe:/o:cisco:catos:7.5%281%29
CVE-2003-0216
2003-05-12T00:00:00.000-04:00
2008-09-10T15:18:16.663-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CISCO
20030424 Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability
CERT-VN
VU#443257
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
cpe:/a:neoteris:instant_virtual_extranet:3.01
CVE-2003-0217
2003-06-16T00:00:00.000-04:00
2016-10-17T22:30:50.067-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030513 XSS In Neoteris IVE Allows Session Hijacking
Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script.
cpe:/a:monkey-project:monkey_http_daemon:0.1.1
cpe:/a:monkey-project:monkey_http_daemon:0.5.2
cpe:/a:monkey-project:monkey_http_daemon:0.6.0
cpe:/a:monkey-project:monkey_http_daemon:0.6.1
CVE-2003-0218
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:51.457-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030420 Monkey HTTPd Remote Buffer Overflow
BUGTRAQ
20030420 Monkey HTTPd Remote Buffer Overflow
BUGTRAQ
20030428 GLSA: monkeyd (200304-07.1)
CONFIRM
http://monkeyd.sourceforge.net/Changelog.txt
BID
7202
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
cpe:/a:kerio:personal_firewall_2:2.1
cpe:/a:kerio:personal_firewall_2:2.1.1
cpe:/a:kerio:personal_firewall_2:2.1.2
cpe:/a:kerio:personal_firewall_2:2.1.3
cpe:/a:kerio:personal_firewall_2:2.1.4
CVE-2003-0219
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:52.753-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
MISC
http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
CERT-VN
VU#641012
BID
7179
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server.
cpe:/a:kerio:personal_firewall_2:2.1
cpe:/a:kerio:personal_firewall_2:2.1.1
cpe:/a:kerio:personal_firewall_2:2.1.2
cpe:/a:kerio:personal_firewall_2:2.1.3
cpe:/a:kerio:personal_firewall_2:2.1.4
CVE-2003-0220
2003-05-12T00:00:00.000-04:00
2016-10-17T22:30:53.910-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
MISC
http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
CERT-VN
VU#454716
BID
7180
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
cpe:/o:hp:tru64:5.1b:pk1
CVE-2003-0221
2003-05-12T00:00:00.000-04:00
2017-07-10T21:29:29.010-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
HP
SSRT3471
BID
7452
XF
tru64-dupatch-setld-symlink(11892)
The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.
cpe:/a:oracle:database_server:7.3.3
cpe:/a:oracle:database_server:7.3.4
cpe:/a:oracle:database_server:8.0.1
cpe:/a:oracle:database_server:8.0.2
cpe:/a:oracle:database_server:8.0.3
cpe:/a:oracle:database_server:8.0.4
cpe:/a:oracle:database_server:8.0.5
cpe:/a:oracle:database_server:8.0.5.1
cpe:/a:oracle:database_server:8.0.6
cpe:/a:oracle:database_server:8.1.5
cpe:/a:oracle:database_server:8.1.6
cpe:/a:oracle:database_server:8.1.7
cpe:/a:oracle:database_server:9.2.1
cpe:/a:oracle:database_server:9.2.2
cpe:/a:oracle:oracle8i:8.0.6
cpe:/a:oracle:oracle8i:8.0.6.3
cpe:/a:oracle:oracle8i:8.0x
cpe:/a:oracle:oracle8i:8.1.5
cpe:/a:oracle:oracle8i:8.1.6
cpe:/a:oracle:oracle8i:8.1.7
cpe:/a:oracle:oracle8i:8.1.7.1
cpe:/a:oracle:oracle8i:8.1.7.4
cpe:/a:oracle:oracle8i:8.1x
cpe:/a:oracle:oracle9i:9.0
cpe:/a:oracle:oracle9i:9.0.1
cpe:/a:oracle:oracle9i:9.0.1.2
cpe:/a:oracle:oracle9i:9.0.1.3
cpe:/a:oracle:oracle9i:9.0.1.4
cpe:/a:oracle:oracle9i:9.0.2
cpe:/a:oracle:oracle9i:9.2.0.1
cpe:/a:oracle:oracle9i:9.2.0.2
CVE-2003-0222
2003-05-12T00:00:00.000-04:00
2017-07-10T21:29:29.070-04:00
9.0
NETWORK
LOW
SINGLE_INSTANCE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
NTBUGTRAQ
20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
CIAC
N-085
BID
7453
XF
oracle-database-link-bo(11885)
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
cpe:/a:microsoft:internet_information_server:4.0
cpe:/a:microsoft:internet_information_server:5.1
cpe:/a:microsoft:internet_information_services:5.0
CVE-2003-0223
2003-06-09T00:00:00.000-04:00
2018-10-30T12:25:10.357-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MS
MS03-018
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
cpe:/a:microsoft:internet_information_services:5.0
CVE-2003-0224
2003-06-09T00:00:00.000-04:00
2018-10-30T12:25:10.357-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
NTBUGTRAQ
20030530 NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability
MS
MS03-018
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
cpe:/a:microsoft:internet_information_server:4.0
cpe:/a:microsoft:internet_information_services:5.0
CVE-2003-0225
2003-06-09T00:00:00.000-04:00
2018-10-30T12:25:10.357-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
NTBUGTRAQ
20030418 Microsoft Active Server Pages DoS
MISC
http://www.aqtronix.com/Advisories/AQ-2003-01.txt
MS
MS03-018
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
cpe:/a:microsoft:internet_information_server:5.1
cpe:/a:microsoft:internet_information_services:5.0
CVE-2003-0226
2003-06-09T00:00:00.000-04:00
2018-10-30T12:25:10.357-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030528 Internet Information Services 5.0 Denial of service
BUGTRAQ
20030529 IIS WEBDAV Denial of Service attacks
NTBUGTRAQ
20030528 Internet Information Services 5.0 Denial of service
MISC
http://www.spidynamics.com/iis_alert.html
MS
MS03-018
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
cpe:/a:microsoft:internet_information_server
CVE-2003-0227
2003-06-09T00:00:00.000-04:00
2018-10-12T17:32:32.147-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030528 RE: Alert: MS03-019, Microsoft... wrong, again.
NTBUGTRAQ
20030528 Re: Alert: MS03-019, Microsoft... wrong, again.
NTBUGTRAQ
20030528 MS03-019: DoS or Code of Choice
MS
MS03-019
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
cpe:/a:microsoft:windows_media_player:-
cpe:/a:microsoft:windows_media_player:7.1
CVE-2003-0228
2003-05-27T00:00:00.000-04:00
2018-10-30T12:25:13.340-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030507 Windows Media Player directory traversal vulnerability
BUGTRAQ
20030508 why i love xs4all + mediaplayer thingie
NTBUGTRAQ
20030507 Windows Media Player directory traversal vulnerability
CERT-VN
VU#384932
BID
7517
MS
MS03-017
XF
mediaplayer-skin-code-execution(11953)
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
cpe:/a:microsoft:data_engine:1.0
cpe:/a:microsoft:sql_server:7.0
cpe:/a:microsoft:sql_server:7.0:sp1
cpe:/a:microsoft:sql_server:7.0:sp2
cpe:/a:microsoft:sql_server:7.0:sp3
cpe:/a:microsoft:sql_server:7.0:sp4
cpe:/a:microsoft:sql_server:2000
cpe:/a:microsoft:sql_server:2000::desktop_engine
cpe:/a:microsoft:sql_server:2000:sp1
cpe:/a:microsoft:sql_server:2000:sp2
cpe:/a:microsoft:sql_server:2000:sp3
cpe:/a:microsoft:sql_server:2000:sp3a
CVE-2003-0230
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:33.927-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CERT-VN
VU#556356
MS
MS03-031
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
cpe:/a:microsoft:data_engine:1.0
cpe:/a:microsoft:sql_server:7.0
cpe:/a:microsoft:sql_server:7.0:sp1
cpe:/a:microsoft:sql_server:7.0:sp2
cpe:/a:microsoft:sql_server:7.0:sp3
cpe:/a:microsoft:sql_server:7.0:sp4
cpe:/a:microsoft:sql_server:2000
cpe:/a:microsoft:sql_server:2000::desktop_engine
cpe:/a:microsoft:sql_server:2000:sp1
cpe:/a:microsoft:sql_server:2000:sp2
cpe:/a:microsoft:sql_server:2000:sp3
cpe:/a:microsoft:sql_server:2000:sp3a
CVE-2003-0231
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:34.257-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
ATSTAKE
A072303-2
CERT-VN
VU#918652
MS
MS03-031
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
cpe:/a:microsoft:data_engine:1.0
cpe:/a:microsoft:sql_server:7.0
cpe:/a:microsoft:sql_server:7.0:sp1
cpe:/a:microsoft:sql_server:7.0:sp2
cpe:/a:microsoft:sql_server:7.0:sp3
cpe:/a:microsoft:sql_server:7.0:sp4
cpe:/a:microsoft:sql_server:2000
cpe:/a:microsoft:sql_server:2000::desktop_engine
cpe:/a:microsoft:sql_server:2000:sp1
cpe:/a:microsoft:sql_server:2000:sp2
cpe:/a:microsoft:sql_server:2000:sp3
cpe:/a:microsoft:sql_server:2000:sp3a
CVE-2003-0232
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:34.663-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
ATSTAKE
A072303-3
CERT-VN
VU#584868
MS
MS03-031
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0233
2003-05-12T00:00:00.000-04:00
2018-10-12T17:32:35.067-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)
XF
ie-plugin-load-bo(11854)
MS
MS03-015
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
cpe:/a:mirabilis:icq:99a_2.15build1701
cpe:/a:mirabilis:icq:99a_2.21build1800
cpe:/a:mirabilis:icq:2000.0a
cpe:/a:mirabilis:icq:2000.0b_build3278
cpe:/a:mirabilis:icq:2001a
cpe:/a:mirabilis:icq:2001b_build3636
cpe:/a:mirabilis:icq:2001b_build3638
cpe:/a:mirabilis:icq:2001b_build3659
cpe:/a:mirabilis:icq:2002a_build3722
cpe:/a:mirabilis:icq:2002a_build3727
cpe:/a:mirabilis:icq:2003a_build3777
cpe:/a:mirabilis:icq:2003a_build3799
cpe:/a:mirabilis:icq:2003a_build3800
CVE-2003-0235
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:29.197-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
BUGTRAQ
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
MISC
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
BID
7461
XF
icq-pop3-format-string(11938)
Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.
cpe:/a:mirabilis:icq:99a_2.15build1701
cpe:/a:mirabilis:icq:99a_2.21build1800
cpe:/a:mirabilis:icq:2000.0a
cpe:/a:mirabilis:icq:2000.0b_build3278
cpe:/a:mirabilis:icq:2001a
cpe:/a:mirabilis:icq:2001b_build3636
cpe:/a:mirabilis:icq:2001b_build3638
cpe:/a:mirabilis:icq:2001b_build3659
cpe:/a:mirabilis:icq:2002a_build3722
cpe:/a:mirabilis:icq:2002a_build3727
cpe:/a:mirabilis:icq:2003a_build3777
cpe:/a:mirabilis:icq:2003a_build3799
cpe:/a:mirabilis:icq:2003a_build3800
CVE-2003-0236
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:29.243-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
BUGTRAQ
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
MISC
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
BID
7462
BID
7463
XF
icq-pop3-email-bo(11939)
Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
cpe:/a:mirabilis:icq:99a_2.15build1701
cpe:/a:mirabilis:icq:99a_2.21build1800
cpe:/a:mirabilis:icq:2000.0a
cpe:/a:mirabilis:icq:2000.0b_build3278
cpe:/a:mirabilis:icq:2001a
cpe:/a:mirabilis:icq:2001b_build3636
cpe:/a:mirabilis:icq:2001b_build3638
cpe:/a:mirabilis:icq:2001b_build3659
cpe:/a:mirabilis:icq:2002a_build3722
cpe:/a:mirabilis:icq:2002a_build3727
cpe:/a:mirabilis:icq:2003a_build3777
cpe:/a:mirabilis:icq:2003a_build3799
cpe:/a:mirabilis:icq:2003a_build3800
CVE-2003-0237
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:29.307-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
BUGTRAQ
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
MISC
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
BID
7464
XF
icq-features-no-auth(11944)
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
cpe:/a:mirabilis:icq:99a_2.15build1701
cpe:/a:mirabilis:icq:99a_2.21build1800
cpe:/a:mirabilis:icq:2000.0a
cpe:/a:mirabilis:icq:2000.0b_build3278
cpe:/a:mirabilis:icq:2001a
cpe:/a:mirabilis:icq:2001b_build3636
cpe:/a:mirabilis:icq:2001b_build3638
cpe:/a:mirabilis:icq:2001b_build3659
cpe:/a:mirabilis:icq:2002a_build3722
cpe:/a:mirabilis:icq:2002a_build3727
cpe:/a:mirabilis:icq:2003a_build3777
cpe:/a:mirabilis:icq:2003a_build3799
cpe:/a:mirabilis:icq:2003a_build3800
CVE-2003-0238
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:29.353-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
BUGTRAQ
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
MISC
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
BID
7465
XF
icq-table-tag-dos(11947)
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
cpe:/a:mirabilis:icq:99a_2.15build1701
cpe:/a:mirabilis:icq:99a_2.21build1800
cpe:/a:mirabilis:icq:2000.0a
cpe:/a:mirabilis:icq:2000.0b_build3278
cpe:/a:mirabilis:icq:2001a
cpe:/a:mirabilis:icq:2001b_build3636
cpe:/a:mirabilis:icq:2001b_build3638
cpe:/a:mirabilis:icq:2001b_build3659
cpe:/a:mirabilis:icq:2002a_build3722
cpe:/a:mirabilis:icq:2002a_build3727
cpe:/a:mirabilis:icq:2003a_build3777
cpe:/a:mirabilis:icq:2003a_build3799
cpe:/a:mirabilis:icq:2003a_build3800
CVE-2003-0239
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:29.417-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
BUGTRAQ
20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
MISC
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
BID
7466
XF
icq-gif89a-header-dos(11948)
icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
cpe:/h:axis:2100_network_camera:2.32
cpe:/h:axis:2110_network_camera:2.32
cpe:/h:axis:2120_network_camera:2.32
cpe:/h:axis:2130_ptz_network_camera:2.32
cpe:/h:axis:2400_video_server:2.32
cpe:/h:axis:2401_video_server:2.32
cpe:/h:axis:2420_network_camera:2.32
cpe:/h:axis:2460_network_dvr:3.00
cpe:/h:axis:250s_video_server:3.02
CVE-2003-0240
2003-06-09T00:00:00.000-04:00
2017-07-10T21:29:29.463-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass
SECTRACK
1006854
MISC
http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
CERT-VN
VU#799060
BID
7652
XF
axis-admin-authentication-bypass(12104)
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
cpe:/a:frontrange:goldmine:5.70
cpe:/a:frontrange:goldmine:6.00
CVE-2003-0241
2003-06-09T00:00:00.000-04:00
2008-09-05T16:33:50.333-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030528 SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)
MISC
http://www.secnap.net/security/gm001.html
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
CVE-2003-0242
2003-06-09T00:00:00.000-04:00
2017-07-10T21:29:29.510-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
SECTRACK
1006796
CERT-VN
VU#869548
BID
7628
XF
macos-ipsec-acl-bypass(12027)
IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.
cpe:/a:happycgi:happymall:4.3
cpe:/a:happycgi:happymall:4.4
CVE-2003-0243
2003-05-27T00:00:00.000-04:00
2008-09-10T15:18:21.540-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030507 Happymall E-Commerce Remote Command Execution
SECTRACK
1006707
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.
cpe:/o:linux:linux_kernel:2.4.0
CVE-2003-0244
2003-05-27T00:00:00.000-04:00
2017-10-10T21:29:08.073-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030517 Algorithmic Complexity Attacks and the Linux Networking Code
ENGARDE
ESA-20030515-017
BUGTRAQ
20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
MISC
http://marc.info/?l=linux-kernel&m=104956079213417
DEBIAN
DSA-311
DEBIAN
DSA-312
DEBIAN
DSA-332
DEBIAN
DSA-336
DEBIAN
DSA-442
MISC
http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
MANDRAKE
MDKSA-2003:066
MANDRAKE
MDKSA-2003:074
REDHAT
RHSA-2003:145
REDHAT
RHSA-2003:147
REDHAT
RHSA-2003:172
BID
7601
XF
data-algorithmic-complexity-dos(15382)
The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
CVE-2003-0245
2003-06-09T00:00:00.000-04:00
2017-07-10T21:29:29.667-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030530 iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability
CONECTIVA
CLA-2003:661
BUGTRAQ
20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
CONFIRM
http://www.apache.org/dist/httpd/Announcement2.html
MISC
http://www.idefense.com/advisory/05.30.03.txt
CERT-VN
VU#757612
MANDRAKE
MDKSA-2003:063
REDHAT
RHSA-2003:186
BID
7723
XF
apache-aprpsprintf-code-execution(12090)
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
cpe:/o:linux:linux_kernel:2.4.0
cpe:/o:linux:linux_kernel:2.4.1
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:linux:linux_kernel:2.4.3
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:linux:linux_kernel:2.5.0
cpe:/o:linux:linux_kernel:2.5.1
cpe:/o:linux:linux_kernel:2.5.2
cpe:/o:linux:linux_kernel:2.5.3
cpe:/o:linux:linux_kernel:2.5.4
cpe:/o:linux:linux_kernel:2.5.5
cpe:/o:linux:linux_kernel:2.5.6
cpe:/o:linux:linux_kernel:2.5.7
cpe:/o:linux:linux_kernel:2.5.8
cpe:/o:linux:linux_kernel:2.5.9
cpe:/o:linux:linux_kernel:2.5.10
cpe:/o:linux:linux_kernel:2.5.11
cpe:/o:linux:linux_kernel:2.5.12
cpe:/o:linux:linux_kernel:2.5.13
cpe:/o:linux:linux_kernel:2.5.14
cpe:/o:linux:linux_kernel:2.5.15
cpe:/o:linux:linux_kernel:2.5.16
cpe:/o:linux:linux_kernel:2.5.17
cpe:/o:linux:linux_kernel:2.5.18
cpe:/o:linux:linux_kernel:2.5.19
cpe:/o:linux:linux_kernel:2.5.20
cpe:/o:linux:linux_kernel:2.5.21
cpe:/o:linux:linux_kernel:2.5.22
cpe:/o:linux:linux_kernel:2.5.23
cpe:/o:linux:linux_kernel:2.5.24
cpe:/o:linux:linux_kernel:2.5.25
cpe:/o:linux:linux_kernel:2.5.26
cpe:/o:linux:linux_kernel:2.5.27
cpe:/o:linux:linux_kernel:2.5.28
cpe:/o:linux:linux_kernel:2.5.29
cpe:/o:linux:linux_kernel:2.5.30
cpe:/o:linux:linux_kernel:2.5.31
cpe:/o:linux:linux_kernel:2.5.32
cpe:/o:linux:linux_kernel:2.5.33
cpe:/o:linux:linux_kernel:2.5.34
cpe:/o:linux:linux_kernel:2.5.35
cpe:/o:linux:linux_kernel:2.5.36
cpe:/o:linux:linux_kernel:2.5.37
cpe:/o:linux:linux_kernel:2.5.38
cpe:/o:linux:linux_kernel:2.5.39
cpe:/o:linux:linux_kernel:2.5.40
cpe:/o:linux:linux_kernel:2.5.41
cpe:/o:linux:linux_kernel:2.5.42
cpe:/o:linux:linux_kernel:2.5.43
cpe:/o:linux:linux_kernel:2.5.44
cpe:/o:linux:linux_kernel:2.5.45
cpe:/o:linux:linux_kernel:2.5.46
cpe:/o:linux:linux_kernel:2.5.47
cpe:/o:linux:linux_kernel:2.5.48
cpe:/o:linux:linux_kernel:2.5.49
cpe:/o:linux:linux_kernel:2.5.50
cpe:/o:linux:linux_kernel:2.5.51
cpe:/o:linux:linux_kernel:2.5.52
cpe:/o:linux:linux_kernel:2.5.53
cpe:/o:linux:linux_kernel:2.5.54
cpe:/o:linux:linux_kernel:2.5.55
cpe:/o:linux:linux_kernel:2.5.56
cpe:/o:linux:linux_kernel:2.5.57
cpe:/o:linux:linux_kernel:2.5.58
cpe:/o:linux:linux_kernel:2.5.59
cpe:/o:linux:linux_kernel:2.5.60
cpe:/o:linux:linux_kernel:2.5.61
cpe:/o:linux:linux_kernel:2.5.62
cpe:/o:linux:linux_kernel:2.5.63
cpe:/o:linux:linux_kernel:2.5.64
cpe:/o:linux:linux_kernel:2.5.65
cpe:/o:linux:linux_kernel:2.5.66
cpe:/o:linux:linux_kernel:2.5.67
cpe:/o:linux:linux_kernel:2.5.68
cpe:/o:linux:linux_kernel:2.5.69
CVE-2003-0246
2003-06-16T00:00:00.000-04:00
2017-10-10T21:29:08.167-04:00
3.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030520 Linux 2.4 kernel ioperm vuln
ENGARDE
ESA-20030515-017
DEBIAN
DSA-311
DEBIAN
DSA-312
DEBIAN
DSA-332
DEBIAN
DSA-336
DEBIAN
DSA-442
MANDRAKE
MDKSA-2003:066
MANDRAKE
MDKSA-2003:074
REDHAT
RHSA-2003:147
REDHAT
RHSA-2003:172
TURBO
TLSA-2003-41
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0::i386
CVE-2003-0247
2003-06-16T00:00:00.000-04:00
2017-10-10T21:29:08.247-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
DEBIAN
DSA-311
DEBIAN
DSA-312
DEBIAN
DSA-332
DEBIAN
DSA-336
DEBIAN
DSA-442
MANDRAKE
MDKSA-2003:066
MANDRAKE
MDKSA-2003:074
REDHAT
RHSA-2003:187
REDHAT
RHSA-2003:195
REDHAT
RHSA-2003:198
TURBO
TLSA-2003-41
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0::i386
CVE-2003-0248
2003-06-16T00:00:00.000-04:00
2017-10-10T21:29:08.307-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
DEBIAN
DSA-311
DEBIAN
DSA-312
DEBIAN
DSA-332
DEBIAN
DSA-336
DEBIAN
DSA-442
MANDRAKE
MDKSA-2003:066
MANDRAKE
MDKSA-2003:074
REDHAT
RHSA-2003:187
REDHAT
RHSA-2003:195
TURBO
TLSA-2003-41
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
cpe:/a:php:php:4.4.6
CVE-2003-0249
2003-12-31T00:00:00.000-05:00
2008-09-05T16:33:51.737-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-03-01T09:10:00.000-05:00
ALLOWS_OTHER_ACCESS
IDEFENSE
20030625 PHP/Apache .htaccess Authentication Bypass Vulnerability
** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
cpe:/a:nis:ypserv_nis_server:2.7
CVE-2003-0251
2003-07-24T00:00:00.000-04:00
2018-10-19T11:29:33.807-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SECTRACK
1016517
SUNALERT
55600
MANDRAKE
MDKSA-2003:072
REDHAT
RHSA-2003:173
REDHAT
RHSA-2003:201
HP
HPSBTU02132
BID
8031
TURBO
TLSA-2003-43
VUPEN
ADV-2006-2873
ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.
cpe:/a:nfs:nfs-utils:0.2
cpe:/a:nfs:nfs-utils:0.2.1
cpe:/a:nfs:nfs-utils:0.3.1
cpe:/a:nfs:nfs-utils:0.3.3
cpe:/a:nfs:nfs-utils:1.0
cpe:/a:nfs:nfs-utils:1.0.1
cpe:/a:nfs:nfs-utils:1.0.3
CVE-2003-0252
2003-08-18T00:00:00.000-04:00
2018-05-02T21:29:19.990-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030714 Linux nfs-utils xlog() off-by-one bug
VULNWATCH
20030714 Reality of the rpc.mountd bug
MISC
http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
BUGTRAQ
20030714 Linux nfs-utils xlog() off-by-one bug
BUGTRAQ
20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)
BUGTRAQ
20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq
SECTRACK
1007187
SUNALERT
1001262
DEBIAN
DSA-349
CERT-VN
VU#258564
MANDRAKE
MDKSA-2003:076
SUSE
SuSE-SA:2003:031
REDHAT
RHSA-2003:206
REDHAT
RHSA-2003:207
BID
8179
TURBO
TLSA-2003-44
XF
nfs-utils-offbyone-bo(12600)
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
cpe:/a:apache:http_server:2.0
cpe:/a:apache:http_server:2.0.28
cpe:/a:apache:http_server:2.0.32
cpe:/a:apache:http_server:2.0.35
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
cpe:/a:apache:http_server:2.0.46
CVE-2003-0253
2003-08-18T00:00:00.000-04:00
2017-10-10T21:29:08.433-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
MANDRAKE
MDKSA-2003:075
REDHAT
RHSA-2003:240
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
cpe:/a:apache:http_server:2.0
cpe:/a:apache:http_server:2.0.28
cpe:/a:apache:http_server:2.0.32
cpe:/a:apache:http_server:2.0.35
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
cpe:/a:apache:http_server:2.0.46
CVE-2003-0254
2003-08-18T00:00:00.000-04:00
2017-10-10T21:29:08.510-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
MANDRAKE
MDKSA-2003:075
REDHAT
RHSA-2003:240
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
cpe:/a:gnu:privacy_guard:1.2.1
CVE-2003-0255
2003-05-27T00:00:00.000-04:00
2018-05-02T21:29:20.130-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
CONECTIVA
CLA-2003:694
BUGTRAQ
20030504 Key validity bug in GnuPG 1.2.1 and earlier
ENGARDE
ESA-20030515-016
BUGTRAQ
20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)
BUGTRAQ
20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)
CERT-VN
VU#397604
ENGARDE
20030515-016
MISC
http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
MANDRAKE
MDKSA-2003:061
REDHAT
RHSA-2003:175
REDHAT
RHSA-2003:176
BID
7497
TURBO
TLSA200334
XF
gnupg-invalid-key-acceptance(11930)
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
cpe:/a:kde:kopete:0.6.1
CVE-2003-0256
2003-05-27T00:00:00.000-04:00
2008-09-10T15:18:26.210-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
CONECTIVA
CLA-2003:665
CONFIRM
http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2
MANDRAKE
MDKSA-2003:055
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
cpe:/o:ibm:aix:4.3
cpe:/o:ibm:aix:4.3.1
cpe:/o:ibm:aix:4.3.2
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
CVE-2003-0257
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:29.837-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
IBM
MSS-OAR-E01-2003:0660.1
XF
aix-print-format-string(12000)
Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.
cpe:/a:cisco:vpn_3002_hardware_client
cpe:/h:cisco:vpn_3015_concentrator
cpe:/h:cisco:vpn_3030_concentator
cpe:/h:cisco:vpn_3060_concentrator
cpe:/h:cisco:vpn_3080_concentrator
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5%28rel%29
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.2
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.3
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.4
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.5
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.3
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.5
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.a
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.b
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.c
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.d
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7d
cpe:/o:cisco:vpn_3000_concentrator_series_software:4.0
cpe:/o:cisco:vpn_3005_concentrator_software:4.0.1
CVE-2003-0258
2003-05-27T00:00:00.000-04:00
2018-10-30T12:26:19.357-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CISCO
20030507 Cisco VPN 3000 Concentrator Vulnerabilities
CERT-VN
VU#727780
XF
cisco-vpn-unauth-access(11954)
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
cpe:/a:cisco:vpn_3002_hardware_client
cpe:/h:cisco:vpn_3015_concentrator
cpe:/h:cisco:vpn_3030_concentator
cpe:/h:cisco:vpn_3060_concentrator
cpe:/h:cisco:vpn_3080_concentrator
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.0
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.a
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.b
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.c
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.d
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.f
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0.3.a
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0.3.b
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0.4
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1%28rel%29
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1.2
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1.4
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5%28rel%29
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.2
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.3
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.4
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.5
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.3
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.5
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.a
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.b
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.c
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7.d
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7d
CVE-2003-0259
2003-05-27T00:00:00.000-04:00
2018-10-30T12:26:19.230-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CISCO
20030507 Cisco VPN 3000 Concentrator Vulnerabilities
CERT-VN
VU#317348
XF
cisco-vpn-ssh-dos(11955)
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
cpe:/a:cisco:vpn_3002_hardware_client
cpe:/h:cisco:vpn_3015_concentrator
cpe:/h:cisco:vpn_3030_concentator
cpe:/h:cisco:vpn_3060_concentrator
cpe:/h:cisco:vpn_3080_concentrator
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.0
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.a
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.b
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.c
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.d
cpe:/o:cisco:vpn_3000_concentrator_series_software:2.5.2.f
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0.3.a
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0.3.b
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.0.4
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1%28rel%29
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1.2
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.1.4
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5%28rel%29
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.2
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.3
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.4
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.5.5
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.1
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.3
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.5
cpe:/o:cisco:vpn_3000_concentrator_series_software:3.6.7
CVE-2003-0260
2003-05-27T00:00:00.000-04:00
2018-10-30T12:26:19.230-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CISCO
20030507 Cisco VPN 3000 Concentrator Vulnerabilities
CERT-VN
VU#221164
XF
cisco-vpn-icmp-dos(11956)
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
cpe:/a:fuzz:fuzz:0.6
CVE-2003-0261
2003-05-27T00:00:00.000-04:00
2008-09-10T15:18:26.570-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
DEBIAN
DSA-302
fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.
cpe:/a:leksbot:leksbot:1.2
CVE-2003-0262
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:30.087-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-299
BID
7505
XF
kataxwr-gain-privileges(11945)
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.
cpe:/a:floosietek:ftgatepro:1.22_1328
CVE-2003-0263
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:30.150-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)
BUGTRAQ
20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)
BID
7506
BID
7508
XF
ftgate-mailfrom-rcptto-bo(11951)
Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
cpe:/a:seattle_lab_software:slmail:5.1.0.4420
CVE-2003-0264
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:21.947-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
NTBUGTRAQ
20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
MISC
http://www.nextgenss.com/advisories/slmail-vulns.txt
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.
cpe:/a:sap:sap_db:7.3.29
cpe:/a:sap:sap_db:7.4.3.7_beta
CVE-2003-0265
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:23.277-04:00
6.2
LOCAL
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030507 SAP database local root vulnerability during installation. (fwd)
BID
7421
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
cpe:/a:bvrp_software:slwebmail:3.0
CVE-2003-0266
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:24.463-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030507 Multiple Vulnerabilities in SLWebmail
NTBUGTRAQ
20030507 Multiple Vulnerabilities in SLWebmail
MISC
http://www.nextgenss.com/advisories/slwebmail-vulns.txt
Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.
cpe:/a:bvrp_software:slwebmail:3.0
CVE-2003-0267
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:26.040-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030507 Multiple Vulnerabilities in SLWebmail
NTBUGTRAQ
20030507 Multiple Vulnerabilities in SLWebmail
MISC
http://www.nextgenss.com/advisories/slwebmail-vulns.txt
ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.
cpe:/a:bvrp_software:slwebmail:3.0
CVE-2003-0268
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:27.230-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030507 Multiple Vulnerabilities in SLWebmail
NTBUGTRAQ
20030507 Multiple Vulnerabilities in SLWebmail
MISC
http://www.nextgenss.com/advisories/slwebmail-vulns.txt
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.
cpe:/a:youbin:youbin:2.5
cpe:/a:youbin:youbin:3.0
cpe:/a:youbin:youbin:3.4
CVE-2003-0269
2003-05-27T00:00:00.000-04:00
2017-07-10T21:29:30.227-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030506 youbin local root exploit + advisory
FULLDISC
20030506 youbin local root exploit + advisory
BUGTRAQ
20030506 youbin local root exploit + advisory
BID
7503
XF
youbin-home-bo(11949)
Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.
cpe:/h:apple:802.11n:7.3.1
CVE-2003-0270
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.277-04:00
7.6
NETWORK
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SECTRACK
1006742
ATSTAKE
A051203-1
BID
7554
XF
airport-auth-credentials-disclosure(11980)
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
cpe:/a:cooolsoft:personal_ftp_server
CVE-2003-0271
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:29.777-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030508 Remote Stack Overflow exploit for Personal FTPD
MISC
http://security.nnov.ru/search/document.asp?docid=4309
BUGTRAQ
20030331 Personal FTP Server
Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.
cpe:/a:miniportal:miniportal:1.9
cpe:/a:miniportal:miniportal:2.0
cpe:/a:miniportal:miniportal:2.1
cpe:/a:miniportal:miniportal:2.2
CVE-2003-0272
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:31.213-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030508 miniPortail (PHP) : Admin Access
MISC
http://www.frog-man.org/tutos/miniPortail.txt
admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.
cpe:/a:best_practical_solutions:request_tracker:1.0.0
cpe:/a:best_practical_solutions:request_tracker:1.0.1
cpe:/a:best_practical_solutions:request_tracker:1.0.2
cpe:/a:best_practical_solutions:request_tracker:1.0.3
cpe:/a:best_practical_solutions:request_tracker:1.0.4
cpe:/a:best_practical_solutions:request_tracker:1.0.5
cpe:/a:best_practical_solutions:request_tracker:1.0.6
cpe:/a:best_practical_solutions:request_tracker:1.0.7
CVE-2003-0273
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:32.340-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html
BUGTRAQ
20030508 Fw: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks
Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.
cpe:/a:cren:listproc:8.2.9
CVE-2003-0274
2003-05-27T00:00:00.000-04:00
2016-10-17T22:31:33.417-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030508 SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow
Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value.
cpe:/a:yabb:yabb:1.5.2::second_edition
CVE-2003-0275
2003-06-16T00:00:00.000-04:00
2016-10-17T22:31:34.730-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030509 II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.
cpe:/a:pi3:pi3web:2.0.1
CVE-2003-0276
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.320-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030428 Pi3Web 2.0.1 DoS
BUGTRAQ
20030512 Unix Version of the Pi3web DoS
BID
7555
XF
pi3web-get-request-bo(11889)
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
cpe:/a:happycgi:happymall:4.3
cpe:/a:happycgi:happymall:4.4
CVE-2003-0277
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.383-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030512 One more flaw in Happymall
BID
7559
XF
happymall-dotdot-directory-traversal(11987)
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter.
cpe:/a:happycgi.com:happymall:4.3
cpe:/a:happycgi.com:happymall:4.4
CVE-2003-0278
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.430-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030512 One more flaw in Happymall
BID
7557
XF
happymall-normalhtml-xss(11988)
Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter.
cpe:/a:francisco_burzi:php-nuke:5.0
cpe:/a:francisco_burzi:php-nuke:6.0
CVE-2003-0279
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.477-04:00
2.6
NETWORK
HIGH
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030513 More and More SQL injection on PHP-Nuke 6.5.
BUGTRAQ
20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
BID
7558
BID
7588
XF
phpnuke-web-sql-injection(11984)
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
cpe:/a:youngzsoft:cmailserver:4.0.2003.23.27
CVE-2003-0280
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.527-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0
BUGTRAQ
20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0
BID
7547
BID
7548
XF
cmailserver-smtp-bo(11975)
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
cpe:/a:firebirdsql:firebird:1.0.2
CVE-2003-0281
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.587-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030509 Firebird Local exploit
BUGTRAQ
20020617 Interbase 6.0 malloc() issues
GENTOO
GLSA-200405-18
BID
7546
XF
firebird-interbase-bo(11977)
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
cpe:/a:info-zip:unzip:5.50
cpe:/o:sco:openlinux_server:3.1.1
cpe:/o:sco:openlinux_workstation:3.1.1
CVE-2003-0282
2003-06-16T00:00:00.000-04:00
2017-10-10T21:29:08.590-04:00
2.6
NETWORK
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CALDERA
CSSA-2003-031.0
CONECTIVA
CLA-2003:672
IMMUNIX
IMNX-2003-7+-017-01
BUGTRAQ
20030509 unzip directory traversal revisited
BUGTRAQ
20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip)
CIAC
N-111
DEBIAN
DSA-344
CONFIRM
http://www.info-zip.org/FAQ.html
MANDRAKE
MDKSA-2003:073
REDHAT
RHSA-2003:199
REDHAT
RHSA-2003:200
BID
7550
TURBO
TLSA-2003-42
XF
unzip-dotdot-directory-traversal(12004)
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
cpe:/a:phorum:phorum:3.4.3
CVE-2003-0283
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.697-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030509 A Phorum's bug...
BUGTRAQ
20030509 Re: A Phorum's bug...
BID
7545
XF
phorum-message-html-injection(11974)
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
cpe:/a:adobe:acrobat:5.0
CVE-2003-0284
2003-06-16T00:00:00.000-04:00
2008-09-05T16:33:57.177-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121
CERT-VN
VU#184820
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.
cpe:/o:ibm:aix:5.2
CVE-2003-0285
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.743-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030513 AIX sendmail open relay
MISC
http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt
CERT-VN
VU#814617
BID
7580
XF
aix-sendmail-mail-relay(11993)
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
cpe:/a:snitz_communications:snitz_forums_2000:3.3.03
CVE-2003-0286
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.807-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030512 Snitz Forum 3.3.03 Remote Command Execution
BUGTRAQ
20030513 Snitz Forum 3.3.03 Remote Command Execution
MISC
http://packetstormsecurity.org/0305-exploits/snitz_exec.txt
BID
35764
BID
7549
XF
snitz-register-sql-injection(11981)
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
cpe:/a:six_apart:movable_type:2.6
cpe:/a:six_apart:movable_type:2.63
CVE-2003-0287
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.853-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030512 CSS found in Movable Type
BUGTRAQ
20030512 Re: CSS found in Movable Type
BUGTRAQ
20030513 Re: CSS found in Movable Type -- Nope
BID
7560
XF
movable-type-comment-xss(12003)
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
cpe:/a:hiroaki_shirouzu:ip_messenger:2.00
CVE-2003-0288
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.917-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030513 [SNS Advisory No.64] IP Messenger for Win Buffer Overflow Vulnerability
MISC
http://www.lac.co.jp/security/english/snsadv_e/64_e.html
BID
7566
XF
ip-messenger-filename-bo(11986)
Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file.
cpe:/a:cdrtools:cdrecord:1.11
cpe:/a:cdrtools:cdrecord:2.0
CVE-2003-0289
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:30.963-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz
GENTOO
200305-06
BUGTRAQ
20030513 cdrtools2.0 Format String Vulnerability
BUGTRAQ
20030513 Cdrecord_local_root_exploit.
MANDRAKE
MDKSA-2003:058
MISC
http://www.securiteam.com/exploits/5ZP0C2AAAC.html
BID
7565
XF
cdrtools-scsiopen-format-string(12007)
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
cpe:/a:etype:eserv:2.9x
CVE-2003-0290
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:31.010-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030511 eServ Memory Leak Enables Denial of Service Attacks
BUGTRAQ
20030511 eServ Memory Leak Enables Denial of Service Attacks
BUGTRAQ
20030513 eServ Memory Leak Solution
BID
7552
XF
eserv-multiple-connections-dos(11973)
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
cpe:/h:3com:3cp4144:1.1.7
CVE-2003-0291
2003-06-16T00:00:00.000-04:00
2017-07-10T21:29:31.057-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030514 Memory leak in 3COM 812 DSL routers
BUGTRAQ
20030515 RE : Memory leak in 3COM DSL routers
MISC
http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm
BID
7592
XF
3com-officeconnect-memory-leak(11999)
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
cpe:/a:inktomi:inktomi_traffic-server:5.5.1
CVE-2003-0292
2003-06-16T00:00:00.000-04:00
2016-10-17T22:31:55.670-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030514 Inktomi Traffic-Server XSS: man-in-the-middle XSS !
BID
7596
Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
cpe:/o:palm:palmos
CVE-2003-0293
2003-06-16T00:00:00.000-04:00
2016-10-17T22:31:56.827-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030514 PalmOS ICMP flood DoS.
PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets.
cpe:/a:php-proxima:php-proxima:6.0
CVE-2003-0294
2003-06-16T00:00:00.000-04:00
2016-10-17T22:31:58.063-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030514 php-proxima Remote File Access Vulnerability
autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation.
cpe:/a:jelsoft:vbulletin:3.0.0_beta_2
CVE-2003-0295
2003-06-16T00:00:00.000-04:00
2016-10-17T22:31:59.157-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030514 VBulletin Preview Message - XSS Vuln
BUGTRAQ
20030514 Re: VBulletin Preview Message - XSS Vuln
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
cpe:/a:ximian:evolution:1.2.4
CVE-2003-0296
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:00.217-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030514 Buffer overflows in multiple IMAP clients
The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
cpe:/a:university_of_washington:c-client
cpe:/a:university_of_washington:imap-2002b
cpe:/a:university_of_washington:pine:4.53
CVE-2003-0297
2003-06-16T00:00:00.000-04:00
2018-10-19T11:29:35.120-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030514 Buffer overflows in multiple IMAP clients
REDHAT
RHSA-2005:015
REDHAT
RHSA-2005:114
FEDORA
FLSA:184074
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
cpe:/a:mozilla:mozilla:1.3
cpe:/a:mozilla:mozilla:1.4:alpha
CVE-2003-0298
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:02.923-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030514 Buffer overflows in multiple IMAP clients
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
cpe:/a:mutt:mutt:1.4.1
cpe:/a:stuart_parmenter:balsa:2.0.10
CVE-2003-0299
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:04.063-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030514 Buffer overflows in multiple IMAP clients
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.
cpe:/a:microsoft:outlook_express:6.00.2800.1106
cpe:/a:mozilla:mozilla:1.3
cpe:/a:mozilla:mozilla:1.4:alpha
cpe:/a:mutt:mutt:1.4.1
cpe:/a:qualcomm:eudora:5.2.1
cpe:/a:stuart_parmenter:balsa:2.0.10
cpe:/a:sylpheed:sylpheed_email_client:0.8.11
cpe:/a:university_of_washington:pine:4.53
cpe:/a:ximian:evolution:1.2.4
CVE-2003-0300
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:05.313-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030514 Buffer overflows in multiple IMAP clients
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
cpe:/a:microsoft:outlook_express:6.00.2800.1106
CVE-2003-0301
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:06.720-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030514 Buffer overflows in multiple IMAP clients
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
cpe:/a:qualcomm:eudora:5.2.1
CVE-2003-0302
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:07.923-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030514 Buffer overflows in multiple IMAP clients
The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
cpe:/a:oneorzero:oneorzero_helpdesk:1.4_rc4
CVE-2003-0303
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:08.987-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030515 OneOrZero Security Problems (PHP)
BUGTRAQ
20030515 OneOrZero Security Problems (PHP)
BID
7609
SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter.
cpe:/a:oneorzero:oneorzero_helpdesk:1.4_rc4
CVE-2003-0304
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:10.267-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030515 OneOrZero Security Problems (PHP)
BUGTRAQ
20030515 OneOrZero Security Problems (PHP)
one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script.
cpe:/o:cisco:ios:12.0%2815%29s
cpe:/o:cisco:ios:12.0%2815%29sc
cpe:/o:cisco:ios:12.0%2815%29sl
cpe:/o:cisco:ios:12.0%2816%29s
cpe:/o:cisco:ios:12.0%2816%29sc
cpe:/o:cisco:ios:12.0%2816%29st
cpe:/o:cisco:ios:12.0%2817%29s
cpe:/o:cisco:ios:12.0%2817%29sl
cpe:/o:cisco:ios:12.0%2818%29s
cpe:/o:cisco:ios:12.0%2818%29sl
cpe:/o:cisco:ios:12.0%2819%29s
cpe:/o:cisco:ios:12.0%2819%29sl
cpe:/o:cisco:ios:12.0%2819%29sp
cpe:/o:cisco:ios:12.0%2820%29sl
cpe:/o:cisco:ios:12.0%2820%29sp
cpe:/o:cisco:ios:12.0%2821%29s
cpe:/o:cisco:ios:12.0%2821%29sl
cpe:/o:cisco:ios:12.0%2821%29sx
cpe:/o:cisco:ios:12.1%288%29ea
cpe:/o:cisco:ios:12.1%289%29ea
cpe:/o:cisco:ios:12.1%2810%29
cpe:/o:cisco:ios:12.1%2810%29e
cpe:/o:cisco:ios:12.1%2810%29ec
cpe:/o:cisco:ios:12.1%2810%29ex
cpe:/o:cisco:ios:12.1%2810%29ey
cpe:/o:cisco:ios:12.1%2810.5%29ec
cpe:/o:cisco:ios:12.1%2810a%29
cpe:/o:cisco:ios:12.1%2811%29
cpe:/o:cisco:ios:12.1%2811.5%29e
cpe:/o:cisco:ios:12.1%2811a%29
cpe:/o:cisco:ios:12.1%2811b%29
cpe:/o:cisco:ios:12.1%2811b%29e
cpe:/o:cisco:ios:12.1%2812%29
cpe:/o:cisco:ios:12.1%2812a%29
cpe:/o:cisco:ios:12.1%2812b%29
cpe:/o:cisco:ios:12.1%2812c%29
cpe:/o:cisco:ios:12.1%2813%29
cpe:/o:cisco:ios:12.1%2814%29
cpe:/o:cisco:ios:12.1%2814.5%29
cpe:/o:cisco:ios:12.2%286.8a%29
cpe:/o:cisco:ios:12.2%287%29
cpe:/o:cisco:ios:12.2%287%29da
cpe:/o:cisco:ios:12.2%287a%29
cpe:/o:cisco:ios:12.2%287b%29
cpe:/o:cisco:ios:12.2%287c%29
cpe:/o:cisco:ios:12.2%289%29s
cpe:/o:cisco:ios:12.2%289.4%29da
cpe:/o:cisco:ios:12.2%2810.5%29s
CVE-2003-0305
2003-06-09T00:00:00.000-04:00
2017-10-10T21:29:08.667-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CISCO
20030515 Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
cpe:/o:microsoft:windows_xp::gold
CVE-2003-0306
2003-06-09T00:00:00.000-04:00
2018-10-12T17:32:35.523-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1
BUGTRAQ
20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1
VULN-DEV
20030507 Buffer overflow in Explorer.exe
MS
MS03-027
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
cpe:/a:poster:poster:version.two
CVE-2003-0307
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:12.893-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030514 [VULNERABILITY] PHP 'poster version.two'
Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field.
cpe:/a:sendmail:sendmail:8.9.3
cpe:/a:sendmail:sendmail:8.12.3
cpe:/a:sendmail:sendmail:8.12.9
cpe:/o:debian:debian_linux:3.0
CVE-2003-0308
2003-05-15T00:00:00.000-04:00
2008-11-11T00:29:40.900-05:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://bugs.debian.org/496408
CONFIRM
http://dev.gentoo.org/~rbu/security/debiantemp/sendmail-base
DEBIAN
DSA-305
MLIST
[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire
CONFIRM
https://bugs.gentoo.org/show_bug.cgi?id=235770
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
cpe:/a:microsoft:ie:6.0.2800
CVE-2003-0309
2003-06-09T00:00:00.000-04:00
2018-10-12T17:32:36.227-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030508 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
BUGTRAQ
20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
NTBUGTRAQ
20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
CERT-VN
VU#251788
BID
7539
MS
MS03-020
XF
ie-frame-restrictions-bypass(12019)
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
cpe:/a:ez:ez_publish:2.2
CVE-2003-0310
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:15.237-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030516 EzPublish Directory XSS Vulnerability
Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
cpe:/a:snowblind.net:snowblind_web_server:1.0
CVE-2003-0312
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:16.457-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030516 Snowblind Web Server: multiple issues
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
cpe:/a:snowblind.net:snowblind_web_server:1.0
CVE-2003-0313
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:17.737-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030516 Snowblind Web Server: multiple issues
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request.
cpe:/a:snowblind.net:snowblind_web_server:1.0
CVE-2003-0314
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:18.753-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030516 Snowblind Web Server: multiple issues
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence.
cpe:/a:snowblind.net:snowblind_web_server:1.0
CVE-2003-0315
2003-06-16T00:00:00.000-04:00
2016-10-17T22:32:19.893-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030516 Snowblind Web Server: multiple issues
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow.
cpe:/a:fourelle_venturi_wireless:venturi_client:2.2
CVE-2003-0316
2003-06-16T00:00:00.000-04:00
2008-09-05T16:34:01.550-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
BUGTRAQ
20030516 Venturi Client 2.1 confirmed as open relay [Verizon Wireless Mobile Office]
MISC
http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm
Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.
cpe:/a:iisprotect:iisprotect:2.1
cpe:/a:iisprotect:iisprotect:2.2
CVE-2003-0317
2003-12-31T00:00:00.000-05:00
2008-10-03T00:20:39.637-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
IDEFENSE
20030522 Authentication Bypass in iisPROTECT
iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters.
cpe:/a:francisco_burzi:php-nuke:6.0
CVE-2003-0318
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:21.520-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030517 PHP-Nuke code injection in Yearly Stats at Statistics module
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
cpe:/a:smartmax_software:mailmax:5.0.10.8
CVE-2003-0319
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:22.863-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030517 Buffer overflow vulnerability found in MailMax version 5
BUGTRAQ
20030517 Buffer overflow vulnerability found in MailMax version 5
Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command.
cpe:/a:andy_prevost:ttcms:2.3
CVE-2003-0320
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:23.973-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030517 Remote code execution in ttCMS <=v2.3
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.
cpe:/a:colten_edwards:bitchx:1.0.0c19
CVE-2003-0321
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:25.177-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:655
BUGTRAQ
20030313 Buffer overflows in ircII-based clients
BUGTRAQ
20030324 GLSA: bitchx (200303-21)
MISC
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
DEBIAN
DSA-306
BID
7096
BID
7097
BID
7099
BID
7100
Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it.
cpe:/a:colten_edwards:bitchx:1.0.0c19
CVE-2003-0322
2003-06-09T00:00:00.000-04:00
2008-09-05T16:34:02.393-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
MISC
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
DEBIAN
DSA-306
Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash).
cpe:/a:michael_sandrof:ircii:2002-09-12
CVE-2003-0323
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:26.613-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030313 Buffer overflows in ircII-based clients
BUGTRAQ
20030319 [OpenPKG-SA-2003.024] OpenPKG Security Advisory (ircii)
DEBIAN
DSA-291
DEBIAN
DSA-298
BID
7098
Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
cpe:/a:epic:epic4:1.0.1
CVE-2003-0324
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:27.897-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030313 Buffer overflows in ircII-based clients
DEBIAN
DSA-287
BID
7091
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.
cpe:/a:ambrosia_software:maelstrom:3.0.5
cpe:/a:ambrosia_software:maelstrom:3.0.6
CVE-2003-0325
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:29.097-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030518 Maelstrom Buffer Overflow
BUGTRAQ
20030519 Maelstrom exploit
BUGTRAQ
20030520 Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
cpe:/a:slocate:slocate
CVE-2003-0326
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:30.473-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030519 bazarr slocate
BID
7629
Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to malloc.
cpe:/a:sybase:adaptive_server_enterprise:12.5
CVE-2003-0327
2003-12-15T00:00:00.000-05:00
2017-07-10T21:29:31.213-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031120 R7-0016: Sybase ASE 12.5 Remote Password Array Denial of Service
MISC
http://www.rapid7.com/advisories/R7-0016.html
XF
sybase-passwordarray-bo(13800)
Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow.
cpe:/a:epic:epic4:pre2.002
cpe:/a:epic:epic4:pre2.003
CVE-2003-0328
2003-06-09T00:00:00.000-04:00
2008-09-05T16:34:03.237-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1
DEBIAN
DSA-306
DEBIAN
DSA-399
REDHAT
RHSA-2003:342
EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.
cpe:/a:aclogic:cesarftp:0.99g
CVE-2003-0329
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:33.020-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030520 Plaintext Password in Settings.ini of CesarFTP
BUGTRAQ
20030520 Plaintext Password in Settings.ini of CesarFTP
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges.
cpe:/a:ambrosia_software:maelstrom
CVE-2003-0330
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:34.303-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030520 Maelstrom Local Buffer Overflow Exploit
SECTRACK
1008832
Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument.
cpe:/a:ttcms:ttforum:4
CVE-2003-0331
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:35.723-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030520 More vulnerabilities in ttForum/ttCMS -> SQL injection
SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page.
cpe:/a:working_resources_inc.:badblue:2.2
CVE-2003-0332
2003-06-09T00:00:00.000-04:00
2016-10-17T22:32:36.880-04:00
7.6
NETWORK
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030520 BadBlue Remote Administrative Interface Access Vulnerability
BUGTRAQ
20030520 BadBlue Remote Administrative Interface Access Vulnerability
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:11.00
CVE-2003-0333
2003-05-19T00:00:00.000-04:00
2017-07-10T21:29:31.260-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030502 HP-UX 11.0 /usr/bin/kermit
BUGTRAQ
20030502 Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd)
CERT-VN
VU#971364
BID
7627
XF
hp-ckermit-bo(11929)
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.
cpe:/a:colten_edwards:bitchx:1.0c20cvs
CVE-2003-0334
2003-05-10T00:00:00.000-04:00
2017-07-10T21:29:31.320-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:655
BUGTRAQ
20030510 BitchX: Crash when channel modes change
MANDRAKE
MDKSA-2003:069
BID
7551
XF
bitchx-mode-change-dos(12008)
BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.
cpe:/o:slackware:slackware_linux:9.0
CVE-2003-0335
2003-05-22T00:00:00.000-04:00
2016-10-17T22:32:40.773-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030522 [slackware-security] quotacheck security fix in rc.M (SSA:2003-141-06)
rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.
cpe:/a:qualcomm:eudora:5.2.1
CVE-2003-0336
2003-05-22T00:00:00.000-04:00
2016-10-17T22:32:41.913-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030522 Eudora 5.2.1 attachment spoof
Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.
cpe:/a:platform:lsadmin:5.1
CVE-2003-0337
2003-05-22T00:00:00.000-04:00
2016-10-17T22:32:43.037-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030522 Security advisory: LSF 5.1 local root exploit
The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes.
cpe:/a:wsmp3:wsmp3_daemon:0.0.8
cpe:/a:wsmp3:wsmp3_daemon:0.0.9
cpe:/a:wsmp3:wsmp3_daemon:0.0.10
cpe:/a:wsmp3:wsmp3_web_server:0.0.1
cpe:/a:wsmp3:wsmp3_web_server:0.0.2
cpe:/a:wsmp3:wsmp3_web_server:0.0.3
cpe:/a:wsmp3:wsmp3_web_server:0.0.4
cpe:/a:wsmp3:wsmp3_web_server:0.0.5
cpe:/a:wsmp3:wsmp3_web_server:0.0.6
cpe:/a:wsmp3:wsmp3_web_server:0.0.7
CVE-2003-0338
2003-05-21T00:00:00.000-04:00
2016-10-17T22:32:44.180-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
VULNWATCH
20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability
BUGTRAQ
20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability
Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.
cpe:/a:wsmp3:wsmp3_daemon:0.0.8
cpe:/a:wsmp3:wsmp3_daemon:0.0.9
cpe:/a:wsmp3:wsmp3_daemon:0.0.10
cpe:/a:wsmp3:wsmp3_web_server:0.0.7
CVE-2003-0339
2003-05-22T00:00:00.000-04:00
2016-10-17T22:32:45.663-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.
BUGTRAQ
20030522 WsMp3d remote exploit.
Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests.
cpe:/a:demarc_security:puresecure:1.6
CVE-2003-0340
2003-05-21T00:00:00.000-04:00
2008-09-05T16:34:04.940-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2005-05-25T10:06:00.000-04:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030521 Demarc Puresecure v1.6 - Plaintext password issue -
Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.
cpe:/a:owl:owl_intranet_engine:0.7
cpe:/a:owl:owl_intranet_engine:0.71
CVE-2003-0341
2003-05-21T00:00:00.000-04:00
2016-10-17T22:32:46.837-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030521 [AP] Owl Intranet Engine CSS Bug
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.
cpe:/a:selom_ofori:blackmoon_ftp_server:2.6
CVE-2003-0342
2003-05-20T00:00:00.000-04:00
2016-10-17T22:32:48.070-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges.
cpe:/a:selom_ofori:blackmoon_ftp_server:2.6
CVE-2003-0343
2003-05-21T00:00:00.000-04:00
2016-10-17T22:32:49.413-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
cpe:/a:microsoft:ie:5.01
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0::windows_server_2003
CVE-2003-0344
2003-06-16T00:00:00.000-04:00
2018-10-12T17:32:37.333-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
FULLDISC
20030709 IE Object Type Overflow Exploit
BUGTRAQ
20030604 Internet Explorer Object Type Property Overflow
EEYE
AD20030604
CERT-VN
VU#679556
MS
MS03-020
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::terminal_server_alpha
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0345
2003-08-18T00:00:00.000-04:00
2019-04-30T10:27:13.710-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1007154
CERT-VN
VU#337764
BID
8152
MS
MS03-024
XF
win-smb-bo(12544)
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
cpe:/a:microsoft:directx:5.2
cpe:/a:microsoft:directx:6.1
cpe:/a:microsoft:directx:7.0
cpe:/a:microsoft:directx:7.0a
cpe:/a:microsoft:directx:8.1
cpe:/a:microsoft:directx:9.0a
CVE-2003-0346
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:39.227-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption
CERT
CA-2003-18
CERT-VN
VU#265232
CERT-VN
VU#561284
MS
MS03-030
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
cpe:/a:microsoft:office:2000
cpe:/a:microsoft:office:2000:sp2
cpe:/a:microsoft:office:2000:sp3
cpe:/a:microsoft:office:xp
cpe:/a:microsoft:office:xp:sp1
cpe:/a:microsoft:office:xp:sp2
cpe:/a:microsoft:project:2000
cpe:/a:microsoft:project:2002
cpe:/a:microsoft:visio:2002::professional
cpe:/a:microsoft:visual_basic:5.0::sdk
cpe:/a:microsoft:visual_basic:6.2
cpe:/a:microsoft:visual_basic:6.2::sdk
cpe:/a:microsoft:visual_basic:6.3::sdk
CVE-2003-0347
2003-10-20T00:00:00.000-04:00
2018-10-12T17:32:40.147-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030903 EEYE: VBE Document Property Buffer Overflow
BUGTRAQ
20030903 EEYE: VBE Document Property Buffer Overflow
CERT-VN
VU#804780
BID
8534
MS
MS03-037
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
cpe:/a:microsoft:windows_media_player:9
CVE-2003-0348
2003-07-24T00:00:00.000-04:00
2018-10-12T17:32:40.693-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
CERT-VN
VU#320516
BID
8034
MS
MS03-021
XF
mediaplayer-activex-obtain-information(12440)
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
cpe:/o:microsoft:windows_2000
CVE-2003-0349
2003-07-24T00:00:00.000-04:00
2018-10-12T17:32:41.083-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030626 Windows Media Services Remote Command Execution #2
SECTRACK
1007059
CERT-VN
VU#113716
NTBUGTRAQ
20030626 Windows Media Services Remote Command Execution #2
MS
MS03-022
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
CVE-2003-0350
2003-08-18T00:00:00.000-04:00
2019-04-30T10:27:13.710-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030709 Microsoft Utility Manager Local Privilege Escalation
BUGTRAQ
20030709 Microsoft Utility Manager Local Privilege Escalation
MISC
http://www.ngssoftware.com/advisories/utilitymanager.txt
BID
8154
MS
MS03-025
XF
win2k-accessibility-gain-privileges(12543)
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
CVE-2003-0351
2003-12-31T00:00:00.000-05:00
2008-09-10T15:18:42.133-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0352
2003-08-18T00:00:00.000-04:00
2019-04-30T10:27:13.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030726 Re: The French BUGTRAQ (New Win RPC Exploit)
FULLDISC
20030730 rpcdcom Universal offsets
BUGTRAQ
20030716 [LSD] Critical security vulnerability in Microsoft Operating Systems
BUGTRAQ
20030725 The Analysis of LSD's Buffer Overrun in Windows RPC Interface(code revised )
CERT
CA-2003-16
CERT
CA-2003-19
CERT-VN
VU#568148
BID
8205
MISC
http://www.xfocus.org/documents/200307/2.html
MS
MS03-026
XF
win-rpc-dcom-bo(12629)
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
cpe:/a:microsoft:data_access_components:1.5
cpe:/a:microsoft:data_access_components:2.0
cpe:/a:microsoft:data_access_components:2.1
cpe:/a:microsoft:data_access_components:2.1.1.3711.11:ga
cpe:/a:microsoft:data_access_components:2.5
cpe:/a:microsoft:data_access_components:2.5:gold
cpe:/a:microsoft:data_access_components:2.5:sp1
cpe:/a:microsoft:data_access_components:2.5:sp2
cpe:/a:microsoft:data_access_components:2.6
cpe:/a:microsoft:data_access_components:2.6:gold
cpe:/a:microsoft:data_access_components:2.6:sp1
cpe:/a:microsoft:data_access_components:2.6:sp2
cpe:/a:microsoft:data_access_components:2.7
cpe:/a:microsoft:data_access_components:2.7:gold
cpe:/a:microsoft:data_access_components:2.12.4202.3
CVE-2003-0353
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:44.460-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities
NTBUGTRAQ
20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities
BID
8455
MS
MS03-033
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0::i386
CVE-2003-0354
2003-06-16T00:00:00.000-04:00
2017-10-10T21:29:09.370-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030603 [OpenPKG-SA-2003.030] OpenPKG Security Advisory (ghostscript)
MANDRAKE
MDKSA-2003:065
REDHAT
RHSA-2003:181
REDHAT
RHSA-2003:182
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
cpe:/a:apple:safari:1.0
cpe:/a:kde:konqueror_embedded
CVE-2003-0355
2003-06-09T00:00:00.000-04:00
2008-09-05T16:34:07.440-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
BUGTRAQ
20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
cpe:/a:ethereal_group:ethereal:0.9.11
CVE-2003-0356
2003-06-09T00:00:00.000-04:00
2017-10-10T21:29:09.433-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-313
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00009.html
CERT-VN
VU#641013
MANDRAKE
MDKSA-2003:067
REDHAT
RHSA-2003:077
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
cpe:/a:ethereal_group:ethereal:0.9.11
CVE-2003-0357
2003-06-09T00:00:00.000-04:00
2017-10-10T21:29:09.510-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
REDHAT
RHSA-2003:077
DEBIAN
DSA-313
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00009.html
CERT-VN
VU#232164
CERT-VN
VU#361700
MANDRAKE
MDKSA-2003:067
BID
7494
BID
7495
Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.
CVE-2003-0358
2003-06-09T00:00:00.000-04:00
2017-07-10T21:29:31.883-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
CONFIRM
http://nethack.sourceforge.net/v340/bugmore/secpatch.txt
DEBIAN
DSA-316
DEBIAN
DSA-350
BUGTRAQ
20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow
BID
6806
XF
nethack-s-command-bo(11283)
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
cpe:/a:stichting_mathematisch_centrum:nethack:3.4.0
CVE-2003-0359
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:08.003-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-316
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
cpe:/o:debian:debian_linux:0.9.1::woody_gps_package
cpe:/o:debian:debian_linux:0.9.2::woody_gps_package
cpe:/o:debian:debian_linux:0.9.3::woody_gps_package
cpe:/o:debian:debian_linux:0.9.4::woody_gps_package
CVE-2003-0360
2003-06-09T00:00:00.000-04:00
2008-09-05T16:34:08.177-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://gps.seul.org/changelog.html
DEBIAN
DSA-307
Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
cpe:/o:debian:debian_linux:0.9.1::woody_gps_package
cpe:/o:debian:debian_linux:0.9.2::woody_gps_package
cpe:/o:debian:debian_linux:0.9.3::woody_gps_package
cpe:/o:debian:debian_linux:0.9.4::woody_gps_package
CVE-2003-0361
2003-06-09T00:00:00.000-04:00
2008-09-05T16:34:08.317-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://gps.seul.org/changelog.html
DEBIAN
DSA-307
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.
cpe:/o:debian:debian_linux:0.9.1::woody_gps_package
cpe:/o:debian:debian_linux:0.9.2::woody_gps_package
cpe:/o:debian:debian_linux:0.9.3::woody_gps_package
cpe:/o:debian:debian_linux:0.9.4::woody_gps_package
CVE-2003-0362
2003-06-09T00:00:00.000-04:00
2008-09-05T16:34:08.487-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://gps.seul.org/changelog.html
DEBIAN
DSA-307
Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.
cpe:/a:licq:licq:1.0.3
cpe:/a:licq:licq:1.2.6
CVE-2003-0363
2003-12-31T00:00:00.000-05:00
2008-09-05T16:34:08.660-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2005-05-24T18:19:00.000-04:00
MISC
http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf
Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers.
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0
CVE-2003-0364
2003-06-16T00:00:00.000-04:00
2017-10-10T21:29:09.607-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
DEBIAN
DSA-311
DEBIAN
DSA-312
DEBIAN
DSA-332
DEBIAN
DSA-336
DEBIAN
DSA-442
REDHAT
RHSA-2003:187
REDHAT
RHSA-2003:195
REDHAT
RHSA-2003:198
TURBO
TLSA-2003-41
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
cpe:/a:icq_inc:icqlite:2003a
CVE-2003-0365
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:00.837-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030529 ICQLite executable trojaning
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs.
cpe:/a:lysator:lyskom-server:2.0.7
CVE-2003-0366
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:09.080-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-318
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
cpe:/a:gnu:gzip:1.3.5
cpe:/o:debian:debian_linux:2.2
cpe:/o:debian:debian_linux:3.0
CVE-2003-0367
2003-07-02T00:00:00.000-04:00
2019-05-23T10:04:52.373-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2019-05-23T08:45:11.260-04:00
DEBIAN
DSA-308
MANDRAKE
MDKSA-2003:068
CONFIRM
http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
BID
7872
TURBO
TLSA-2003-38
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
cpe:/a:nokia:ggsn:release_1
CVE-2003-0368
2004-02-03T00:00:00.000-05:00
2017-07-10T21:29:31.947-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
ATSTAKE
A060903-1
CERT-VN
VU#924812
BID
7854
XF
nokia-ggsn-ip-dos(12221)
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
cpe:/a:apple:safari:1.0:beta
cpe:/a:apple:safari:1.0:beta2
cpe:/a:kde:konqueror_embedded:0.1
cpe:/o:kde:kde:2.2.2
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:turbolinux:turbolinux_server:7.0
cpe:/o:turbolinux:turbolinux_server:8.0
cpe:/o:turbolinux:turbolinux_workstation:7.0
cpe:/o:turbolinux:turbolinux_workstation:8.0
CVE-2003-0370
2003-06-16T00:00:00.000-04:00
2008-09-10T15:18:47.117-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
FULLDISC
20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability
DEBIAN
DSA-361
CONFIRM
http://www.kde.org/info/security/advisory-20030602-1.txt
REDHAT
RHSA-2003:192
REDHAT
RHSA-2003:193
BUGTRAQ
20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.
BID
7520
TURBO
TLSA-2003-36
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
cpe:/a:prishtina_soft:prishtina_ftp:v.1
CVE-2003-0371
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:01.947-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030522 Prishtina FTP v.1.*: remote DoS
Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner.
cpe:/a:nessus:nessus:2.0.5
CVE-2003-0372
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:03.167-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030522 Potential security vulnerability in Nessus
BUGTRAQ
20030523 nessus NASL scripting engine security issues
BID
7664
Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.
cpe:/a:nessus:nessus:2.0.5
CVE-2003-0373
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:04.387-04:00
4.4
LOCAL
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030522 Potential security vulnerability in Nessus
BUGTRAQ
20030523 nessus NASL scripting engine security issues
BID
7664
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function.
cpe:/a:nessus:nessus:2.0.5
CVE-2003-0374
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:05.947-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030522 Potential security vulnerability in Nessus
BID
7664
Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus."
cpe:/a:xmb_forum:xmb:1.6
cpe:/a:xmb_forum:xmb:1.8
cpe:/a:xmb_forum:xmb:1.11
CVE-2003-0375
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:07.090-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
MISC
http://forums.xmbforum.com/viewthread.php?tid=773046
BUGTRAQ
20030522 XMB 1.8 Partagium cross site scripting vulnerability
BID
7662
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter.
cpe:/a:qualcomm:eudora:5.2.1
CVE-2003-0376
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:08.137-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030523 Eudora 5.2.1 buffer overflow DoS
Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . (dot) characters.
cpe:/a:iisprotect:iisprotect:2.2_r4
CVE-2003-0377
2003-06-16T00:00:00.000-04:00
2016-10-17T22:33:09.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030523 iisPROTECT SQL injection in admin interface
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
cpe:/o:apple:mac_os_x:10.2
CVE-2003-0378
2003-06-16T00:00:00.000-04:00
2008-09-05T16:34:10.817-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=107579
CERT-VN
VU#467828
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.
cpe:/a:apple:afp_server
CVE-2003-0379
2003-07-24T00:00:00.000-04:00
2011-03-07T21:12:32.517-05:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00030.html
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.
cpe:/a:atftpd:atftpd:0.6.0
cpe:/a:atftpd:atftpd:0.6.1.1
CVE-2003-0380
2003-07-02T00:00:00.000-04:00
2008-09-05T16:34:11.113-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030606 atftpd bug
DEBIAN
DSA-314
VULN-DEV
20030604 possible remote buffer overflow in atftpd
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
cpe:/a:norman_ramsey:noweb:2.9
CVE-2003-0381
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:11.267-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-323
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
cpe:/a:michael_jennings:eterm:0.9.1
cpe:/a:michael_jennings:eterm:0.9.2
cpe:/o:debian:debian_linux:2.3
cpe:/o:debian:debian_linux:3.0
CVE-2003-0382
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:10.777-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030509 BAZARR CODE NINER PINK TEAM GO GO GO
DEBIAN
DSA-309
BID
7708
Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.
cpe:/o:debian:debian_linux:3.0.18::potato
cpe:/o:debian:debian_linux:3.0.23::woody
CVE-2003-0385
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:11.917-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030605 BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS
DEBIAN
DSA-310
Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option.
cpe:/a:openbsd:openssh:3.6.1
CVE-2003-0386
2003-07-02T00:00:00.000-04:00
2017-10-10T21:29:09.667-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SGI
20060703-01-P
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
CERT-VN
VU#978316
REDHAT
RHSA-2006:0298
REDHAT
RHSA-2006:0698
BUGTRAQ
20030605 OpenSSH remote clent address restriction circumvention
BID
7831
CONFIRM
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
cpe:/o:andrew_morgan:linux_pam:0.77
CVE-2003-0388
2003-07-24T00:00:00.000-04:00
2016-10-17T22:33:13.137-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030616 FW: iDEFENSE Security Advisory 06.16.03: Linux-PAM getlogin() Spoofing
MISC
http://www.idefense.com/advisory/06.16.03.txt
REDHAT
RHSA-2004:304
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
cpe:/a:rsa:ace_agent:5.0
CVE-2003-0389
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:11.957-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
VULNWATCH
20030619 R7-0014: RSA SecurID ACE Agent Cross Site Scripting
MISC
http://www.rapid7.com/advisories/R7-0014.html
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
cpe:/a:james_theiler:opt:3.18
CVE-2003-0390
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:14.480-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030424 SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.
BUGTRAQ
20030523 Re: Options Parsing Tool library buffer overflows.
CONFIRM
http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
cpe:/a:amax_information_technologies:magic_winmail_server:2.3
CVE-2003-0391
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:15.903-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030523 Magic Winmail Server
MISC
http://www.magicwinmail.net/changelog.asp
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.
cpe:/a:st:ftp_service:3.0
CVE-2003-0392
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:17.373-04:00
6.4
NETWORK
LOW
NONE
NONE
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030523 ST FTP Service v3.0: directory traversal
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).
cpe:/a:privacyware:privatefirewall:3.0
CVE-2003-0393
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:18.623-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030524 Some problems in Privatefirewall 3.0
BID
7700
Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans.
cpe:/a:blnews:blnews:2.1.3
CVE-2003-0394
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:19.810-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030524 PHP source code injection in BLNews
BID
7677
objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site.
cpe:/a:php_outburst:ultimate_php_board_upb:1.9
CVE-2003-0395
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:21.310-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
MISC
http://f0kp.iplus.ru/bz/024.en.txt
BUGTRAQ
20030524 UPB: Discussion Board/Web-Site Takeover
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
cpe:/a:linux-atm:linux-atm:2.4
CVE-2003-0396
2003-07-02T00:00:00.000-04:00
2017-07-10T21:29:31.993-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030428 ATM on Linux Exploit Code Release (les, local)
BUGTRAQ
20030524 ATM on linux Exploit(les,local)
MISC
http://sourceforge.net/project/shownotes.php?release_id=156242
MISC
http://www.securiteam.com/exploits/5EP0M1P9PO.html
BID
7437
XF
atmonlinux-les-command-bo(11903)
Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument.
cpe:/a:sharman_networks:kazaa:v2.0.2
CVE-2003-0397
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:23.763-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030526 The PACKET 0' DEATH FastTrack network vulnerability
XF
fastrack-packet-0-bo(12086)
BID
7680
Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 and possibly other versions and products, allows remote attackers to execute arbitrary code via a packet containing a large list of supernodes, aka "Packet 0' death."
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:7.0
cpe:/a:vignette:storyserver:4.0
cpe:/a:vignette:storyserver:4.1
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0398
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:25.013-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-016 - Vignette SSI Injection
XF
vignette-ssi-command-execution(12077)
MISC
http://www.s21sec.com/es/avisos/s21sec-016-en.txt
BID
7685
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:7.0
cpe:/a:vignette:storyserver:4.0
cpe:/a:vignette:storyserver:4.1
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0399
2003-07-02T00:00:00.000-04:00
2016-10-17T22:33:26.187-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-017 - Vignette /vgn/legacy/save SQL access
XF
vignette-save-obtain-information(12076)
MISC
http://www.s21sec.com/es/avisos/s21sec-017-en.txt
BID
7683
Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:storyserver:4.0
cpe:/a:vignette:storyserver:4.1
cpe:/a:vignette:storyserver:4.2
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0400
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:27.453-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-018 - Vignette memory leak AIX Platform
XF
vignette-memory-leak(12075)
MISC
http://www.s21sec.com/es/avisos/s21sec-018-en.txt
BID
7684
Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports.
cpe:/a:vignette:content_suite:5.0
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:7.0
cpe:/a:vignette:storyserver:4.0
cpe:/a:vignette:storyserver:4.1
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0401
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:28.780-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-019 - Vignette /vgn/style internal information leak
XF
vignette-style-info-disclosure(12074)
MISC
http://www.s21sec.com/es/avisos/s21sec-019-en.txt
BID
7688
Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template.
cpe:/a:vignette:content_suite:5.0
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:7.0
cpe:/a:vignette:storyserver:4.0
cpe:/a:vignette:storyserver:4.1
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0402
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:30.017-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-020 - Vignette user enumeration
XF
vignette-login-account-bruteforce(12073)
MISC
http://www.s21sec.com/en/avisos/s21sec-020-en.txt
BID
7691
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks.
cpe:/a:vignette:content_suite:5.0
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:7.0
cpe:/a:vignette:storyserver:4.0
cpe:/a:vignette:storyserver:4.1
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0403
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:31.170-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-021 - Vignette License access and modification
XF
vignette-license-modification(12072)
MISC
http://www.s21sec.com/es/avisos/s21sec-021-en.txt
BID
7694
Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template.
cpe:/a:vignette:content_suite:5.0
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:7.0
cpe:/a:vignette:storyserver:4.0
cpe:/a:vignette:storyserver:4.1
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0404
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:32.407-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities
XF
vignette-multiple-xss(12071)
MISC
http://www.s21sec.com/es/avisos/s21sec-023-en.txt
BID
7687
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
cpe:/a:vignette:content_suite:5.0
cpe:/a:vignette:content_suite:6.0
cpe:/a:vignette:content_suite:6.0.1
cpe:/a:vignette:content_suite:6.0.2
cpe:/a:vignette:content_suite:6.0.3
cpe:/a:vignette:storyserver:5.0
cpe:/a:vignette:vignette:5.0
CVE-2003-0405
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:33.733-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 S21SEC-024 - Vignette TCL Injection
XF
vignette-tcl-code-execution(12070)
MISC
http://www.s21sec.com/es/avisos/s21sec-024-en.txt
BID
7690
BID
7692
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
cpe:/a:palmvnc:palmvnc:1.40
CVE-2003-0406
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:34.877-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030526 PalmVNC 1.40 Insecure Records
XF
palmvnc-plaintext-passwords(12083)
BID
7696
PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges.
cpe:/a:gnome:batalla_naval:1.0_4
CVE-2003-0407
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:36.030-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030526 [Priv8security_Advisory]_Batalla_Naval_remote_overflow
XF
batalla-naval-bo(12087)
BID
7699
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
cpe:/a:the_uptimes_project:upclient:5.0b7
CVE-2003-0408
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:37.267-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030527 NuxAcid#002 - Buffer Overflow in UpClient
XF
upclient-command-line-bo(12131)
BID
7703
Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument.
cpe:/a:brs:webweaver:1.0.4
CVE-2003-0409
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:38.890-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030527 BRS WebWeaver: POST and HEAD Overflaws
XF
webweaver-head-post-bo(12107)
BID
7695
Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.
cpe:/a:analogx:proxy:4.13
CVE-2003-0410
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:40.203-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030526 NII Advisory - Buffer Overflow in Analogx Proxy
BUGTRAQ
20030526 NII Advisory - Buffer Overflow in Analogx Proxy
CONFIRM
http://www.analogx.com/contents/download/network/proxy.htm
XF
analogx-proxy-url-bo(12068)
BID
7681
Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execute arbitrary code via a long URL to port 6588.
cpe:/a:sun:one_application_server:7.0::platform
cpe:/a:sun:one_application_server:7.0::standard
CVE-2003-0411
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:41.330-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 Multiple Vulnerabilities in Sun-One Application Server
SUNALERT
55221
SUNALERT
1000610
CIAC
N-103
XF
sunone-jsp-source-disclosure(12093)
BID
7709
MISC
http://www.spidynamics.com/sunone_alert.html
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
cpe:/a:sun:one_application_server:7.0
CVE-2003-0412
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:42.813-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030526 Multiple Vulnerabilities in Sun-One Application Server
SUNALERT
55221
SUNALERT
1000610
CIAC
N-103
BID
7711
MISC
http://www.spidynamics.com/sunone_alert.html
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.
cpe:/a:sun:one_application_server:7.0
CVE-2003-0413
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:44.063-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030526 Multiple Vulnerabilities in Sun-One Application Server
SUNALERT
55221
SUNALERT
57605
SUNALERT
201009
SUNALERT
1000610
CIAC
N-103
XF
sunone-http-error-xss(12095)
BID
7710
MISC
http://www.spidynamics.com/sunone_alert.html
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
cpe:/a:sun:one_application_server:7.0
CVE-2003-0414
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:45.283-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030526 Multiple Vulnerabilities in Sun-One Application Server
SUNALERT
55221
SUNALERT
1000610
CIAC
N-103
XF
sunone-insecure-file-permissions(12096)
BID
7712
MISC
http://www.spidynamics.com/sunone_alert.html
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.
cpe:/a:access-remote-pc.com:remote_pc_access:2.2
CVE-2003-0415
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:46.517-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030528 Remote PC Access Server 2.2 Vulnerability
BID
7698
MISC
http://www.ytech.co.il/advisories/rpca/rpcaccess.htm
Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server.
cpe:/a:bandmin:bandmin:1.4
CVE-2003-0416
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:47.923-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030528 Bandmin 1.4 XSS Exploit
XF
bandmin-index-xss(12108)
BID
7729
Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action.
cpe:/a:super-m:son_hserver:0.2
CVE-2003-0417
2003-06-30T00:00:00.000-04:00
2016-10-17T22:33:49.207-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030529 Son hServer v0.2: directory traversal
XF
sonhserver-pipe-directory-traversal(12103)
BID
7717
Directory traversal vulnerability in Son hServer 0.2 allows remote attackers to read arbitrary files via ".|." (modified dot-dot) sequences.
cpe:/o:linux:linux_kernel:2.0
cpe:/o:linux:linux_kernel:2.0.1
cpe:/o:linux:linux_kernel:2.0.2
cpe:/o:linux:linux_kernel:2.0.3
cpe:/o:linux:linux_kernel:2.0.4
cpe:/o:linux:linux_kernel:2.0.5
cpe:/o:linux:linux_kernel:2.0.6
cpe:/o:linux:linux_kernel:2.0.7
cpe:/o:linux:linux_kernel:2.0.8
cpe:/o:linux:linux_kernel:2.0.9
cpe:/o:linux:linux_kernel:2.0.10
cpe:/o:linux:linux_kernel:2.0.11
cpe:/o:linux:linux_kernel:2.0.12
cpe:/o:linux:linux_kernel:2.0.13
cpe:/o:linux:linux_kernel:2.0.14
cpe:/o:linux:linux_kernel:2.0.15
cpe:/o:linux:linux_kernel:2.0.16
cpe:/o:linux:linux_kernel:2.0.17
cpe:/o:linux:linux_kernel:2.0.18
cpe:/o:linux:linux_kernel:2.0.19
cpe:/o:linux:linux_kernel:2.0.20
cpe:/o:linux:linux_kernel:2.0.21
cpe:/o:linux:linux_kernel:2.0.22
cpe:/o:linux:linux_kernel:2.0.23
cpe:/o:linux:linux_kernel:2.0.24
cpe:/o:linux:linux_kernel:2.0.25
cpe:/o:linux:linux_kernel:2.0.26
cpe:/o:linux:linux_kernel:2.0.27
cpe:/o:linux:linux_kernel:2.0.28
cpe:/o:linux:linux_kernel:2.0.29
cpe:/o:linux:linux_kernel:2.0.30
cpe:/o:linux:linux_kernel:2.0.31
cpe:/o:linux:linux_kernel:2.0.32
cpe:/o:linux:linux_kernel:2.0.33
cpe:/o:linux:linux_kernel:2.0.34
cpe:/o:linux:linux_kernel:2.0.35
cpe:/o:linux:linux_kernel:2.0.36
cpe:/o:linux:linux_kernel:2.0.37
cpe:/o:linux:linux_kernel:2.0.38
cpe:/o:linux:linux_kernel:2.0.39
CVE-2003-0418
2003-07-24T00:00:00.000-04:00
2016-10-17T22:33:50.393-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030609 Linux 2.0 remote info leak from too big icmp citation
MISC
http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
CERT-VN
VU#471084
The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.
cpe:/h:smc_networks:barricade_wireless_cable_dsl_broadband_router:smc7004vwbr
CVE-2003-0419
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:16.487-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
MISC
http://www.idefense.com/advisory/06.11.03.txt
SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface.
cpe:/o:apple:mac_os_x_server:10.2.6
CVE-2003-0420
2003-06-13T00:00:00.000-04:00
2017-07-10T21:29:32.057-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
AUSCERT
ESB-2003.0415
MISC
http://www.kb.cert.org/vuls/id/JPLA-5NTL8E
BID
7894
XF
macos-dsimportexport-obtain-information(12342)
Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
cpe:/a:apple:darwin_streaming_server:4.1.3
CVE-2003-0421
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:16.783-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
MISC
http://www.rapid7.com/advisories/R7-0015.html
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
cpe:/a:apple:darwin_streaming_server:4.1.3
CVE-2003-0422
2003-08-27T00:00:00.000-04:00
2008-09-10T15:18:59.103-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
VULNWATCH
20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
MISC
http://www.rapid7.com/advisories/R7-0015.html
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
cpe:/a:apple:darwin_streaming_server:4.1.3
CVE-2003-0423
2003-08-27T00:00:00.000-04:00
2008-09-10T15:18:59.163-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
VULNWATCH
20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
MISC
http://www.rapid7.com/advisories/R7-0015.html
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
cpe:/a:apple:darwin_streaming_server:4.1.3
CVE-2003-0424
2003-08-27T00:00:00.000-04:00
2008-09-10T15:18:59.243-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
VULNWATCH
20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
MISC
http://www.rapid7.com/advisories/R7-0015.html
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
cpe:/a:apple:darwin_streaming_server:4.1.3
CVE-2003-0425
2003-08-27T00:00:00.000-04:00
2008-09-10T15:18:59.307-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
VULNWATCH
20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
MISC
http://www.rapid7.com/advisories/R7-0015.html
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
cpe:/a:apple:darwin_streaming_server:4.1.3
CVE-2003-0426
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:17.503-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
MISC
http://www.rapid7.com/advisories/R7-0015.html
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
cpe:/a:miod_vallat:mikmod:3.1.6
CVE-2003-0427
2003-07-24T00:00:00.000-04:00
2017-10-10T21:29:09.730-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-320
REDHAT
RHSA-2005:506
Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
cpe:/a:ethereal_group:ethereal:0.9.12
CVE-2003-0428
2003-07-24T00:00:00.000-04:00
2017-10-10T21:29:09.807-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SCO
CSSA-2003-030.0
CONECTIVA
CLA-2003:662
DEBIAN
DSA-324
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00010.html
CERT-VN
VU#542540
REDHAT
RHSA-2003:077
Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.
cpe:/a:ethereal_group:ethereal:0.9.12
CVE-2003-0429
2003-07-24T00:00:00.000-04:00
2017-10-10T21:29:09.870-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SCO
CSSA-2003-030.0
CONECTIVA
CLA-2003:662
DEBIAN
DSA-324
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00010.html
REDHAT
RHSA-2003:077
The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.
cpe:/a:ethereal_group:ethereal:0.9.12
CVE-2003-0430
2003-07-24T00:00:00.000-04:00
2017-10-10T21:29:09.933-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SCO
CSSA-2003-030.0
CONECTIVA
CLA-2003:662
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00010.html
REDHAT
RHSA-2003:077
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.
cpe:/a:ethereal_group:ethereal:0.9.12
CVE-2003-0431
2003-07-24T00:00:00.000-04:00
2017-10-10T21:29:09.997-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
SCO
CSSA-2003-030.0
CONECTIVA
CLA-2003:662
DEBIAN
DSA-324
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00010.html
REDHAT
RHSA-2003:077
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.
cpe:/a:ethereal_group:ethereal:0.9.12
CVE-2003-0432
2003-07-24T00:00:00.000-04:00
2017-10-10T21:29:10.073-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
SCO
CSSA-2003-030.0
CONECTIVA
CLA-2003:662
DEBIAN
DSA-324
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00010.html
REDHAT
RHSA-2003:077
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.
cpe:/a:gnocatan-develop:gnocatan:0.6.1
CVE-2003-0433
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:18.487-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-315
Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code.
cpe:/a:adobe:acrobat:5.0.6
cpe:/a:xpdf:xpdf:1.1
cpe:/o:mandrakesoft:mandrake_linux:9.0
cpe:/o:mandrakesoft:mandrake_linux:9.1
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium
CVE-2003-0434
2003-07-24T00:00:00.000-04:00
2017-10-10T21:29:10.137-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030613 -10Day CERT Advisory on PDF Files
BUGTRAQ
20030709 xpdf vulnerability - CAN-2003-0434
CERT-VN
VU#200132
MANDRAKE
MDKSA-2003:071
REDHAT
RHSA-2003:196
REDHAT
RHSA-2003:197
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
cpe:/a:typespeed:typespeed:0.4.1
CVE-2003-0435
2003-07-24T00:00:00.000-04:00
2016-10-17T22:33:53.223-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030612 BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU
DEBIAN
DSA-322
Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code.
cpe:/a:mnogosearch:mnogosearch:3.1.20
CVE-2003-0436
2003-07-24T00:00:00.000-04:00
2008-09-10T15:19:00.447-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
FULLDISC
20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow
BID
7865
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
cpe:/a:mnogosearch:mnogosearch:3.2.10
CVE-2003-0437
2003-07-24T00:00:00.000-04:00
2008-09-10T15:19:00.523-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
FULLDISC
20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow
BID
7866
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.
cpe:/a:yuuichi_teranishi:eldav:0.7.2
CVE-2003-0438
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:19.253-04:00
1.2
LOCAL
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-325
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
CVE-2003-0439
2017-05-11T10:29:00.837-04:00
2017-05-11T10:29:00.837-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:semi:semi:1.14.3
cpe:/o:debian:debian_linux:3.0
CVE-2003-0440
2003-08-18T00:00:00.000-04:00
2017-10-10T21:29:10.213-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-339
REDHAT
RHSA-2003:231
REDHAT
RHSA-2003:234
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
cpe:/a:orville-write:orville-write:2.53
CVE-2003-0441
2004-03-03T00:00:00.000-05:00
2017-07-10T21:29:32.103-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-326
BID
7988
XF
orvillewrite-variables-bo(12381)
Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges.
cpe:/a:php:php:4.3.1
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0
CVE-2003-0442
2003-07-24T00:00:00.000-04:00
2018-05-02T21:29:20.257-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONECTIVA
CLSA-2003:691
BUGTRAQ
20030530 PHP Trans SID XSS (Was: New php release with security fixes)
BUGTRAQ
20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
MISC
http://shh.thathost.com/secadv/2003-05-11-php.txt
CIAC
N-112
DEBIAN
DSA-351
MANDRAKE
MDKSA-2003:082
REDHAT
RHSA-2003:204
BID
7761
SECTRACK
1008653
TURBO
TLSA-2003-47
XF
php-session-id-xss(12259)
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
cpe:/a:gtksee:gtksee:0.5
cpe:/a:gtksee:gtksee:0.5.1
CVE-2003-0444
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:32.243-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
DEBIAN
DSA-337
BID
8061
XF
gtksee-png-bo(12462)
Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths.
cpe:/a:webfs:webfs:1.17
CVE-2003-0445
2003-07-24T00:00:00.000-04:00
2008-09-05T16:34:19.970-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-328
Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:6.0
CVE-2003-0446
2003-07-24T00:00:00.000-04:00
2017-07-10T21:29:32.323-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
FULLDISC
20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
BUGTRAQ
20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
BUGTRAQ
20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files
NTBUGTRAQ
20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
MISC
http://security.greymagic.com/adv/gm013-ie/
BID
7938
XF
ie-msxml-xss(12334)
Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.
cpe:/a:microsoft:ie:5.01
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:6.0
CVE-2003-0447
2003-07-24T00:00:00.000-04:00
2016-10-17T22:33:57.003-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
BUGTRAQ
20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
NTBUGTRAQ
20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
MISC
http://security.greymagic.com/adv/gm014-ie/
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
cpe:/a:aboleo.net:portmon:1.7
CVE-2003-0448
2003-07-24T00:00:00.000-04:00
2016-10-17T22:33:58.160-04:00
3.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030618 Portmon file arbitrary read/write access vulnerability
Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.
cpe:/a:progress:database:9.1
CVE-2003-0449
2003-08-07T00:00:00.000-04:00
2016-10-17T22:33:59.440-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue
BUGTRAQ
20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue
MISC
http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt
MISC
http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
cpe:/a:cistron:radius_daemon:1.6.6
CVE-2003-0450
2003-08-07T00:00:00.000-04:00
2008-09-10T15:19:02.743-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
MISC
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063
CONECTIVA
CLA-2003:664
DEBIAN
DSA-321
SUSE
SuSE-SA:2003:030
TURBO
TLSA-2003-40
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
cpe:/a:xblockout:xbl:1.0j
CVE-2003-0451
2003-08-07T00:00:00.000-04:00
2008-09-05T16:34:20.847-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-327
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments.
cpe:/a:gunnar_ritter:osh:1.7-10
CVE-2003-0452
2003-08-07T00:00:00.000-04:00
2008-09-05T16:34:20.987-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-329
Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections."
cpe:/a:ehud_gavron:traceroute-nanog:6.1.1
CVE-2003-0453
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:00.817-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030620 BAZARR FAREWELL
DEBIAN
DSA-348
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
cpe:/a:joe_rumsey:xgalaga:2.0.34
CVE-2003-0454
2003-08-07T00:00:00.000-04:00
2008-09-05T16:34:21.283-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-334
Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable.
cpe:/a:imagemagick:libmagick_library:5.5
CVE-2003-0455
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:01.973-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030710 [OpenPKG-SA-2003.034] OpenPKG Security Advisory (imagemagick)
DEBIAN
DSA-331
REDHAT
RHSA-2004:494
The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.
cpe:/a:deerfield:visnetic_website:3.5.13
cpe:/a:deerfield:visnetic_website:3.5.15
cpe:/a:deerfield:visnetic_website:3.5.17
CVE-2003-0456
2003-08-18T00:00:00.000-04:00
2017-07-10T21:29:32.383-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
VULNWATCH
20030701 VisNetic WebSite Path Disclosure Vulnerability
BUGTRAQ
20030701 VisNetic WebSite Path Disclosure Vulnerability
MISC
http://www.krusesecurity.dk/advisories/vis0103.txt
BID
8075
XF
visnetic-website-path-disclosure(12483)
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
cpe:/a:hp:nonstop_seeview_server_gateway:d40.00
cpe:/a:hp:nonstop_seeview_server_gateway:d41.00
cpe:/a:hp:nonstop_seeview_server_gateway:d42.00
cpe:/a:hp:nonstop_seeview_server_gateway:d42.01
cpe:/a:hp:nonstop_seeview_server_gateway:d43.00
cpe:/a:hp:nonstop_seeview_server_gateway:d43.01
cpe:/a:hp:nonstop_seeview_server_gateway:d43.02
cpe:/a:hp:nonstop_seeview_server_gateway:d44.00
cpe:/a:hp:nonstop_seeview_server_gateway:d44.01
cpe:/a:hp:nonstop_seeview_server_gateway:d44.02
cpe:/a:hp:nonstop_seeview_server_gateway:d45.00
cpe:/a:hp:nonstop_seeview_server_gateway:d45.01
cpe:/a:hp:nonstop_seeview_server_gateway:d46.00
cpe:/a:hp:nonstop_seeview_server_gateway:d47.00
cpe:/a:hp:nonstop_seeview_server_gateway:d48.00
cpe:/a:hp:nonstop_seeview_server_gateway:d48.01
cpe:/a:hp:nonstop_seeview_server_gateway:d48.02
cpe:/a:hp:nonstop_seeview_server_gateway:d48.03
cpe:/a:hp:nonstop_seeview_server_gateway:g01.00
cpe:/a:hp:nonstop_seeview_server_gateway:g02.00
cpe:/a:hp:nonstop_seeview_server_gateway:g03.00
cpe:/a:hp:nonstop_seeview_server_gateway:g04.00
cpe:/a:hp:nonstop_seeview_server_gateway:g05.00
cpe:/a:hp:nonstop_seeview_server_gateway:g05.01
cpe:/a:hp:nonstop_seeview_server_gateway:g06.00
cpe:/a:hp:nonstop_seeview_server_gateway:g06.01
cpe:/a:hp:nonstop_seeview_server_gateway:g06.03
cpe:/a:hp:nonstop_seeview_server_gateway:g06.04
cpe:/a:hp:nonstop_seeview_server_gateway:g06.05
cpe:/a:hp:nonstop_seeview_server_gateway:g06.06
cpe:/a:hp:nonstop_seeview_server_gateway:g06.07
cpe:/a:hp:nonstop_seeview_server_gateway:g06.08
cpe:/a:hp:nonstop_seeview_server_gateway:g06.09
cpe:/a:hp:nonstop_seeview_server_gateway:g06.10
cpe:/a:hp:nonstop_seeview_server_gateway:g06.11
cpe:/a:hp:nonstop_seeview_server_gateway:g06.12
cpe:/a:hp:nonstop_seeview_server_gateway:g06.13
cpe:/a:hp:nonstop_seeview_server_gateway:g06.14
cpe:/a:hp:nonstop_seeview_server_gateway:g06.15
cpe:/a:hp:nonstop_seeview_server_gateway:g06.16
cpe:/a:hp:nonstop_seeview_server_gateway:g06.17
cpe:/a:hp:nonstop_seeview_server_gateway:g06.18
cpe:/a:hp:nonstop_seeview_server_gateway:g06.19
cpe:/a:hp:nonstop_seeview_server_gateway:g06.20
CVE-2003-0458
2003-08-18T00:00:00.000-04:00
2008-09-05T16:34:21.690-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
HP
SSRT3488
BID
8080
Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges.
cpe:/a:kde:konqueror:2.1.1
cpe:/a:kde:konqueror:2.2.2
cpe:/a:kde:konqueror:3.0
cpe:/a:kde:konqueror:3.0.1
cpe:/a:kde:konqueror:3.0.2
cpe:/a:kde:konqueror:3.0.3
cpe:/a:kde:konqueror:3.0.5
cpe:/a:kde:konqueror:3.1
cpe:/a:kde:konqueror:3.1.1
cpe:/a:kde:konqueror:3.1.2
cpe:/a:kde:konqueror_embedded:0.1
cpe:/a:redhat:analog_real-time_synthesizer:2.1.1-5::i386
cpe:/a:redhat:analog_real-time_synthesizer:2.2-11::i386
cpe:/a:redhat:analog_real-time_synthesizer:2.2-11::ia64
cpe:/a:redhat:kdebase:3.0.3-13::i386
cpe:/a:redhat:kdebase:3.0.3-13::i386_dev
cpe:/a:redhat:kdelibs:2.1.1-5::i386
cpe:/a:redhat:kdelibs:2.2-11::i386
cpe:/a:redhat:kdelibs:2.2-11::ia64
cpe:/a:redhat:kdelibs:3.0.0-10::i386
cpe:/a:redhat:kdelibs:3.1-10::i386
cpe:/a:redhat:kdelibs_devel:2.1.1-5::i386_dev
cpe:/a:redhat:kdelibs_devel:2.2-11::i386_dev
cpe:/a:redhat:kdelibs_devel:2.2-11::ia64_dev
cpe:/a:redhat:kdelibs_devel:3.0.0-10::i386_dev
cpe:/a:redhat:kdelibs_devel:3.0.3-8::i386_dev
cpe:/a:redhat:kdelibs_devel:3.1-10::i386_dev
cpe:/a:redhat:kdelibs_sound:2.1.1-5::i386_sound
cpe:/a:redhat:kdelibs_sound:2.2-11::i386_sound
cpe:/a:redhat:kdelibs_sound:2.2-11::ia64_sound
cpe:/a:redhat:kdelibs_sound_devel:2.1.1-5::i386_sound_dev
cpe:/a:redhat:kdelibs_sound_devel:2.2-11::i386_sound_dev
cpe:/a:redhat:kdelibs_sound_devel:2.2-11::ia64_sound_dev
CVE-2003-0459
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:10.293-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONECTIVA
CLA-2003:747
FULLDISC
20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak
BUGTRAQ
20030802 [slackware-security] KDE packages updated (SSA:2003-213-01)
DEBIAN
DSA-361
CONFIRM
http://www.kde.org/info/security/advisory-20030729-1.txt
MANDRAKE
MDKSA-2003:079
REDHAT
RHSA-2003:235
REDHAT
RHSA-2003:236
TURBO
TLSA-2003-45
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
cpe:/a:apache:http_server:1.3.27
CVE-2003-0460
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:22.143-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://www.apache.org/dist/httpd/Announcement.html
CERT-VN
VU#694428
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0
CVE-2003-0461
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:10.357-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
MISC
http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
DEBIAN
DSA-358
DEBIAN
DSA-423
REDHAT
RHSA-2003:238
REDHAT
RHSA-2004:188
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2
cpe:/o:linux:linux_kernel:2.4.0
cpe:/o:linux:linux_kernel:2.4.1
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:linux:linux_kernel:2.4.3
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:linux:linux_kernel:2.4.21
cpe:/o:mandrakesoft:mandrake_linux:8.2
cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc
cpe:/o:mandrakesoft:mandrake_linux:9.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1
CVE-2003-0462
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:10.433-04:00
1.2
LOCAL
HIGH
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
DEBIAN
DSA-358
DEBIAN
DSA-423
REDHAT
RHSA-2003:198
REDHAT
RHSA-2003:238
REDHAT
RHSA-2003:239
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
CVE-2003-0463
2003-12-31T00:00:00.000-05:00
2008-09-10T15:19:05.273-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
cpe:/o:redhat:linux:7.1
cpe:/o:redhat:linux:7.2
cpe:/o:redhat:linux:7.3
cpe:/o:redhat:linux:8.0
cpe:/o:redhat:linux:9.0
CVE-2003-0464
2003-08-27T00:00:00.000-04:00
2018-05-02T21:29:20.333-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
REDHAT
RHSA-2003:238
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.
cpe:/o:linux:linux_kernel:2.4.0
cpe:/o:linux:linux_kernel:2.5.0
CVE-2003-0465
2003-08-18T00:00:00.000-04:00
2017-10-10T21:29:10.510-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://marc.info/?l=linux-kernel&m=105796021120436&w=2
CONFIRM
http://marc.info/?l=linux-kernel&m=105796415223490&w=2
REDHAT
RHSA-2004:188
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
cpe:/a:redhat:wu_ftpd:2.6.1-16::i386
cpe:/a:redhat:wu_ftpd:2.6.1-16::powerpc
cpe:/a:redhat:wu_ftpd:2.6.1-18::i386
cpe:/a:redhat:wu_ftpd:2.6.1-18::ia64
cpe:/a:redhat:wu_ftpd:2.6.2-5::i386
cpe:/a:redhat:wu_ftpd:2.6.2-8::i386
cpe:/a:washington_university:wu-ftpd:2.5.0
cpe:/a:washington_university:wu-ftpd:2.6.0
cpe:/a:washington_university:wu-ftpd:2.6.1
cpe:/a:washington_university:wu-ftpd:2.6.2
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x_server:10.2.6
cpe:/o:freebsd:freebsd:4.0
cpe:/o:freebsd:freebsd:4.0:alpha
cpe:/o:freebsd:freebsd:4.1
cpe:/o:freebsd:freebsd:4.1.1
cpe:/o:freebsd:freebsd:4.1.1:release
cpe:/o:freebsd:freebsd:4.1.1:stable
cpe:/o:freebsd:freebsd:4.2
cpe:/o:freebsd:freebsd:4.2:stable
cpe:/o:freebsd:freebsd:4.3
cpe:/o:freebsd:freebsd:4.3:release
cpe:/o:freebsd:freebsd:4.3:releng
cpe:/o:freebsd:freebsd:4.3:stable
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.4:releng
cpe:/o:freebsd:freebsd:4.4:stable
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.5:release
cpe:/o:freebsd:freebsd:4.5:stable
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.6:release
cpe:/o:freebsd:freebsd:4.6:stable
cpe:/o:freebsd:freebsd:4.6.2
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.7:release
cpe:/o:freebsd:freebsd:4.7:stable
cpe:/o:freebsd:freebsd:4.8
cpe:/o:freebsd:freebsd:4.8:pre-release
cpe:/o:freebsd:freebsd:5.0
cpe:/o:freebsd:freebsd:5.0:alpha
cpe:/o:netbsd:netbsd:1.5
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.6
cpe:/o:netbsd:netbsd:1.6.1
cpe:/o:openbsd:openbsd:2.0
cpe:/o:openbsd:openbsd:2.1
cpe:/o:openbsd:openbsd:2.2
cpe:/o:openbsd:openbsd:2.3
cpe:/o:openbsd:openbsd:2.4
cpe:/o:openbsd:openbsd:2.5
cpe:/o:openbsd:openbsd:2.6
cpe:/o:openbsd:openbsd:2.7
cpe:/o:openbsd:openbsd:2.8
cpe:/o:openbsd:openbsd:2.9
cpe:/o:openbsd:openbsd:3.0
cpe:/o:openbsd:openbsd:3.1
cpe:/o:openbsd:openbsd:3.2
cpe:/o:openbsd:openbsd:3.3
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
CVE-2003-0466
2003-08-27T00:00:00.000-04:00
2018-05-02T21:29:20.520-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
NETBSD
NetBSD-SA2003-011.txt.asc
VULNWATCH
20030731 wu-ftpd fb_realpath() off-by-one bug
IMMUNIX
IMNX-2003-7+-019-01
MISC
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
BUGTRAQ
20030731 wu-ftpd fb_realpath() off-by-one bug
FREEBSD
FreeBSD-SA-03:08
BUGTRAQ
20030804 wu-ftpd-2.6.2 off-by-one remote exploit.
BUGTRAQ
20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)
SECTRACK
1007380
SUNALERT
1001257
DEBIAN
DSA-357
CERT-VN
VU#743092
MANDRAKE
MDKSA-2003:080
SUSE
SuSE-SA:2003:032
REDHAT
RHSA-2003:245
REDHAT
RHSA-2003:246
BUGTRAQ
20060213 Latest wu-ftpd exploit :-s
BUGTRAQ
20060214 Re: Latest wu-ftpd exploit :-s
BID
8315
TURBO
TLSA-2003-46
XF
libc-realpath-offbyone-bo(12785)
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:linux:linux_kernel:2.4.21
cpe:/o:linux:linux_kernel:2.4.21:pre1
cpe:/o:linux:linux_kernel:2.4.21:pre4
cpe:/o:linux:linux_kernel:2.4.21:pre7
CVE-2003-0467
2003-08-27T00:00:00.000-04:00
2016-10-17T22:34:08.163-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030802 [SECURITY] Netfilter Security Advisory: NAT Remote DOS (SACK mangle)
Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error.
cpe:/a:wietse_venema:postfix:1.0.21
cpe:/a:wietse_venema:postfix:1.1.11
cpe:/a:wietse_venema:postfix:1999-09-06
cpe:/a:wietse_venema:postfix:1999-12-31
cpe:/a:wietse_venema:postfix:2000-02-28
cpe:/a:wietse_venema:postfix:2001-11-15
cpe:/o:conectiva:linux:7.0
cpe:/o:conectiva:linux:8.0
CVE-2003-0468
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:10.573-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:717
BUGTRAQ
20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
DEBIAN
DSA-363
MANDRAKE
MDKSA-2003:081
SUSE
SuSE-SA:2003:033
REDHAT
RHSA-2003:251
BID
8333
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2003_server:64-bit
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_98::gold
cpe:/o:microsoft:windows_98se
cpe:/o:microsoft:windows_me
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp::gold
CVE-2003-0469
2003-08-07T00:00:00.000-04:00
2018-10-12T17:32:45.570-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).
FULLDISC
20030625 Re: Internet Explorer >=5.0 : Buffer overflow
BUGTRAQ
20030622 Internet Explorer >=5.0 : Buffer overflow
CERT
CA-2003-14
CERT-VN
VU#823260
BID
8016
MS
MS03-023
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
cpe:/a:symantec:security_check
CVE-2003-0470
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.540-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030622 Symantec ActiveX control buffer overflow
BUGTRAQ
20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow
SECTRACK
1007029
CERT-VN
VU#527228
BID
8008
XF
symantec-security-activex-bo(12423)
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.
cpe:/a:alt-n:webadmin
CVE-2003-0471
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:13.320-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030624 Remote Buffer Overrun WebAdmin.exe
BUGTRAQ
20030624 Re: WebAdmin from ALT-N remote exploit PoC
BID
8024
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.
cpe:/o:sgi:irix:6.5.19
CVE-2003-0472
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.587-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20030607-01-P
BID
8027
XF
irix-inetd-portscan-dos(12676)
The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning.
cpe:/o:sgi:irix:6.5.19
CVE-2003-0473
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.650-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
SGI
20030607-01-P
BID
8029
XF
irix-snoop-gain-privileges(12677)
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications.
cpe:/a:ashley_brown:iweb_server
CVE-2003-0474
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:14.630-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030416 SFAD03-001: iWeb Mini Web Server Remote Directory Traversal
BUGTRAQ
20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server
Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475.
cpe:/a:ashley_brown:iweb_server
CVE-2003-0475
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:16.177-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030623 TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2
BUGTRAQ
20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server
Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474.
cpe:/o:linux:linux_kernel:2.4.0
CVE-2003-0476
2003-08-07T00:00:00.000-04:00
2018-05-02T21:29:20.630-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030626 Linux 2.4.x execve() file read race vulnerability
DEBIAN
DSA-358
DEBIAN
DSA-423
MANDRAKE
MDKSA-2003:074
REDHAT
RHSA-2003:238
REDHAT
RHSA-2003:368
REDHAT
RHSA-2003:408
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
cpe:/a:wzdftpd:wzdftpd:0.1_rc4
CVE-2003-0477
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:18.553-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030627 wzdftpd remote DoS
CONFIRM
http://www.wzdftpd.net/changea.html
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.
cpe:/a:andromede:adromedeircd:1.2.3
cpe:/a:daniel_moss:methane:0.1.1
cpe:/a:hans_westerhof:digatech:1.2.1
cpe:/a:wenet:ircd-ru
cpe:/o:bahamut:ircd:1.4.35
CVE-2003-0478
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:19.727-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030626 Bahamut IRCd <= 1.4.35 and several derived daemons
BUGTRAQ
20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons
BUGTRAQ
20030627 Bahamut DoS
Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.
cpe:/a:affordable_web_space_design:affordable_web_space_design_webbbs
CVE-2003-0479
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:20.993-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030627 WebBBS Guestbook : Cross Site Scripting
Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields.
cpe:/a:vmware:workstation:4.0
CVE-2003-0480
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:22.197-04:00
3.7
LOCAL
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030627 VMware Workstation 4.0: Possible privilege escalation on the host
CONFIRM
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
cpe:/a:gero_kohnert:tutos:1.1
CVE-2003-0481
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:23.757-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030623 [KSA-001] Multiple vulnerabilities in Tutos
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.
cpe:/a:gero_kohnert:tutos:1.1
CVE-2003-0482
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:24.900-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030623 [KSA-001] Multiple vulnerabilities in Tutos
TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code.
cpe:/a:xmb_forum:xmb:1.8
CVE-2003-0483
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:26.057-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030623 Many XSS Vulnerabilities in XMB Forum.
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php.
cpe:/a:phpbb_group:phpbb
CVE-2003-0484
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:27.167-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030621 XSS Exploit In phpBB viewtopic.php
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
cpe:/a:progress:4gl_compiler:9.1:d06
CVE-2003-0485
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:28.760-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030620 SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow
BID
7997
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
cpe:/a:phpbb_group:phpbb:2.0.5
CVE-2003-0486
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.743-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030619 phpBB password disclosure by sql injection
CONFIRM
http://www.phpbb.com/phpBB/viewtopic.php?t=112052
BID
7979
XF
phpbb-viewtopic-sql-injection(12366)
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
cpe:/a:kerio:kerio_mailserver:5.6.3
CVE-2003-0487
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.807-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030618 Multiple buffer overflows and XSS in Kerio MailServer
MISC
http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
BID
7967
XF
kerio-multiple-modules-bo(12368)
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
cpe:/a:kerio:kerio_mailserver:5.6.3
CVE-2003-0488
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.853-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030618 Multiple buffer overflows and XSS in Kerio MailServer
MISC
http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
BID
7966
BID
7968
XF
kerio-multiple-modules-xss(12367)
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
cpe:/a:michael_c._toren:tcptraceroute:1.4
CVE-2003-0489
2003-08-07T00:00:00.000-04:00
2008-09-05T16:34:26.707-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-330
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
cpe:/a:dantz:retrospect_client:5.0.540
CVE-2003-0490
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:33.667-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030616 Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues
The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
cpe:/a:mytutorials:tutorials:2.0
CVE-2003-0491
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:34.807-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module "tutorials"
The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
cpe:/a:snitz_communications:snitz_forums_2000:3.4.03
CVE-2003-0492
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.900-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030616 Multiple Vulnerabilities In Snitz Forums
BID
7922
XF
snitz-search-xss(12325)
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.
cpe:/a:snitz_communications:snitz_forums_2000:3.4.03
CVE-2003-0493
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:37.277-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030616 Multiple Vulnerabilities In Snitz Forums
BID
7924
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
cpe:/a:snitz_communications:snitz_forums_2000:3.4.03
CVE-2003-0494
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:32.947-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030616 Multiple Vulnerabilities In Snitz Forums
BID
7925
XF
snitz-forums-password-reset(12326)
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
cpe:/a:ledscripts.com:lednews:0.7
CVE-2003-0495
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:33.027-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030615 XSS Vulnerability in LedNews (CGI/Perl) v0.7
BID
7920
XF
lednews-message-xss(12304)
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000_terminal_services
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000_terminal_services::sp3
CVE-2003-0496
2003-08-18T00:00:00.000-04:00
2019-04-30T10:27:13.710-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030709 Pipe Filename Local Privilege Escalation FAQ
BUGTRAQ
20030714 @stake named pipe exploit
BUGTRAQ
20030715 CreateFile exploit, (working)
ATSTAKE
A070803-1
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
cpe:/a:intersystems:cache_database:5
CVE-2003-0497
2003-08-07T00:00:00.000-04:00
2019-10-10T07:17:40.910-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
IDEFENSE
20030701 Caché Insecure Installation File and Directory Permissions
CONFIRM
https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/
Cach? Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
cpe:/a:intersystems:cache_database:5
CVE-2003-0498
2003-08-07T00:00:00.000-04:00
2019-10-10T07:17:40.973-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
IDEFENSE
20030701 Caché Insecure Installation File and Directory Permissions
CONFIRM
https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/
Cach? Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
cpe:/a:mantis:mantis:0.17.5
CVE-2003-0499
2003-08-07T00:00:00.000-04:00
2016-12-07T21:59:23.690-05:00
3.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
DEBIAN
DSA-335
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
cpe:/a:proftpd_project:proftpd:1.2.9_rc1
CVE-2003-0500
2003-08-07T00:00:00.000-04:00
2008-09-05T16:34:28.610-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
FULLDISC
20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql
DEBIAN
DSA-338
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
cpe:/o:linux:linux_kernel:2.6.20.1
CVE-2003-0501
2003-08-07T00:00:00.000-04:00
2018-05-02T21:29:20.723-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030620 Linux /proc sensitive information disclosure
DEBIAN
DSA-358
DEBIAN
DSA-423
REDHAT
RHSA-2003:198
REDHAT
RHSA-2003:238
REDHAT
RHSA-2003:239
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
cpe:/a:apple:darwin_streaming_server:4.1.3g
CVE-2003-0502
2003-08-27T00:00:00.000-04:00
2011-03-07T21:12:41.783-05:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
MISC
http://www.rapid7.com/advisories/R7-0015.html
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
cpe:/o:microsoft:windows_2000::sp3
CVE-2003-0503
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:44.433-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow
NTBUGTRAQ
20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow
MISC
http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
cpe:/a:phpgroupware:phpgroupware:0.9.14.003
CVE-2003-0504
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:45.823-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONECTIVA
CLA-2003:697
BUGTRAQ
20030702 [KSA-003] Cross Site Scripting Vulnerability in Phpgroupware
DEBIAN
DSA-365
MANDRAKE
MDKSA-2003:077
MISC
http://www.security-corporation.com/articles-20030702-005.html
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
cpe:/a:microsoft:netmeeting:3.0.1
CVE-2003-0505
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:47.013-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability
BID
7931
Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
cpe:/a:microsoft:netmeeting:3.0.1
CVE-2003-0506
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:48.167-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability
Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
cpe:/o:microsoft:windows_2000::sp3
CVE-2003-0507
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:49.247-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030702 CORE-2003-0305-03: Active Directory Stack Overflow
MSKB
Q319709
CERT-VN
VU#594108
BID
7930
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
cpe:/a:adobe:acrobat_reader:5.0.7
CVE-2003-0508
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:50.527-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030701 [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow
BUGTRAQ
20030709 Acroread 5.0.7 buffer overflow
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.
cpe:/a:cyberstrong:eshop:4.2
CVE-2003-0509
2003-08-07T00:00:00.000-04:00
2017-07-10T21:29:33.087-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030701 CyberStrong Shopping Cart - Advisory & Exploit Code
SECTRACK
1007092
BID
14101
BID
14103
BID
14112
XF
cyberstrongeshop-multiple-sql-injection(12485)
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
cpe:/a:ezbounce:ezbounce:1.0
cpe:/a:ezbounce:ezbounce:1.1
cpe:/a:ezbounce:ezbounce:1.2
cpe:/a:ezbounce:ezbounce:1.3
cpe:/a:ezbounce:ezbounce:1.4
cpe:/a:ezbounce:ezbounce:1.5
cpe:/a:ezbounce:ezbounce:1.6
cpe:/a:ezbounce:ezbounce:1.7
cpe:/a:ezbounce:ezbounce:1.8
cpe:/a:ezbounce:ezbounce:1.9
cpe:/a:ezbounce:ezbounce:1.10
cpe:/a:ezbounce:ezbounce:1.11
cpe:/a:ezbounce:ezbounce:1.12
cpe:/a:ezbounce:ezbounce:1.13
cpe:/a:ezbounce:ezbounce:1.14
cpe:/a:ezbounce:ezbounce:1.15
cpe:/a:ezbounce:ezbounce:1.16
cpe:/a:ezbounce:ezbounce:1.17
cpe:/a:ezbounce:ezbounce:1.18
cpe:/a:ezbounce:ezbounce:1.19
cpe:/a:ezbounce:ezbounce:1.20
cpe:/a:ezbounce:ezbounce:1.21
cpe:/a:ezbounce:ezbounce:1.22
cpe:/a:ezbounce:ezbounce:1.23
cpe:/a:ezbounce:ezbounce:1.24
cpe:/a:ezbounce:ezbounce:1.25
cpe:/a:ezbounce:ezbounce:1.26
cpe:/a:ezbounce:ezbounce:1.27
cpe:/a:ezbounce:ezbounce:1.28
cpe:/a:ezbounce:ezbounce:1.29
cpe:/a:ezbounce:ezbounce:1.30
cpe:/a:ezbounce:ezbounce:1.31
cpe:/a:ezbounce:ezbounce:1.32
cpe:/a:ezbounce:ezbounce:1.33
cpe:/a:ezbounce:ezbounce:1.34
cpe:/a:ezbounce:ezbounce:1.35
cpe:/a:ezbounce:ezbounce:1.36
cpe:/a:ezbounce:ezbounce:1.37
cpe:/a:ezbounce:ezbounce:1.38
cpe:/a:ezbounce:ezbounce:1.39
cpe:/a:ezbounce:ezbounce:1.40
cpe:/a:ezbounce:ezbounce:1.41
cpe:/a:ezbounce:ezbounce:1.42
cpe:/a:ezbounce:ezbounce:1.43
cpe:/a:ezbounce:ezbounce:1.44
cpe:/a:ezbounce:ezbounce:1.45
cpe:/a:ezbounce:ezbounce:1.46
cpe:/a:ezbounce:ezbounce:1.47
cpe:/a:ezbounce:ezbounce:1.48
cpe:/a:ezbounce:ezbounce:1.49
cpe:/a:ezbounce:ezbounce:1.50
CVE-2003-0510
2003-08-07T00:00:00.000-04:00
2016-10-17T22:34:52.967-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://druglord.freelsd.org/ezbounce/
BUGTRAQ
20030701 ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.
Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command.
cpe:/o:cisco:ios:12.2%284%29ja
cpe:/o:cisco:ios:12.2%284%29ja1
cpe:/o:cisco:ios:12.2%288%29ja
cpe:/o:cisco:ios:12.2%2811%29ja
CVE-2003-0511
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:10.637-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030728 Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability
CISCO
20030728 HTTP GET Vulnerability in AP1x00
MISC
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
cpe:/o:cisco:ios:12.0%2824%29s1
cpe:/o:cisco:ios:12.0%2824.2%29s
cpe:/o:cisco:ios:12.2%2811%29ja1
cpe:/o:cisco:ios:12.2%2814.5%29
cpe:/o:cisco:ios:12.2%2814.5%29t
cpe:/o:cisco:ios:12.2%2815%29zn
cpe:/o:cisco:ios:12.2%2815.1%29s
cpe:/o:cisco:ios:12.2%2816%29b
cpe:/o:cisco:ios:12.2%2816.1%29b
CVE-2003-0512
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:10.700-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
VULNWATCH
20030728 Cisco Aironet AP1100 Valid Account Disclosure Vulnerability
CISCO
20030724 Enumerating Locally Defined Users in Cisco IOS
CERT-VN
VU#886796
MISC
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.0.1:sp4
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0513
2004-04-15T00:00:00.000-04:00
2008-09-05T16:34:30.847-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
FULLDISC
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
cpe:/a:apple:safari:1.0
cpe:/a:apple:safari:1.1
CVE-2003-0514
2004-04-15T00:00:00.000-04:00
2008-09-05T16:34:31.017-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
FULLDISC
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
cpe:/a:teapop:teapop:0.3.4
cpe:/a:teapop:teapop:0.3.5
CVE-2003-0515
2003-08-18T00:00:00.000-04:00
2008-09-10T15:19:27.790-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-347
SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.
cpe:/a:gert_doering:mgetty:1.1.28
CVE-2003-0516
2003-08-18T00:00:00.000-04:00
2008-09-10T15:19:29.040-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
CONFIRM
ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz
cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
cpe:/a:gert_doering:mgetty:1.1.19
cpe:/a:gert_doering:mgetty:1.1.20
cpe:/a:gert_doering:mgetty:1.1.21
cpe:/a:gert_doering:mgetty:1.1.22
cpe:/a:gert_doering:mgetty:1.1.28
CVE-2003-0517
2003-08-18T00:00:00.000-04:00
2008-09-05T16:34:31.487-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
CVE-2003-0518
2003-08-18T00:00:00.000-04:00
2008-09-10T15:19:29.617-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030704 MacOSX - crash screensaver locked with password and get the desktop back
BUGTRAQ
20030715 FIXED: MacOSX - crash screensaver locked with password and get thedesktop back
CONFIRM
http://docs.info.apple.com/article.html?artnum=120232
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
cpe:/a:microsoft:ie:5.0
cpe:/a:microsoft:ie:6.0
CVE-2003-0519
2003-08-18T00:00:00.000-04:00
2008-09-05T16:34:31.860-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
FULLDISC
20030707 Internet Explorer 6 DoS Bug
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.
cpe:/a:cerulean_studios:trillian:0.74
cpe:/a:cerulean_studios:trillian:1.0
CVE-2003-0520
2003-08-18T00:00:00.000-04:00
2016-10-17T22:34:54.137-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030704 Trillian Remote DoS
BID
8107
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
cpe:/a:cpanel:cpanel:5.0
cpe:/a:cpanel:cpanel:5.3
cpe:/a:cpanel:cpanel:6.0
cpe:/a:cpanel:cpanel:6.2
cpe:/a:cpanel:cpanel:6.4
cpe:/a:cpanel:cpanel:6.4.1
cpe:/a:cpanel:cpanel:6.4.2
cpe:/a:cpanel:cpanel:6.4.2_stable_48
CVE-2003-0521
2003-08-18T00:00:00.000-04:00
2016-10-17T22:34:55.403-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030706 cPanel Malicious HTML Tags Injection Vulnerability
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
cpe:/a:early_impact:productcart:1.5
cpe:/a:early_impact:productcart:1.6b
cpe:/a:early_impact:productcart:1.6b001
cpe:/a:early_impact:productcart:1.6b002
cpe:/a:early_impact:productcart:1.6b003
cpe:/a:early_impact:productcart:1.6br
cpe:/a:early_impact:productcart:1.6br001
cpe:/a:early_impact:productcart:1.6br003
cpe:/a:early_impact:productcart:1.5002
cpe:/a:early_impact:productcart:1.5003
cpe:/a:early_impact:productcart:1.5003r
cpe:/a:early_impact:productcart:1.5004
cpe:/a:early_impact:productcart:1.6002
cpe:/a:early_impact:productcart:1.6003
cpe:/a:early_impact:productcart:2
cpe:/a:early_impact:productcart:2br000
CVE-2003-0522
2003-08-18T00:00:00.000-04:00
2016-10-17T22:34:56.920-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030704 Another ProductCart SQL Injection Vulnerability
BUGTRAQ
20030705 Re: Another ProductCart SQL Injection Vulnerability
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.
cpe:/a:early_impact:productcart:1.5
cpe:/a:early_impact:productcart:1.6b
cpe:/a:early_impact:productcart:1.6b001
cpe:/a:early_impact:productcart:1.6b002
cpe:/a:early_impact:productcart:1.6b003
cpe:/a:early_impact:productcart:1.6br
cpe:/a:early_impact:productcart:1.6br001
cpe:/a:early_impact:productcart:1.6br003
cpe:/a:early_impact:productcart:1.5002
cpe:/a:early_impact:productcart:1.5003
cpe:/a:early_impact:productcart:1.5003r
cpe:/a:early_impact:productcart:1.5004
cpe:/a:early_impact:productcart:1.6002
cpe:/a:early_impact:productcart:1.6003
cpe:/a:early_impact:productcart:2
cpe:/a:early_impact:productcart:2br000
CVE-2003-0523
2003-08-18T00:00:00.000-04:00
2016-10-17T22:34:58.187-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030705 ProductCart XSS Vulnerability
Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter.
cpe:/a:knoppix:knoppix:3.1
CVE-2003-0524
2003-08-18T00:00:00.000-04:00
2016-10-17T22:34:59.467-04:00
6.2
LOCAL
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030708 Qt temporary files race condition in Knoppix 3.1
Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory.
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
CVE-2003-0525
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:46.210-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
ATSTAKE
A072303-1
MS
MS03-029
XF
winnt-file-management-dos(12701)
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
cpe:/a:microsoft:isa_server:2000
cpe:/a:microsoft:isa_server:2000:fp1
cpe:/a:microsoft:isa_server:2000:sp1
CVE-2003-0526
2003-08-18T00:00:00.000-04:00
2018-10-12T17:32:46.677-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030716 ISA Server - Error Page Cross Site Scripting
VULNWATCH
20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
BUGTRAQ
20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
BUGTRAQ
20030716 ISA Server - Error Page Cross Site Scripting
NTBUGTRAQ
20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
MISC
http://pivx.com/larholm/adv/TL006
MS
MS03-028
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0528
2003-09-17T00:00:00.000-04:00
2019-04-30T10:27:13.913-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030911 NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability
BUGTRAQ
20030920 The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows
CERT
CA-2003-23
CERT-VN
VU#254236
MISC
http://www.nsfocus.com/english/homepage/research/0306.htm
MS
MS03-039
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0530
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:49.037-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1007538
CERT
CA-2003-22
CERT-VN
VU#548964
BID
8454
MS
MS03-032
XF
ie-br549-activex-bo(12962)
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0531
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:49.663-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT
CA-2003-22
CERT-VN
VU#205148
MISC
http://www.lac.co.jp/security/english/snsadv_e/67_e.html
BID
8457
MS
MS03-032
XF
ie-cache-script-injection(12961)
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0532
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:50.287-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability
BUGTRAQ
20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability
MISC
http://www.eeye.com/html/Research/Advisories/AD20030820.html
CERT-VN
VU#865940
MS
MS03-032
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
cpe:/a:microsoft:netmeeting
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp4::fr
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_98::gold
cpe:/o:microsoft:windows_me
cpe:/o:microsoft:windows_nt:4.0:sp6a
cpe:/o:microsoft:windows_xp::sp1:tablet_pc
CVE-2003-0533
2004-06-01T00:00:00.000-04:00
2018-10-12T17:32:50.773-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow
BUGTRAQ
20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)
CIAC
O-114
EEYE
AD20040413C
CERT-VN
VU#753212
BID
10108
CERT
TA04-104A
MS
MS04-011
XF
win-lsass-bo(15699)
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
cpe:/a:xblockout:xbl:1.0i
cpe:/a:xblockout:xbl:1.0k
cpe:/a:xblockout:xbl:1.1
CVE-2003-0535
2003-08-18T00:00:00.000-04:00
2008-09-10T15:19:32.820-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
FULLDISC
20030708 Fwd: xbl vulnerabilty
DEBIAN
DSA-345
Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option.
cpe:/a:phpsysinfo:phpsysinfo:2.0
cpe:/a:phpsysinfo:phpsysinfo:2.1
CVE-2003-0536
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:07.453-04:00
3.6
LOCAL
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030425 Unauthorized reading files on phpSysInfo
MISC
http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015
DEBIAN
DSA-346
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
cpe:/a:daiki_ueno:liece_emacs_irc_client:2.0_0.2003-05-27
CVE-2003-0537
2003-08-18T00:00:00.000-04:00
2008-09-05T16:34:34.737-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
DEBIAN
DSA-341
The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.
cpe:/a:mozart:mozart:1.2.3
cpe:/a:mozart:mozart:1.2.5
CVE-2003-0538
2003-08-18T00:00:00.000-04:00
2008-09-10T15:19:33.103-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-342
The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.
cpe:/a:ddskk:ddskk:11.6_.rel.0
cpe:/a:redhat:daredevil_skk:11.3.2::noarch
cpe:/a:redhat:daredevil_skk:11.3.5::noarch
cpe:/a:redhat:daredevil_skk:11.6.0-6::noarch
cpe:/a:redhat:daredevil_skk:11.6.0-8::noarch
cpe:/a:redhat:daredevil_skk:11.6.0-10::noarch
cpe:/a:redhat:ddskk-xemacs:11.6.0-6::noarch
cpe:/a:redhat:ddskk-xemacs:11.6.0-8::noarch
cpe:/a:redhat:ddskk-xemacs:11.6.0-10::noarch
cpe:/a:skk:skk:10.62a
CVE-2003-0539
2003-08-18T00:00:00.000-04:00
2017-10-10T21:29:11.090-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-343
REDHAT
RHSA-2003:242
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.
cpe:/a:wietse_venema:postfix:1.0.21
cpe:/a:wietse_venema:postfix:1.1.11
cpe:/a:wietse_venema:postfix:1.1.12
cpe:/a:wietse_venema:postfix:1999-09-06
cpe:/a:wietse_venema:postfix:1999-12-31
cpe:/a:wietse_venema:postfix:2000-02-28
cpe:/a:wietse_venema:postfix:2001-11-15
cpe:/o:conectiva:linux:7.0
cpe:/o:conectiva:linux:8.0
CVE-2003-0540
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.167-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:717
FULLDISC
20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
BUGTRAQ
20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
TRUSTIX
2003-0029
DEBIAN
DSA-363
CERT-VN
VU#895508
ENGARDE
ESA-20030804-019
MANDRAKE
MDKSA-2003:081
SUSE
SuSE-SA:2003:033
REDHAT
RHSA-2003:251
BID
8333
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
cpe:/a:gnome:gtkhtml:1.1.10
CVE-2003-0541
2003-09-17T00:00:00.000-04:00
2017-10-10T21:29:11.230-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:737
DEBIAN
DSA-710
MANDRAKE
MDKSA-2003:093
REDHAT
RHSA-2003:264
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
cpe:/a:apache:http_server:1.3
cpe:/a:apache:http_server:1.3.1
cpe:/a:apache:http_server:1.3.3
cpe:/a:apache:http_server:1.3.4
cpe:/a:apache:http_server:1.3.6
cpe:/a:apache:http_server:1.3.9
cpe:/a:apache:http_server:1.3.11
cpe:/a:apache:http_server:1.3.12
cpe:/a:apache:http_server:1.3.14
cpe:/a:apache:http_server:1.3.17
cpe:/a:apache:http_server:1.3.18
cpe:/a:apache:http_server:1.3.19
cpe:/a:apache:http_server:1.3.20
cpe:/a:apache:http_server:1.3.22
cpe:/a:apache:http_server:1.3.23
cpe:/a:apache:http_server:1.3.24
cpe:/a:apache:http_server:1.3.25
cpe:/a:apache:http_server:1.3.26
cpe:/a:apache:http_server:1.3.27
cpe:/a:apache:http_server:1.3.28
cpe:/a:apache:http_server:2.0
cpe:/a:apache:http_server:2.0.28
cpe:/a:apache:http_server:2.0.32
cpe:/a:apache:http_server:2.0.35
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
cpe:/a:apache:http_server:2.0.46
cpe:/a:apache:http_server:2.0.47
CVE-2003-0542
2003-11-03T00:00:00.000-05:00
2018-05-02T21:29:20.927-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SCO
SCOSA-2004.6
SGI
20031203-01-U
SGI
20040202-01-U
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://httpd.apache.org/dist/httpd/Announcement2.html
APPLE
APPLE-SA-2004-01-26
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00045.html
BUGTRAQ
20031031 GLSA: apache (200310-04)
HP
SSRT090208
SUNALERT
101444
SUNALERT
101841
CERT-VN
VU#434566
CERT-VN
VU#549142
MANDRAKE
MDKSA-2003:103
REDHAT
RHSA-2003:320
REDHAT
RHSA-2003:360
REDHAT
RHSA-2003:405
REDHAT
RHSA-2004:015
REDHAT
RHSA-2005:816
HP
HPSBUX0311-301
BUGTRAQ
20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)
BID
8911
BID
9504
XF
apache-modalias-modrewrite-bo(13400)
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
cpe:/a:openssl:openssl:0.9.6
cpe:/a:openssl:openssl:0.9.7
CVE-2003-0543
2003-11-17T00:00:00.000-05:00
2018-05-02T21:29:21.100-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
SUNALERT
201029
CERT
CA-2003-26
DEBIAN
DSA-393
DEBIAN
DSA-394
CERT-VN
VU#255484
ENGARDE
ESA-20030930-027
REDHAT
RHSA-2003:291
REDHAT
RHSA-2003:292
BID
8732
MISC
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
VUPEN
ADV-2006-3900
CONFIRM
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
cpe:/a:openssl:openssl:0.9.6
cpe:/a:openssl:openssl:0.9.7
CVE-2003-0544
2003-11-17T00:00:00.000-05:00
2018-05-02T21:29:21.223-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
SUNALERT
201029
CERT
CA-2003-26
DEBIAN
DSA-393
DEBIAN
DSA-394
CERT-VN
VU#380864
ENGARDE
ESA-20030930-027
REDHAT
RHSA-2003:291
REDHAT
RHSA-2003:292
BID
8732
MISC
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
VUPEN
ADV-2006-3900
CONFIRM
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
XF
openssl-asn1-sslclient-dos(43041)
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
cpe:/a:openssl:openssl:0.9.6
cpe:/a:openssl:openssl:0.9.7
CVE-2003-0545
2003-11-17T00:00:00.000-05:00
2018-05-02T21:29:21.350-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
CERT
CA-2003-26
DEBIAN
DSA-394
CERT-VN
VU#935264
REDHAT
RHSA-2003:292
BID
8732
VUPEN
ADV-2006-3900
CONFIRM
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
cpe:/a:redhat:up2date:3.0.7-1::i386
cpe:/a:redhat:up2date:3.0.7-1::i386_gnome
cpe:/a:redhat:up2date:3.1.23-1::i386
cpe:/a:redhat:up2date:3.1.23-1::i386_gnome
CVE-2003-0546
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.293-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
REDHAT
RHSA-2003:255
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
cpe:/a:gnome:gdm:2.4.1
cpe:/a:gnome:gdm:2.4.1.1
cpe:/a:gnome:gdm:2.4.1.2
cpe:/a:gnome:gdm:2.4.1.3
cpe:/a:gnome:gdm:2.4.1.4
cpe:/a:gnome:gdm:2.4.1.5
cpe:/a:gnome:gdm:2.4.1.6
cpe:/a:redhat:kdebase:2.4.0.7.13::i386
cpe:/a:redhat:kdebase:2.4.1.3.5::i386
CVE-2003-0547
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.357-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONECTIVA
CLA-2003:729
CONFIRM
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
BUGTRAQ
20030824 [slackware-security] GDM security update (SSA:2003-236-01)
REDHAT
RHSA-2003:258
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
cpe:/a:gnome:gdm:2.2.0
cpe:/a:gnome:gdm:2.4.1
cpe:/a:gnome:gdm:2.4.1.1
cpe:/a:gnome:gdm:2.4.1.2
cpe:/a:gnome:gdm:2.4.1.3
cpe:/a:gnome:gdm:2.4.1.4
cpe:/a:gnome:gdm:2.4.1.5
cpe:/a:gnome:gdm:2.4.1.6
cpe:/a:redhat:kdebase:2.0_beta2.45::i386
cpe:/a:redhat:kdebase:2.0_beta2.45::ppc
cpe:/a:redhat:kdebase:2.2.3.1.20::i386
cpe:/a:redhat:kdebase:2.2.3.1.20::ia64
cpe:/a:redhat:kdebase:2.2.3.1.22::i386
cpe:/a:redhat:kdebase:2.4.0.7.13::i386
cpe:/a:redhat:kdebase:2.4.1.3.5::i386
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:redhat:linux_advanced_workstation:2.1
CVE-2003-0548
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.433-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:729
CONFIRM
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
REDHAT
RHSA-2003:258
REDHAT
RHSA-2003:259
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
cpe:/a:gnome:gdm:2.2.0
cpe:/a:gnome:gdm:2.4.1
cpe:/a:gnome:gdm:2.4.1.1
cpe:/a:gnome:gdm:2.4.1.2
cpe:/a:gnome:gdm:2.4.1.3
cpe:/a:gnome:gdm:2.4.1.4
cpe:/a:gnome:gdm:2.4.1.5
cpe:/a:gnome:gdm:2.4.1.6
cpe:/a:redhat:kdebase:2.0_beta2.45::i386
cpe:/a:redhat:kdebase:2.0_beta2.45::ppc
cpe:/a:redhat:kdebase:2.2.3.1.20::i386
cpe:/a:redhat:kdebase:2.2.3.1.20::ia64
cpe:/a:redhat:kdebase:2.2.3.1.22::i386
cpe:/a:redhat:kdebase:2.4.0.7.13::i386
cpe:/a:redhat:kdebase:2.4.1.3.5::i386
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:redhat:linux_advanced_workstation:2.1
CVE-2003-0549
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.510-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:729
CONFIRM
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
REDHAT
RHSA-2003:258
REDHAT
RHSA-2003:259
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
cpe:/o:redhat:linux:2.4.2
CVE-2003-0550
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.573-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
DEBIAN
DSA-358
DEBIAN
DSA-423
REDHAT
RHSA-2003:238
REDHAT
RHSA-2003:239
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
cpe:/o:redhat:linux:2.4.2
CVE-2003-0551
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.653-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
DEBIAN
DSA-358
DEBIAN
DSA-423
REDHAT
RHSA-2003:198
REDHAT
RHSA-2003:238
REDHAT
RHSA-2003:239
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
cpe:/o:redhat:linux:2.4.2
CVE-2003-0552
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:11.730-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
DEBIAN
DSA-358
DEBIAN
DSA-423
REDHAT
RHSA-2003:198
REDHAT
RHSA-2003:238
REDHAT
RHSA-2003:239
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
cpe:/a:netscape:navigator:7.0.2
CVE-2003-0553
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:13.673-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MISC
http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf
BUGTRAQ
20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
cpe:/a:neomodus:direct_connect:1.0
CVE-2003-0554
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:14.890-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
FULLDISC
20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9
BUGTRAQ
20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9
NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports.
cpe:/a:imagemagick:imagemagick:5.4.3
CVE-2003-0555
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:16.097-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030714 ImageMagick's Overflow
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
cpe:/h:polycom:mgc-100
cpe:/h:polycom:mgc-25:5.51.21
cpe:/h:polycom:mgc-25:5.51.211
cpe:/h:polycom:mgc-50
CVE-2003-0556
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:17.237-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
FULLDISC
20030712 DoS - Polycom MGC 25 Control Port
BUGTRAQ
20030712 DoS - Polycom MGC 25 Control Port
Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
cpe:/a:lagarde:storefront:6.0
CVE-2003-0557
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:18.453-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030712 ZH2003-3SA (security advisory): Storefront sql injection: users
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
cpe:/a:leapware:leapftp:2.7.3.600
CVE-2003-0558
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:19.580-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030711 LeapFTP remote buffer overflow exploit
Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.
cpe:/a:phpforum:phpforum:2.0_rc1
CVE-2003-0559
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:21.097-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030710 PHP-Include-Hack-Possibility in phpforum 2 RC-1
mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code.
cpe:/a:virtual_programming:vp-asp:5.0
CVE-2003-0560
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:22.610-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030704 VPASP SQL Injection Vulnerability & Exploit CODE
BID
8159
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
cpe:/a:iglooftp:iglooftp_pro:3.8
CVE-2003-0561
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:23.910-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030707 Multiple Buffer Overflows in IglooFTP PRO
BUGTRAQ
20030707 Multiple Buffer Overflows in IglooFTP PRO
Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands.
cpe:/o:novell:netware:5.1
cpe:/o:novell:netware:5.1:sp4
cpe:/o:novell:netware:5.1:sp6
cpe:/o:novell:netware:6.0
cpe:/o:novell:netware:6.0:sp1
cpe:/o:novell:netware:6.0:sp2
CVE-2003-0562
2003-08-27T00:00:00.000-04:00
2016-10-17T22:35:25.173-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030723 Buffer Overflow in Netware Web Server PERL Handler
BUGTRAQ
20030723 NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow
BUGTRAQ
20030723 Buffer Overflow in Netware Web Server PERL Handler
CONFIRM
http://support.novell.com/servlet/tidfinder/2966549
CERT-VN
VU#185593
MISC
http://www.protego.dk/advisories/200301.html
Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.
cpe:/a:hitachi:groupmax_mail_-_security_option:6.0
cpe:/a:hitachi:pki_runtime_library
CVE-2003-0564
2003-12-01T00:00:00.000-05:00
2017-10-10T21:29:11.807-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20040402-01-U
HP
SSRT4722
FEDORA
FLSA:2089
CERT-VN
VU#428230
MANDRAKE
MDKSA-2004:021
REDHAT
RHSA-2004:110
REDHAT
RHSA-2004:112
BID
8981
MISC
http://www.uniras.gov.uk/vuls/2003/006489/smime.htm
XF
smime-asn1-bo(13603)
Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
CVE-2003-0565
2003-12-01T00:00:00.000-05:00
2005-10-20T00:00:00.000-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CERT-VN
VU#927278
MISC
http://www.uniras.gov.uk/vuls/2003/006489/x400.htm
Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
cpe:/a:cisco:optical_networking_systems_software:3.0
cpe:/a:cisco:optical_networking_systems_software:3.1.0
cpe:/a:cisco:optical_networking_systems_software:3.2.0
cpe:/a:cisco:optical_networking_systems_software:3.3.0
cpe:/a:cisco:optical_networking_systems_software:3.4.0
cpe:/a:cisco:optical_networking_systems_software:4.0.0
cpe:/h:cisco:ons_15454_optical_transport_platform
cpe:/o:cisco:ios:11.0
cpe:/o:cisco:ios:11.1
cpe:/o:cisco:ios:11.1aa
cpe:/o:cisco:ios:11.1ca
cpe:/o:cisco:ios:11.1cc
cpe:/o:cisco:ios:11.2
cpe:/o:cisco:ios:11.2p
cpe:/o:cisco:ios:11.2sa
cpe:/o:cisco:ios:11.3
cpe:/o:cisco:ios:11.3t
cpe:/o:cisco:ios:12.0
cpe:/o:cisco:ios:12.0da
cpe:/o:cisco:ios:12.0db
cpe:/o:cisco:ios:12.0dc
cpe:/o:cisco:ios:12.0s
cpe:/o:cisco:ios:12.0sc
cpe:/o:cisco:ios:12.0sl
cpe:/o:cisco:ios:12.0sp
cpe:/o:cisco:ios:12.0st
cpe:/o:cisco:ios:12.0sx
cpe:/o:cisco:ios:12.0sy
cpe:/o:cisco:ios:12.0sz
cpe:/o:cisco:ios:12.0t
cpe:/o:cisco:ios:12.0w5
cpe:/o:cisco:ios:12.0wc
cpe:/o:cisco:ios:12.0wt
cpe:/o:cisco:ios:12.0xa
cpe:/o:cisco:ios:12.0xb
cpe:/o:cisco:ios:12.0xc
cpe:/o:cisco:ios:12.0xd
cpe:/o:cisco:ios:12.0xe
cpe:/o:cisco:ios:12.0xf
cpe:/o:cisco:ios:12.0xg
cpe:/o:cisco:ios:12.0xh
cpe:/o:cisco:ios:12.0xi
cpe:/o:cisco:ios:12.0xj
cpe:/o:cisco:ios:12.0xk
cpe:/o:cisco:ios:12.0xl
cpe:/o:cisco:ios:12.0xm
cpe:/o:cisco:ios:12.0xn
cpe:/o:cisco:ios:12.0xp
cpe:/o:cisco:ios:12.0xq
cpe:/o:cisco:ios:12.0xr
cpe:/o:cisco:ios:12.0xs
cpe:/o:cisco:ios:12.0xu
cpe:/o:cisco:ios:12.0xv
cpe:/o:cisco:ios:12.0xw
cpe:/o:cisco:ios:12.1
cpe:/o:cisco:ios:12.1aa
cpe:/o:cisco:ios:12.1ax
cpe:/o:cisco:ios:12.1ay
cpe:/o:cisco:ios:12.1da
cpe:/o:cisco:ios:12.1db
cpe:/o:cisco:ios:12.1dc
cpe:/o:cisco:ios:12.1e
cpe:/o:cisco:ios:12.1ea
cpe:/o:cisco:ios:12.1eb
cpe:/o:cisco:ios:12.1ec
cpe:/o:cisco:ios:12.1ev
cpe:/o:cisco:ios:12.1ew
cpe:/o:cisco:ios:12.1ex
cpe:/o:cisco:ios:12.1ey
cpe:/o:cisco:ios:12.1m
cpe:/o:cisco:ios:12.1t
cpe:/o:cisco:ios:12.1xa
cpe:/o:cisco:ios:12.1xb
cpe:/o:cisco:ios:12.1xc
cpe:/o:cisco:ios:12.1xd
cpe:/o:cisco:ios:12.1xe
cpe:/o:cisco:ios:12.1xf
cpe:/o:cisco:ios:12.1xg
cpe:/o:cisco:ios:12.1xh
cpe:/o:cisco:ios:12.1xi
cpe:/o:cisco:ios:12.1xj
cpe:/o:cisco:ios:12.1xk
cpe:/o:cisco:ios:12.1xl
cpe:/o:cisco:ios:12.1xm
cpe:/o:cisco:ios:12.1xp
cpe:/o:cisco:ios:12.1xq
cpe:/o:cisco:ios:12.1xr
cpe:/o:cisco:ios:12.1xs
cpe:/o:cisco:ios:12.1xt
cpe:/o:cisco:ios:12.1xu
cpe:/o:cisco:ios:12.1xv
cpe:/o:cisco:ios:12.1xw
cpe:/o:cisco:ios:12.1xx
cpe:/o:cisco:ios:12.1xy
cpe:/o:cisco:ios:12.1xz
cpe:/o:cisco:ios:12.1yb
cpe:/o:cisco:ios:12.1yc
cpe:/o:cisco:ios:12.1yd
cpe:/o:cisco:ios:12.1ye
cpe:/o:cisco:ios:12.1yf
cpe:/o:cisco:ios:12.1yh
cpe:/o:cisco:ios:12.1yi
cpe:/o:cisco:ios:12.1yj
cpe:/o:cisco:ios:12.2
cpe:/o:cisco:ios:12.2b
cpe:/o:cisco:ios:12.2bc
cpe:/o:cisco:ios:12.2bw
cpe:/o:cisco:ios:12.2bx
cpe:/o:cisco:ios:12.2bz
cpe:/o:cisco:ios:12.2cx
cpe:/o:cisco:ios:12.2cy
cpe:/o:cisco:ios:12.2da
cpe:/o:cisco:ios:12.2dd
cpe:/o:cisco:ios:12.2dx
cpe:/o:cisco:ios:12.2ja
cpe:/o:cisco:ios:12.2mb
cpe:/o:cisco:ios:12.2mc
cpe:/o:cisco:ios:12.2mx
cpe:/o:cisco:ios:12.2s
cpe:/o:cisco:ios:12.2sx
cpe:/o:cisco:ios:12.2sy
cpe:/o:cisco:ios:12.2sz
cpe:/o:cisco:ios:12.2t
cpe:/o:cisco:ios:12.2xa
cpe:/o:cisco:ios:12.2xb
cpe:/o:cisco:ios:12.2xc
cpe:/o:cisco:ios:12.2xd
cpe:/o:cisco:ios:12.2xe
cpe:/o:cisco:ios:12.2xf
cpe:/o:cisco:ios:12.2xg
cpe:/o:cisco:ios:12.2xh
cpe:/o:cisco:ios:12.2xi
cpe:/o:cisco:ios:12.2xj
cpe:/o:cisco:ios:12.2xk
cpe:/o:cisco:ios:12.2xl
cpe:/o:cisco:ios:12.2xm
cpe:/o:cisco:ios:12.2xn
cpe:/o:cisco:ios:12.2xq
cpe:/o:cisco:ios:12.2xr
cpe:/o:cisco:ios:12.2xs
cpe:/o:cisco:ios:12.2xt
cpe:/o:cisco:ios:12.2xu
cpe:/o:cisco:ios:12.2xw
cpe:/o:cisco:ios:12.2ya
cpe:/o:cisco:ios:12.2yb
cpe:/o:cisco:ios:12.2yc
cpe:/o:cisco:ios:12.2yd
cpe:/o:cisco:ios:12.2yf
cpe:/o:cisco:ios:12.2yg
cpe:/o:cisco:ios:12.2yh
cpe:/o:cisco:ios:12.2yj
cpe:/o:cisco:ios:12.2yk
cpe:/o:cisco:ios:12.2yl
cpe:/o:cisco:ios:12.2ym
cpe:/o:cisco:ios:12.2yn
cpe:/o:cisco:ios:12.2yo
cpe:/o:cisco:ios:12.2yp
cpe:/o:cisco:ios:12.2yq
cpe:/o:cisco:ios:12.2yr
cpe:/o:cisco:ios:12.2ys
cpe:/o:cisco:ios:12.2yt
cpe:/o:cisco:ios:12.2yu
cpe:/o:cisco:ios:12.2yv
cpe:/o:cisco:ios:12.2yw
cpe:/o:cisco:ios:12.2yx
cpe:/o:cisco:ios:12.2yy
cpe:/o:cisco:ios:12.2yz
cpe:/o:cisco:ios:12.2za
cpe:/o:cisco:ios:12.2zb
cpe:/o:cisco:ios:12.2zc
cpe:/o:cisco:ios:12.2zd
cpe:/o:cisco:ios:12.2ze
cpe:/o:cisco:ios:12.2zf
cpe:/o:cisco:ios:12.2zg
cpe:/o:cisco:ios:12.2zh
cpe:/o:cisco:ios:12.2zj
CVE-2003-0567
2003-08-18T00:00:00.000-04:00
2018-10-30T12:26:17.263-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
FULLDISC
20030718 (no subject)
CERT
CA-2003-15
CERT
CA-2003-17
CISCO
20030717 IOS Interface Blocked by IPv4 Packet
CERT-VN
VU#411332
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
CVE-2003-0568
2017-05-11T10:29:00.853-04:00
2017-05-11T10:29:00.853-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0569
2017-05-11T10:29:00.887-04:00
2017-05-11T10:29:00.887-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0570
2017-05-11T10:29:00.900-04:00
2017-05-11T10:29:00.917-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0571
2017-05-11T10:29:00.933-04:00
2017-05-11T10:29:00.933-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
CVE-2003-0572
2003-08-18T00:00:00.000-04:00
2017-07-10T21:29:33.633-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20030701-01-P
XF
irix-nsd-map-dos(12635)
Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption).
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15f
cpe:/o:sgi:irix:6.5.15m
cpe:/o:sgi:irix:6.5.16f
cpe:/o:sgi:irix:6.5.16m
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
CVE-2003-0573
2003-08-18T00:00:00.000-04:00
2008-09-05T16:34:40.533-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SGI
20030701-01-P
The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact.
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.17
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.20
CVE-2003-0574
2003-08-18T00:00:00.000-04:00
2008-09-10T15:19:42.383-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
SGI
20030702-01-P
Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028.
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.17
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
cpe:/o:sgi:irix:6.5.21
cpe:/o:sgi:irix:6.5.21f
cpe:/o:sgi:irix:6.5.21m
CVE-2003-0575
2003-08-27T00:00:00.000-04:00
2017-07-10T21:29:33.697-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SGI
20030704-01-P
BUGTRAQ
20030730 [LSD] IRIX nsd remote buffer overflow vulnerability
CIAC
N-130
CERT-VN
VU#682900
BID
8304
XF
irix-authunix-nsd-bo(12763)
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
CVE-2003-0576
2003-08-27T00:00:00.000-04:00
2008-09-10T15:19:42.523-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SGI
20030801-01-P
SGI
20030801-02-P
Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619.
cpe:/a:mpg123:mpg123:0.59r
cpe:/a:mpg123:mpg123:pre0.59s
CVE-2003-0577
2003-08-18T00:00:00.000-04:00
2008-09-10T15:19:42.633-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
SCO
CSSA-2004-002.0
CONECTIVA
CLA-2003:695
MANDRAKE
MDKSA-2003:078
BUGTRAQ
20030116 Re[2]: Local/remote mpg123 exploit
BID
6629
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
cpe:/a:ibm:u2_universe:10.0.0.9
CVE-2003-0578
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:29.253-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root
BUGTRAQ
20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
cpe:/a:ibm:u2_universe:10.0.0.9
CVE-2003-0579
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:30.537-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh
BUGTRAQ
20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.
cpe:/a:ibm:u2_universe:10.0.0.9
CVE-2003-0580
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:31.770-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows
BUGTRAQ
20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument.
cpe:/a:xfstt:xfstt:1.2.1
cpe:/a:xfstt:xfstt:1.4
CVE-2003-0581
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:33.317-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030714 xfstt-1.4 vulnerability
DEBIAN
DSA-360
X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access.
CVE-2003-0582
2003-12-31T00:00:00.000-05:00
2008-09-10T15:19:43.367-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:tolis_group:bru:17.0
CVE-2003-0583
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:34.520-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues
Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument.
cpe:/a:tolis_group:bru:17.0
CVE-2003-0584
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:35.787-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues
Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.
cpe:/a:brooky:estore:1.0.2b
CVE-2003-0585
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:37.083-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030717 eStore SQL Injection Vulnerability & Path Disclosure
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
cpe:/a:brooky:estore:1.0.2b
CVE-2003-0586
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:38.223-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030717 eStore SQL Injection Vulnerability & Path Disclosure
Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php.
cpe:/a:infopop:ultimate_bulletin_board:6
CVE-2003-0587
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:39.270-04:00
6.9
LOCAL
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030716 Changing UBB cookie allows account hijack
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
cpe:/a:digi-fx:digi-news:1.1
CVE-2003-0588
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:40.410-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030716 Digi-news and Digi-ads version 1.1 admin access without password
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
cpe:/a:digi-fx:digi-news:1.1
CVE-2003-0589
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:42.053-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030716 Digi-news and Digi-ads version 1.1 admin access without password
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
cpe:/a:splatt:splatt_forum
CVE-2003-0590
2003-08-18T00:00:00.000-04:00
2016-10-17T22:35:43.287-04:00
7.1
NETWORK
MEDIUM
NONE
NONE
COMPLETE
NONE
http://nvd.nist.gov
BUGTRAQ
20030715 Splatt Forum html injection code in post icon
MISC
http://members.fortunecity.it/lethalman2002/bugs/splatt.html
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
CVE-2003-0591
2003-08-27T00:00:00.000-04:00
2008-09-10T15:19:44.697-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a duplicate number that was created during the refinement phase. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:kde:konqueror:2.1.1
cpe:/a:kde:konqueror:2.2.2
cpe:/a:kde:konqueror:3.0
cpe:/a:kde:konqueror:3.0.1
cpe:/a:kde:konqueror:3.0.2
cpe:/a:kde:konqueror:3.0.3
cpe:/a:kde:konqueror:3.0.5
cpe:/a:kde:konqueror:3.1
cpe:/a:kde:konqueror:3.1.1
cpe:/a:kde:konqueror:3.1.2
cpe:/a:kde:konqueror_embedded:0.1
CVE-2003-0592
2004-04-15T00:00:00.000-04:00
2017-10-10T21:29:11.980-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
FULLDISC
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
DEBIAN
DSA-459
MANDRAKE
MDKSA-2004:022
REDHAT
RHSA-2004:074
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
cpe:/a:opera_software:opera_web_browser:5.0::linux
cpe:/a:opera_software:opera_web_browser:5.0::mac
cpe:/a:opera_software:opera_web_browser:5.0.2::win32
cpe:/a:opera_software:opera_web_browser:5.1.0::win32
cpe:/a:opera_software:opera_web_browser:5.1.1::win32
cpe:/a:opera_software:opera_web_browser:5.12
cpe:/a:opera_software:opera_web_browser:5.12::win32
cpe:/a:opera_software:opera_web_browser:6.0
cpe:/a:opera_software:opera_web_browser:6.0::win32
cpe:/a:opera_software:opera_web_browser:6.0.1
cpe:/a:opera_software:opera_web_browser:6.0.1::linux
cpe:/a:opera_software:opera_web_browser:6.0.1::win32
cpe:/a:opera_software:opera_web_browser:6.0.2::linux
cpe:/a:opera_software:opera_web_browser:6.0.2::win32
cpe:/a:opera_software:opera_web_browser:6.0.3::linux
cpe:/a:opera_software:opera_web_browser:6.0.3::win32
cpe:/a:opera_software:opera_web_browser:6.0.4::win32
cpe:/a:opera_software:opera_web_browser:6.0.5::win32
cpe:/a:opera_software:opera_web_browser:6.0.6
cpe:/a:opera_software:opera_web_browser:6.0.6::win32
cpe:/a:opera_software:opera_web_browser:6.10::linux
cpe:/a:opera_software:opera_web_browser:7.0::win32
cpe:/a:opera_software:opera_web_browser:7.0.1::win32
cpe:/a:opera_software:opera_web_browser:7.0.2::win32
cpe:/a:opera_software:opera_web_browser:7.0.3::win32
cpe:/a:opera_software:opera_web_browser:7.0_beta1::win32
cpe:/a:opera_software:opera_web_browser:7.0_beta2::win32
cpe:/a:opera_software:opera_web_browser:7.10
cpe:/a:opera_software:opera_web_browser:7.11
cpe:/a:opera_software:opera_web_browser:7.11b
cpe:/a:opera_software:opera_web_browser:7.11j
cpe:/a:opera_software:opera_web_browser:7.20
cpe:/a:opera_software:opera_web_browser:7.20_beta1_build2981
cpe:/a:opera_software:opera_web_browser:7.21
cpe:/a:opera_software:opera_web_browser:7.22
cpe:/a:opera_software:opera_web_browser:7.23
CVE-2003-0593
2004-04-15T00:00:00.000-04:00
2008-09-05T16:34:43.907-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
FULLDISC
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
cpe:/a:mozilla:mozilla:1.0
cpe:/a:mozilla:mozilla:1.0:rc1
cpe:/a:mozilla:mozilla:1.0:rc2
cpe:/a:mozilla:mozilla:1.0.1
cpe:/a:mozilla:mozilla:1.0.2
cpe:/a:mozilla:mozilla:1.1
cpe:/a:mozilla:mozilla:1.1:alpha
cpe:/a:mozilla:mozilla:1.1:beta
cpe:/a:mozilla:mozilla:1.2
cpe:/a:mozilla:mozilla:1.2:alpha
cpe:/a:mozilla:mozilla:1.2:beta
cpe:/a:mozilla:mozilla:1.2.1
cpe:/a:mozilla:mozilla:1.3
cpe:/a:mozilla:mozilla:1.3.1
cpe:/a:mozilla:mozilla:1.4
cpe:/a:mozilla:mozilla:1.4.1
cpe:/a:mozilla:mozilla:1.4.2
CVE-2003-0594
2004-04-15T00:00:00.000-04:00
2017-10-10T21:29:12.057-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
FULLDISC
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
MANDRAKE
MDKSA-2004:021
REDHAT
RHSA-2004:112
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
cpe:/a:witango:tango_server:2000
cpe:/a:witango:witango_server:5.0.1.061
CVE-2003-0595
2003-08-27T00:00:00.000-04:00
2008-09-10T15:19:45.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030718 Witango & Tango 2000 Application Server Remote System Buffer Overrun
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
cpe:/a:fdclone:fdclone:2.00a
CVE-2003-0596
2003-08-27T00:00:00.000-04:00
2016-12-07T21:59:24.800-05:00
3.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219
DEBIAN
DSA-352
FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time.
cpe:/o:sco:openserver:5.0.6
cpe:/o:sco:openserver:5.0.7
CVE-2003-0597
2003-08-27T00:00:00.000-04:00
2016-10-17T22:35:45.630-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SCO
CSSA-2003-SCO-11
Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.
CVE-2003-0598
2003-08-27T00:00:00.000-04:00
2008-09-10T15:19:46.477-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:phpgroupware:phpgroupware:0.9.14.004
cpe:/a:phpgroupware:phpgroupware:0.9.16prerc
CVE-2003-0599
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:44.893-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://mail.gnu.org/archive/html/phpgroupware-users/2003-07/msg00035.html
DEBIAN
DSA-365
CONFIRM
http://www.phpgroupware.org
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
CVE-2003-0601
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:33.760-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=25631
BID
8266
XF
macos-workgroup-gain-access(12728)
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.16.2
cpe:/a:mozilla:bugzilla:2.17
cpe:/a:mozilla:bugzilla:2.17.1
cpe:/a:mozilla:bugzilla:2.17.3
CVE-2003-0602
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:45.220-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:653
CONFIRM
http://www.bugzilla.org/security/2.16.2/
BID
6861
BID
6868
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
cpe:/a:mozilla:bugzilla:2.10
cpe:/a:mozilla:bugzilla:2.12
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.14.5
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.16.2
cpe:/a:mozilla:bugzilla:2.17
cpe:/a:mozilla:bugzilla:2.17.1
cpe:/a:mozilla:bugzilla:2.17.3
CVE-2003-0603
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:45.377-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONECTIVA
CLA-2003:653
CONFIRM
http://www.bugzilla.org/security/2.16.2/
BID
7412
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
cpe:/a:microsoft:windows_media_player:7
cpe:/a:microsoft:windows_media_player:8
CVE-2003-0604
2003-08-27T00:00:00.000-04:00
2018-08-13T17:47:19.353-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
BUGTRAQ
20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
NTBUGTRAQ
20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
NTBUGTRAQ
20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
MISC
http://www.malware.com/once.again!.html
MISC
http://www.pivx.com/larholm/unpatched/
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
CVE-2003-0605
2003-08-27T00:00:00.000-04:00
2019-04-30T10:27:13.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030721 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability
BUGTRAQ
20030720 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability
CERT
CA-2003-19
CERT
CA-2003-23
CERT-VN
VU#326746
MS
MS03-039
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
cpe:/a:cvsup:cvsup-mirror:1.2
cpe:/a:sup:sup:1.8
CVE-2003-0606
2003-08-27T00:00:00.000-04:00
2008-09-10T15:19:49.307-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-353
sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
cpe:/a:stanley_t._shebs:xconq:7.4.1
CVE-2003-0607
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:33.823-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-354
BID
8307
XF
xconq-user-display-bo(12765)
Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the (1) USER or (2) DISPLAY environment variables.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0609
2003-08-27T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030729 Solaris ld.so.1 buffer overflow
SUNALERT
55680
IDEFENSE
20030729 Buffer Overflow in Sun Solaris Runtime Linker
XF
sun-ldso1-ldpreload-bo(12755)
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
cpe:/a:mcafee:epolicy_orchestrator:3.0
CVE-2003-0610
2003-08-27T00:00:00.000-04:00
2008-09-10T15:19:49.523-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
cpe:/a:xtokkaetama:xtokkaetama:1.0_b6
CVE-2003-0611
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:46.563-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-356
BID
8312
Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable.
cpe:/a:robert_hyatt:crafty:19.3
CVE-2003-0612
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:33.947-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203541
CONFIRM
http://packages.debian.org/changelogs/pool/non-free/c/crafty/crafty_19.15-1/changelog.txt
SECTRACK
1009393
SECTRACK
1009398
BUGTRAQ
20040315 Crafty Game Stack Overflow & Exploit
BID
9893
XF
crafty-long-argument-bo(13017)
XF
crafty-command-line-bo(15501)
Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin.
cpe:/a:zblast:zblast:1.2.1
CVE-2003-0613
2003-08-27T00:00:00.000-04:00
2008-09-10T15:19:51.070-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-369
Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file.
cpe:/a:gallery_project:gallery:1.1
cpe:/a:gallery_project:gallery:1.2
cpe:/a:gallery_project:gallery:1.2.1
cpe:/a:gallery_project:gallery:1.2.1_p1
cpe:/a:gallery_project:gallery:1.2.2
cpe:/a:gallery_project:gallery:1.2.3
cpe:/a:gallery_project:gallery:1.2.4
cpe:/a:gallery_project:gallery:1.2.5
cpe:/a:gallery_project:gallery:1.3
cpe:/a:gallery_project:gallery:1.3.1
cpe:/a:gallery_project:gallery:1.3.2
cpe:/a:gallery_project:gallery:1.3.3
cpe:/a:gallery_project:gallery:1.3.4
CVE-2003-0614
2003-08-27T00:00:00.000-04:00
2018-10-19T11:29:36.510-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
BUGTRAQ
20030902 GLSA: gallery (200309-06)
DEBIAN
DSA-355
BUGTRAQ
20030727 Gallery XSS security advisory (with fix and patch instructions)
BUGTRAQ
20040101 Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
cpe:/a:cgi.pm:cgi.pm:2.73
cpe:/a:cgi.pm:cgi.pm:2.74
cpe:/a:cgi.pm:cgi.pm:2.75
cpe:/a:cgi.pm:cgi.pm:2.76
cpe:/a:cgi.pm:cgi.pm:2.78
cpe:/a:cgi.pm:cgi.pm:2.79
cpe:/a:cgi.pm:cgi.pm:2.93
cpe:/a:cgi.pm:cgi.pm:2.751
cpe:/a:cgi.pm:cgi.pm:2.753
cpe:/a:openpkg:openpkg:1.2
cpe:/a:openpkg:openpkg:1.3
cpe:/a:openpkg:openpkg:current
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/o:debian:debian_linux:3.0::sparc
CVE-2003-0615
2003-08-27T00:00:00.000-04:00
2018-05-02T21:29:21.507-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONECTIVA
CLA-2003:713
BUGTRAQ
20030720 CGI.pm vulnerable to Cross-site Scripting
BUGTRAQ
20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)
FULLDISC
20030720 CGI.pm vulnerable to Cross-site Scripting.
SECTRACK
1007234
SUNALERT
101426
CIAC
N-155
DEBIAN
DSA-371
CERT-VN
VU#246409
REDHAT
RHSA-2003:256
BID
8231
MANDRAKE
MDKSA-2003:084
XF
cgi-startform-xss(12669)
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
cpe:/a:mcafee:epolicy_orchestrator:2.0
cpe:/a:mcafee:epolicy_orchestrator:2.5
cpe:/a:mcafee:epolicy_orchestrator:2.5:sp1
cpe:/a:mcafee:epolicy_orchestrator:2.5.1
CVE-2003-0616
2003-08-27T00:00:00.000-04:00
2013-07-23T01:04:36.740-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
ATSTAKE
A073103-1
CONFIRM
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
cpe:/a:hugo_rabson:mindi:0.58_r5
CVE-2003-0617
2003-08-27T00:00:00.000-04:00
2016-10-17T22:35:53.117-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030902 GLSA: mindi (200309-05)
DEBIAN
DSA-362
mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
cpe:/a:perl:suidperl
cpe:/o:debian:debian_linux:3.0
CVE-2003-0618
2004-05-04T00:00:00.000-04:00
2017-07-10T21:29:34.087-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426
DEBIAN
DSA-431
BID
9543
XF
suidperl-obtain-information(15012)
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.
cpe:/o:linux:linux_kernel:2.4.21
CVE-2003-0619
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:12.277-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine.
DEBIAN
DSA-358
REDHAT
RHSA-2003:198
REDHAT
RHSA-2003:239
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.
cpe:/a:andries_brouwer:man:2.3.18
cpe:/a:andries_brouwer:man:2.3.19
cpe:/a:andries_brouwer:man:2.3.20
cpe:/a:andries_brouwer:man:2.4
cpe:/a:andries_brouwer:man:2.4.1
CVE-2003-0620
2003-08-27T00:00:00.000-04:00
2016-10-17T22:35:55.430-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030729 man-db[] multiple(4) vulnerabilities.
BUGTRAQ
20030730 Re: man-db[] multiple(4) vulnerabilities.
DEBIAN
DSA-364
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
cpe:/a:bea:tuxedo:6.3
cpe:/a:bea:tuxedo:6.4
cpe:/a:bea:tuxedo:6.5
cpe:/a:bea:tuxedo:7.1
cpe:/a:bea:tuxedo:8.0
cpe:/a:bea:tuxedo:8.1
cpe:/a:bea:weblogic_server:4.2::enterprise
cpe:/a:bea:weblogic_server:5.0.1::enterprise
cpe:/a:bea:weblogic_server:5.1::enterprise
CVE-2003-0621
2003-12-01T00:00:00.000-05:00
2017-07-10T21:29:34.133-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
BUGTRAQ
20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
BID
8931
XF
bea-tuxedo-file-disclosure(13559)
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
cpe:/a:bea:tuxedo:6.3
cpe:/a:bea:tuxedo:6.4
cpe:/a:bea:tuxedo:6.5
cpe:/a:bea:tuxedo:7.1
cpe:/a:bea:tuxedo:8.0
cpe:/a:bea:tuxedo:8.1
cpe:/a:bea:weblogic_server:4.2::enterprise
cpe:/a:bea:weblogic_server:5.0.1::enterprise
cpe:/a:bea:weblogic_server:5.1::enterprise
CVE-2003-0622
2003-12-01T00:00:00.000-05:00
2017-07-10T21:29:34.197-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
BUGTRAQ
20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
BID
8931
XF
bea-tuxedo-device-dos(13560)
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
cpe:/a:bea:tuxedo:6.3
cpe:/a:bea:tuxedo:6.4
cpe:/a:bea:tuxedo:6.5
cpe:/a:bea:tuxedo:7.1
cpe:/a:bea:tuxedo:8.0
cpe:/a:bea:tuxedo:8.1
cpe:/a:bea:weblogic_server:4.2::enterprise
cpe:/a:bea:weblogic_server:5.0.1::enterprise
cpe:/a:bea:weblogic_server:5.1::enterprise
CVE-2003-0623
2003-12-01T00:00:00.000-05:00
2017-07-10T21:29:34.243-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
BUGTRAQ
20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
BID
8931
XF
bea-tuxedo-filename-xss(13561)
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
cpe:/a:bea:weblogic_server:3.1.8
cpe:/a:bea:weblogic_server:8.1
CVE-2003-0624
2003-12-01T00:00:00.000-05:00
2017-07-10T21:29:34.307-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
MISC
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
BUGTRAQ
20031031 Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue
BID
8938
XF
bea-weblogic-interactivequery-xss(13568)
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.
cpe:/a:xfstt:xfstt:1.2.1
cpe:/a:xfstt:xfstt:1.4
CVE-2003-0625
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:02.540-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://developer.berlios.de/forum/forum.php?forum_id=2819
BUGTRAQ
20030727 [PAPER]: Address relay fingerprinting.
DEBIAN
DSA-360
BID
8255
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
cpe:/a:peoplesoft:peopletools:8.4
cpe:/a:peoplesoft:peopletools:8.10
cpe:/a:peoplesoft:peopletools:8.11
cpe:/a:peoplesoft:peopletools:8.12
cpe:/a:peoplesoft:peopletools:8.13
cpe:/a:peoplesoft:peopletools:8.14
cpe:/a:peoplesoft:peopletools:8.15
cpe:/a:peoplesoft:peopletools:8.16
cpe:/a:peoplesoft:peopletools:8.17
cpe:/a:peoplesoft:peopletools:8.18
cpe:/a:peoplesoft:peopletools:8.19
cpe:/a:peoplesoft:peopletools:8.20
cpe:/a:peoplesoft:peopletools:8.40
cpe:/a:peoplesoft:peopletools:8.41
cpe:/a:peoplesoft:peopletools:8.42
cpe:/a:peoplesoft:peopletools:8.43
CVE-2003-0626
2003-11-13T00:00:00.000-05:00
2017-07-10T21:29:34.367-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
VULNWATCH
20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
FULLDISC
20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
AUSCERT
ESB-2003.0786
BID
9037
XF
peoplesoft-searchcgi-directory-traversal(13754)
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments.
cpe:/a:peoplesoft:peopletools:8.40
cpe:/a:peoplesoft:peopletools:8.41
cpe:/a:peoplesoft:peopletools:8.42
cpe:/a:peoplesoft:peopletools:8.43
CVE-2003-0627
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:34.430-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
FULLDISC
20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
BID
9038
XF
peoplesoft-searchcgi-directory-traversal(13754)
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.
cpe:/a:peoplesoft:peopletools:8.4
cpe:/a:peoplesoft:peopletools:8.10
cpe:/a:peoplesoft:peopletools:8.11
cpe:/a:peoplesoft:peopletools:8.12
cpe:/a:peoplesoft:peopletools:8.13
cpe:/a:peoplesoft:peopletools:8.14
cpe:/a:peoplesoft:peopletools:8.15
cpe:/a:peoplesoft:peopletools:8.16
cpe:/a:peoplesoft:peopletools:8.17
cpe:/a:peoplesoft:peopletools:8.18
cpe:/a:peoplesoft:peopletools:8.19
cpe:/a:peoplesoft:peopletools:8.20
cpe:/a:peoplesoft:peopletools:8.40
cpe:/a:peoplesoft:peopletools:8.41
cpe:/a:peoplesoft:peopletools:8.42
cpe:/a:peoplesoft:peopletools:8.43
CVE-2003-0628
2003-12-15T00:00:00.000-05:00
2016-10-17T22:36:03.820-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.
cpe:/a:peoplesoft:peopletools:8.4
cpe:/a:peoplesoft:peopletools:8.10
cpe:/a:peoplesoft:peopletools:8.11
cpe:/a:peoplesoft:peopletools:8.12
cpe:/a:peoplesoft:peopletools:8.13
cpe:/a:peoplesoft:peopletools:8.14
cpe:/a:peoplesoft:peopletools:8.15
cpe:/a:peoplesoft:peopletools:8.16
cpe:/a:peoplesoft:peopletools:8.17
cpe:/a:peoplesoft:peopletools:8.18
cpe:/a:peoplesoft:peopletools:8.19
cpe:/a:peoplesoft:peopletools:8.20
cpe:/a:peoplesoft:peopletools:8.40
cpe:/a:peoplesoft:peopletools:8.41
cpe:/a:peoplesoft:peopletools:8.42
cpe:/a:peoplesoft:peopletools:8.43
CVE-2003-0629
2003-12-15T00:00:00.000-05:00
2016-10-17T22:36:04.900-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript.
cpe:/o:atari800:atari800:1.0.1
cpe:/o:atari800:atari800:1.0.2
cpe:/o:atari800:atari800:1.0.3
cpe:/o:atari800:atari800:1.0.4
cpe:/o:atari800:atari800:1.0.5
cpe:/o:atari800:atari800:1.0.6
cpe:/o:atari800:atari800:1.0.7
cpe:/o:atari800:atari800:1.2
cpe:/o:atari800:atari800:1.2.1
cpe:/o:atari800:atari800:1.2.1_pre0
cpe:/o:atari800:atari800:1.2.2
CVE-2003-0630
2003-10-20T00:00:00.000-04:00
2016-10-17T22:36:06.197-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030902 GLSA: atari800 (200309-07)
DEBIAN
DSA-359
Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument.
cpe:/a:vmware:gsx_server:2.5.1
cpe:/a:vmware:workstation:4.0
CVE-2003-0631
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:07.430-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030723 VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems)
CONFIRM
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
cpe:/a:oracle:applications:10.7
cpe:/a:oracle:applications:11.0
cpe:/a:oracle:e-business_suite:11.1
cpe:/a:oracle:e-business_suite:11.2
cpe:/a:oracle:e-business_suite:11.3
cpe:/a:oracle:e-business_suite:11.4
cpe:/a:oracle:e-business_suite:11.5
cpe:/a:oracle:e-business_suite:11.6
cpe:/a:oracle:e-business_suite:11.7
cpe:/a:oracle:e-business_suite:11.8
CVE-2003-0632
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:09.103-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
cpe:/a:oracle:applications:10.7
cpe:/a:oracle:applications:11.0
cpe:/a:oracle:e-business_suite:11.1
cpe:/a:oracle:e-business_suite:11.2
cpe:/a:oracle:e-business_suite:11.3
cpe:/a:oracle:e-business_suite:11.4
cpe:/a:oracle:e-business_suite:11.5
cpe:/a:oracle:e-business_suite:11.6
cpe:/a:oracle:e-business_suite:11.7
cpe:/a:oracle:e-business_suite:11.8
CVE-2003-0633
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:10.243-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030724 Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf
BID
8268
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key.
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.0.2
cpe:/a:oracle:oracle8i:enterprise_8.1.5_.1.0
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.6_.1.0
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.0.0
cpe:/a:oracle:oracle8i:enterprise_8.1.7_.1.0
cpe:/a:oracle:oracle8i:standard_8.1.5
cpe:/a:oracle:oracle8i:standard_8.1.6
cpe:/a:oracle:oracle8i:standard_8.1.7
cpe:/a:oracle:oracle8i:standard_8.1.7_.0.0
cpe:/a:oracle:oracle8i:standard_8.1.7_.1
cpe:/a:oracle:oracle8i:standard_8.1.7_.4
cpe:/a:oracle:oracle9i:client_9.2.0.1
cpe:/a:oracle:oracle9i:client_9.2.0.2
cpe:/a:oracle:oracle9i:enterprise_9.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0.2
cpe:/a:oracle:oracle9i:personal_9.0.1
cpe:/a:oracle:oracle9i:personal_9.2.0.1
cpe:/a:oracle:oracle9i:personal_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.0
cpe:/a:oracle:oracle9i:standard_9.0.1
cpe:/a:oracle:oracle9i:standard_9.0.1.2
cpe:/a:oracle:oracle9i:standard_9.0.1.3
cpe:/a:oracle:oracle9i:standard_9.0.1.4
cpe:/a:oracle:oracle9i:standard_9.0.2
cpe:/a:oracle:oracle9i:standard_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.2.0.2
CVE-2003-0634
2003-08-27T00:00:00.000-04:00
2017-07-10T21:29:34.510-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030912 Update to the Oracle EXTPROC advisory
BUGTRAQ
20030725 Oracle Extproc Buffer Overflow (#NISR25072003)
BUGTRAQ
20030725 question about oracle advisory
NTBUGTRAQ
20030725 Oracle Extproc Buffer Overflow (#NISR25072003)
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf
CERT-VN
VU#936868
BID
8267
XF
oracle-extproc-bo(12721)
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
cpe:/a:novell:ichain:2.2
CVE-2003-0635
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:12.730-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a
CONFIRM
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.
cpe:/a:novell:ichain:2.2
CVE-2003-0636
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:50.797-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
cpe:/a:novell:ichain:2.2
CVE-2003-0637
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:50.953-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
cpe:/a:novell:ichain:2.1
cpe:/a:novell:ichain:2.1:sp1
cpe:/a:novell:ichain:2.1:sp2
CVE-2003-0638
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:14.010-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030606 NOVL-2003-2966207 - iChain 2.1 Field Patch 3
BUGTRAQ
20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a
CONFIRM
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."
cpe:/a:novell:ichain:2.1
cpe:/a:novell:ichain:2.1:sp1
cpe:/a:novell:ichain:2.1:sp2
CVE-2003-0639
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:15.167-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a
CONFIRM
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.
cpe:/a:bea:weblogic_server
cpe:/a:bea:weblogic_server:::express
CVE-2003-0640
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:51.407-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
cpe:/a:watchguard:serverlock:2.0
cpe:/a:watchguard:serverlock:2.0.1
cpe:/a:watchguard:serverlock:2.0.2
CVE-2003-0641
2003-08-27T00:00:00.000-04:00
2017-07-10T21:29:34.573-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030717 Bypassing ServerLock protection on Windows 2000
BID
8222
XF
serverlock-openprocess-load-module(12665)
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess.
cpe:/a:watchguard:serverlock:2.0
cpe:/a:watchguard:serverlock:2.0.1
cpe:/a:watchguard:serverlock:2.0.2
cpe:/a:watchguard:serverlock:2.0.3
CVE-2003-0642
2003-08-27T00:00:00.000-04:00
2017-07-10T21:29:34.617-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030717 Bypassing ServerLock protection on Windows 2000
BID
8223
XF
serverlock-physicalmemory-symlink(12666)
WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory.
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:linux:linux_kernel:2.4.3:pre3
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.4.18:pre1
cpe:/o:linux:linux_kernel:2.4.18:pre2
cpe:/o:linux:linux_kernel:2.4.18:pre3
cpe:/o:linux:linux_kernel:2.4.18:pre4
cpe:/o:linux:linux_kernel:2.4.18:pre5
cpe:/o:linux:linux_kernel:2.4.18:pre6
cpe:/o:linux:linux_kernel:2.4.18:pre7
cpe:/o:linux:linux_kernel:2.4.18:pre8
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:linux:linux_kernel:2.4.19:pre1
cpe:/o:linux:linux_kernel:2.4.19:pre2
cpe:/o:linux:linux_kernel:2.4.19:pre3
cpe:/o:linux:linux_kernel:2.4.19:pre4
cpe:/o:linux:linux_kernel:2.4.19:pre5
cpe:/o:linux:linux_kernel:2.4.19:pre6
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:linux:linux_kernel:2.4.21
cpe:/o:linux:linux_kernel:2.4.21:pre1
cpe:/o:linux:linux_kernel:2.4.21:pre4
cpe:/o:linux:linux_kernel:2.4.21:pre7
cpe:/o:linux:linux_kernel:2.4.22:pre10
CVE-2003-0643
2003-07-25T00:00:00.000-04:00
2008-09-10T15:20:01.853-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-24T15:15:00.000-04:00
CONFIRM
http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog
MISC
http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml
MISC
http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch
CONFIRM
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).
cpe:/a:johannes_sixt:kdbg:1.1.0
cpe:/a:johannes_sixt:kdbg:1.1.1
cpe:/a:johannes_sixt:kdbg:1.1.2
cpe:/a:johannes_sixt:kdbg:1.1.3
cpe:/a:johannes_sixt:kdbg:1.1.4
cpe:/a:johannes_sixt:kdbg:1.1.5
cpe:/a:johannes_sixt:kdbg:1.1.6
cpe:/a:johannes_sixt:kdbg:1.1.7
cpe:/a:johannes_sixt:kdbg:1.2.0
cpe:/a:johannes_sixt:kdbg:1.2.1
cpe:/a:johannes_sixt:kdbg:1.2.2
cpe:/a:johannes_sixt:kdbg:1.2.3
cpe:/a:johannes_sixt:kdbg:1.2.4
cpe:/a:johannes_sixt:kdbg:1.2.5
cpe:/a:johannes_sixt:kdbg:1.2.6
cpe:/a:johannes_sixt:kdbg:1.2.7
cpe:/a:johannes_sixt:kdbg:1.2.8
CVE-2003-0644
2003-09-07T00:00:00.000-04:00
2008-09-05T16:34:52.127-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2005-05-24T15:07:00.000-04:00
ALLOWS_USER_ACCESS
MLIST
[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)
CONFIRM
http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2
REDHAT
RHSA-2005:416
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.
cpe:/a:andries_brouwer:man:2.3.20
cpe:/a:andries_brouwer:man:2.4.1
CVE-2003-0645
2003-08-27T00:00:00.000-04:00
2017-07-10T21:29:34.667-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030806 man-db[v2.4.1-]: open_cat_stream() privileged call exploit.
DEBIAN
DSA-364
BID
8352
XF
mandb-opencatstream-gain-privileges(12848)
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
cpe:/a:trend_micro:damage_cleanup_server:1.0
cpe:/a:trend_micro:housecall:5.5
cpe:/a:trend_micro:housecall:5.7
CVE-2003-0646
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:02.570-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274
FULLDISC
20030711 Trend Micro ActiveX Multiple Overflows
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings.
cpe:/o:cisco:ios:12.2
CVE-2003-0647
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:02.633-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CISCO
20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software
CERT-VN
VU#579324
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
cpe:/a:fte:fte_text_editor
cpe:/o:debian:debian_linux:3.0
CVE-2003-0648
2004-05-04T00:00:00.000-04:00
2017-07-10T21:29:34.727-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SECTRACK
1009655
SECTRACK
1009656
DEBIAN
DSA-472
CERT-VN
VU#354838
CERT-VN
VU#900964
BID
10041
XF
ftetexteditor-vfte-bo(15726)
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
cpe:/a:xpcd:xpcd:2.08
CVE-2003-0649
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:02.790-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-368
MANDRAKE
MDKSA-2004:053
Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
cpe:/a:gamespy:arcade:1.3e
CVE-2003-0650
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:20.433-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030730 GameSpy Arcade Arbitrary File Writing Vulnerability
BUGTRAQ
20030730 GameSpy Arcade Arbitrary File Writing Vulnerability
MISC
http://www.gamespyarcade.com/features/versions.shtml
BID
8309
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.
cpe:/a:mod_mylo:mod_mylo:0.1
cpe:/a:mod_mylo:mod_mylo:2.0
cpe:/a:mod_mylo:mod_mylo:2.1
CVE-2003-0651
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:53.237-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030728 Remotely exploitable overflow in mod_mylo for Apache
BID
8287
Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
cpe:/a:xtokkaetama:xtokkaetama:1.0_b6
CVE-2003-0652
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:21.653-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030803 xtokkaetama[v1.0b+]: (missed) buffer overflow exploit.
DEBIAN
DSA-367
Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611.
cpe:/o:netbsd:netbsd:1.5
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.6
cpe:/o:netbsd:netbsd:1.6.1
CVE-2003-0653
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:03.493-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
NETBSD
NetBSD-SA2003-010
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
cpe:/a:autorespond:autorespond:2.0.2
CVE-2003-0654
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:03.557-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-373
Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
cpe:/a:cdrtools:cdrtools:2.0
cpe:/a:cdrtools:cdrtools:2.0.3
CVE-2003-0655
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:23.107-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030801 SRT2003-08-01-0126 - cdrtools local root exploit
MISC
http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt
rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges.
cpe:/a:eroaster:eroaster:2.0.0
cpe:/a:eroaster:eroaster:2.1.0
cpe:/a:eroaster:eroaster:2.2.0
CVE-2003-0656
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:24.340-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030902 GLSA: eroaster (200309-04)
DEBIAN
DSA-366
MANDRAKE
MDKSA-2003:083
eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.
cpe:/a:phpgroupware:phpgroupware:0.9.14
CVE-2003-0657
2003-08-27T00:00:00.000-04:00
2008-09-05T16:34:54.173-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-365
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
cpe:/a:caldera:openlinux_server:3.1.1
cpe:/a:caldera:openlinux_workstation:3.1.1
cpe:/a:caldera:openserver:5.0.7
cpe:/o:sco:unixware:7.1.3
CVE-2003-0658
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:03.867-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::embedded
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:embedded
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0659
2003-11-17T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031016 Listbox And Combobox Control Buffer Overflow
NTBUGTRAQ
20031016 Listbox And Combobox Control Buffer Overflow
CERT
CA-2003-27
CERT-VN
VU#967668
BID
8827
MS
MS03-045
XF
win-user32-control-bo(13424)
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::embedded
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:embedded
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0660
2003-11-17T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CERT
CA-2003-27
CERT-VN
VU#838572
BID
8830
MS
MS03-041
XF
win-authenticode-code-execution(13422)
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0661
2003-10-20T00:00:00.000-04:00
2019-04-30T10:27:13.913-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CERT-VN
VU#989932
MS
MS03-034
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
CVE-2003-0662
2003-11-17T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow
FULLDISC
20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow
NTBUGTRAQ
20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow
CERT
CA-2003-27
CERT-VN
VU#989932
BID
8833
MS
MS03-042
XF
win2k-local-troubleshooter-bo(13423)
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
cpe:/o:microsoft:windows_2000
CVE-2003-0663
2004-06-01T00:00:00.000-04:00
2018-10-12T17:32:56.647-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CIAC
O-114
CERT-VN
VU#639428
BID
10114
CERT
TA04-104A
MS
MS04-011
XF
win2k-lsass-ldap-dos(15700)
Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
cpe:/a:microsoft:word:97
cpe:/a:microsoft:word:97:sr1
cpe:/a:microsoft:word:97:sr2
cpe:/a:microsoft:word:98
cpe:/a:microsoft:word:98:::ja
cpe:/a:microsoft:word:2000
cpe:/a:microsoft:word:2000:sp2
cpe:/a:microsoft:word:2000:sp3
cpe:/a:microsoft:word:2000:sr1
cpe:/a:microsoft:word:2000:sr1a
cpe:/a:microsoft:word:2002
cpe:/a:microsoft:word:2002:sp1
cpe:/a:microsoft:word:2002:sp2
cpe:/a:microsoft:works:2001
cpe:/a:microsoft:works:2002
cpe:/a:microsoft:works:2003
CVE-2003-0664
2003-10-20T00:00:00.000-04:00
2018-10-12T17:32:57.320-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MS
MS03-035
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
cpe:/a:microsoft:access:97
cpe:/a:microsoft:access:2000
cpe:/a:microsoft:access:2000:sp1
cpe:/a:microsoft:access:2000:sp2
cpe:/a:microsoft:access:2000:sp3
cpe:/a:microsoft:access:2002
cpe:/a:microsoft:access:2002:sp1
cpe:/a:microsoft:access:2002:sp2
CVE-2003-0665
2003-10-20T00:00:00.000-04:00
2018-10-12T17:32:57.587-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT-VN
VU#992132
BID
8536
MS
MS03-038
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
cpe:/a:microsoft:wordperfect_converter
CVE-2003-0666
2003-10-20T00:00:00.000-04:00
2018-10-12T17:32:57.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow
BUGTRAQ
20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow
BUGTRAQ
20030905 Microsoft WordPerfect Document Converter Exploit
MS
MS03-036
Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0669
2003-08-27T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
1.2
LOCAL
HIGH
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
47353
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
cpe:/a:sustainable_softworks:ipnetmonitorx
cpe:/a:sustainable_softworks:ipnetsentryx
CVE-2003-0670
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:05.617-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ATSTAKE
A080703-1
Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow.
cpe:/a:jeremy_elson:tcpflow:0.10
cpe:/a:jeremy_elson:tcpflow:0.11
cpe:/a:jeremy_elson:tcpflow:0.12
cpe:/a:jeremy_elson:tcpflow:0.20
CVE-2003-0671
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:05.743-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
ATSTAKE
A080703-1
ATSTAKE
A080703-2
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
cpe:/a:leon_j_breedt:pam-pgsql:0.5.1
cpe:/a:leon_j_breedt:pam-pgsql:0.5.2
CVE-2003-0672
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:05.853-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-370
Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
cpe:/a:sun:iplanet_directory_server:5.0
cpe:/a:sun:iplanet_directory_server:5.1
cpe:/a:sun:iplanet_directory_server:5.1:sp1
cpe:/a:sun:iplanet_directory_server:5.1:sp2
cpe:/a:sun:one_directory_server:5.0
cpe:/a:sun:one_directory_server:5.0:sp1
cpe:/a:sun:one_directory_server:5.0_sp2
cpe:/a:sun:one_directory_server:5.1
cpe:/a:sun:one_directory_server:5.1:sp1
cpe:/a:sun:one_directory_server:5.1:sp2
CVE-2003-0676
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:28.903-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030808 Directory Traversal in Sun iPlanet Administration Server 5.1
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
cpe:/a:cisco:webns:5.0_0.038s
CVE-2003-0677
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:06.057-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
VULNWATCH
20030807 Cisco CSS 11000 Series DoS
BUGTRAQ
20030808 Re: [VulnWatch] Cisco CSS 11000 Series DoS
BUGTRAQ
20030807 Cisco CSS 11000 Series DoS
Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure."
CVE-2003-0678
2017-05-11T10:29:00.963-04:00
2017-05-11T10:29:00.963-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/o:sgi:irix:6.5.21f
CVE-2003-0679
2003-08-27T00:00:00.000-04:00
2008-09-10T15:20:06.117-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SGI
20030802-01-P
Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files.
cpe:/o:sgi:irix:6.5.21
cpe:/o:sgi:irix:6.5.21f
cpe:/o:sgi:irix:6.5.21m
CVE-2003-0680
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:06.197-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
SGI
20030901-01-P
Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions.
cpe:/a:sendmail:advanced_message_server:1.2
cpe:/a:sendmail:advanced_message_server:1.3
cpe:/a:sendmail:sendmail:2.6
cpe:/a:sendmail:sendmail:2.6.1
cpe:/a:sendmail:sendmail:2.6.2
cpe:/a:sendmail:sendmail:3.0
cpe:/a:sendmail:sendmail:3.0.1
cpe:/a:sendmail:sendmail:3.0.2
cpe:/a:sendmail:sendmail:3.0.3
cpe:/a:sendmail:sendmail:8.8.8
cpe:/a:sendmail:sendmail:8.9.0
cpe:/a:sendmail:sendmail:8.9.1
cpe:/a:sendmail:sendmail:8.9.2
cpe:/a:sendmail:sendmail:8.9.3
cpe:/a:sendmail:sendmail:8.10
cpe:/a:sendmail:sendmail:8.10.1
cpe:/a:sendmail:sendmail:8.10.2
cpe:/a:sendmail:sendmail:8.11.0
cpe:/a:sendmail:sendmail:8.11.1
cpe:/a:sendmail:sendmail:8.11.2
cpe:/a:sendmail:sendmail:8.11.3
cpe:/a:sendmail:sendmail:8.11.4
cpe:/a:sendmail:sendmail:8.11.5
cpe:/a:sendmail:sendmail:8.11.6
cpe:/a:sendmail:sendmail:8.12:beta10
cpe:/a:sendmail:sendmail:8.12:beta12
cpe:/a:sendmail:sendmail:8.12:beta16
cpe:/a:sendmail:sendmail:8.12:beta5
cpe:/a:sendmail:sendmail:8.12:beta7
cpe:/a:sendmail:sendmail:8.12.0
cpe:/a:sendmail:sendmail:8.12.1
cpe:/a:sendmail:sendmail:8.12.2
cpe:/a:sendmail:sendmail:8.12.3
cpe:/a:sendmail:sendmail:8.12.4
cpe:/a:sendmail:sendmail:8.12.5
cpe:/a:sendmail:sendmail:8.12.6
cpe:/a:sendmail:sendmail:8.12.7
cpe:/a:sendmail:sendmail:8.12.8
cpe:/a:sendmail:sendmail:8.12.9
cpe:/a:sendmail:sendmail_pro:8.9.2
cpe:/a:sendmail:sendmail_pro:8.9.3
cpe:/a:sendmail:sendmail_switch:2.1
cpe:/a:sendmail:sendmail_switch:2.1.1
cpe:/a:sendmail:sendmail_switch:2.1.2
cpe:/a:sendmail:sendmail_switch:2.1.3
cpe:/a:sendmail:sendmail_switch:2.1.4
cpe:/a:sendmail:sendmail_switch:2.1.5
cpe:/a:sendmail:sendmail_switch:2.2
cpe:/a:sendmail:sendmail_switch:2.2.1
cpe:/a:sendmail:sendmail_switch:2.2.2
cpe:/a:sendmail:sendmail_switch:2.2.3
cpe:/a:sendmail:sendmail_switch:2.2.4
cpe:/a:sendmail:sendmail_switch:2.2.5
cpe:/a:sendmail:sendmail_switch:3.0
cpe:/a:sendmail:sendmail_switch:3.0.1
cpe:/a:sendmail:sendmail_switch:3.0.2
cpe:/a:sendmail:sendmail_switch:3.0.3
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
cpe:/o:gentoo:linux:0.5
cpe:/o:gentoo:linux:0.7
cpe:/o:gentoo:linux:1.1a
cpe:/o:gentoo:linux:1.2
cpe:/o:gentoo:linux:1.4:rc1
cpe:/o:gentoo:linux:1.4:rc2
cpe:/o:gentoo:linux:1.4:rc3
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.0.4
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.22
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
cpe:/o:netbsd:netbsd:1.4.3
cpe:/o:netbsd:netbsd:1.5
cpe:/o:netbsd:netbsd:1.5::sh3
cpe:/o:netbsd:netbsd:1.5::x86
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.6
cpe:/o:netbsd:netbsd:1.6:beta
cpe:/o:netbsd:netbsd:1.6.1
cpe:/o:openbsd:openbsd:3.2
cpe:/o:openbsd:openbsd:3.3
cpe:/o:turbolinux:turbolinux_advanced_server:6.0
cpe:/o:turbolinux:turbolinux_server:6.1
cpe:/o:turbolinux:turbolinux_server:6.5
cpe:/o:turbolinux:turbolinux_server:7.0
cpe:/o:turbolinux:turbolinux_server:8.0
cpe:/o:turbolinux:turbolinux_workstation:6.0
cpe:/o:turbolinux:turbolinux_workstation:7.0
cpe:/o:turbolinux:turbolinux_workstation:8.0
CVE-2003-0681
2003-10-06T00:00:00.000-04:00
2018-05-02T21:29:21.663-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:742
BUGTRAQ
20030917 GLSA: sendmail (200309-13)
BUGTRAQ
20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
DEBIAN
DSA-384
CERT-VN
VU#108964
MANDRAKE
MDKSA-2003:092
REDHAT
RHSA-2003:283
BID
8649
CONFIRM
http://www.sendmail.org/8.12.10.html
XF
sendmail-ruleset-parsing-bo(13216)
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
cpe:/a:openbsd:openssh:3.7.1
CVE-2003-0682
2003-10-06T00:00:00.000-04:00
2018-05-02T21:29:21.787-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:741
REDHAT
RHSA-2003:279
BUGTRAQ
20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
DEBIAN
DSA-382
DEBIAN
DSA-383
REDHAT
RHSA-2003:280
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
cpe:/o:sgi:irix:6.5.21f
cpe:/o:sgi:irix:6.5.21m
CVE-2003-0683
2003-11-03T00:00:00.000-05:00
2008-09-05T16:34:58.203-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
SGI
20031004-01-P
BID
8921
NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.
CVE-2003-0684
2017-05-11T10:29:00.980-04:00
2017-05-11T10:29:00.980-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:netris:netris:0.3
cpe:/a:netris:netris:0.4
cpe:/a:netris:netris:0.5
CVE-2003-0685
2003-08-27T00:00:00.000-04:00
2016-10-17T22:36:32.873-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030812 Netris client Buffer Overflow Vulnerability.
DEBIAN
DSA-372
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
cpe:/a:dave_airlie:pam_smb:1.1
cpe:/a:dave_airlie:pam_smb:1.1.1
cpe:/a:dave_airlie:pam_smb:1.1.2
cpe:/a:dave_airlie:pam_smb:1.1.3
cpe:/a:dave_airlie:pam_smb:1.1.4
cpe:/a:dave_airlie:pam_smb:1.1.5
cpe:/a:dave_airlie:pam_smb:1.1.6
cpe:/a:dave_airlie:pam_smb:2.0_rc4
cpe:/a:redhat:pam_smb:1.1.6-2::i386
cpe:/a:redhat:pam_smb:1.1.6-2::ia64
cpe:/a:redhat:pam_smb:1.1.6-5::i386
cpe:/a:redhat:pam_smb:1.1.6-7::i386
CVE-2003-0686
2003-10-20T00:00:00.000-04:00
2018-05-02T21:29:21.943-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:734
BUGTRAQ
20030901 GLSA: pam_smb (200309-01)
CONFIRM
http://us2.samba.org/samba/ftp/pam_smb/
DEBIAN
DSA-374
CERT-VN
VU#680260
REDHAT
RHSA-2003:261
REDHAT
RHSA-2003:262
TURBO
TLSA-2003-50
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
CVE-2003-0687
2004-08-18T00:00:00.000-04:00
2008-09-10T15:20:09.117-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was internally assigned to a problem that was not reachable (the affected routine was not used by the software). Notes: none.
cpe:/a:redhat:sendmail:8.12.5-7::i386
cpe:/a:redhat:sendmail:8.12.5-7::i386_cf
cpe:/a:redhat:sendmail:8.12.5-7::i386_dev
cpe:/a:redhat:sendmail:8.12.5-7::i386_doc
cpe:/a:redhat:sendmail:8.12.8-4::i386
cpe:/a:redhat:sendmail:8.12.8-4::i386_cf
cpe:/a:redhat:sendmail:8.12.8-4::i386_dev
cpe:/a:redhat:sendmail:8.12.8-4::i386_doc
cpe:/a:sendmail:sendmail:8.12.1
cpe:/a:sendmail:sendmail:8.12.2
cpe:/a:sendmail:sendmail:8.12.3
cpe:/a:sendmail:sendmail:8.12.4
cpe:/a:sendmail:sendmail:8.12.5
cpe:/a:sendmail:sendmail:8.12.6
cpe:/a:sendmail:sendmail:8.12.7
cpe:/a:sendmail:sendmail:8.12.8
cpe:/o:compaq:tru64:5.0a
cpe:/o:compaq:tru64:5.1
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.8
cpe:/o:freebsd:freebsd:5.0
cpe:/o:openbsd:openbsd:3.2
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.20
cpe:/o:sgi:irix:6.5.21
CVE-2003-0688
2003-10-20T00:00:00.000-04:00
2018-05-02T21:29:22.053-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20030803-01-P
CONECTIVA
CLA-2003:727
CERT-VN
VU#993452
MANDRAKE
MDKSA-2003:086
SUSE
SuSE-SA:2003:035
REDHAT
RHSA-2003:265
CONFIRM
http://www.sendmail.org/dnsmap1.html
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
CVE-2003-0689
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:09.257-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
REDHAT
RHSA-2003:249
REDHAT
RHSA-2003:325
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
cpe:/o:kde:kde:1.1
cpe:/o:kde:kde:1.1.1
cpe:/o:kde:kde:1.1.2
cpe:/o:kde:kde:1.2
cpe:/o:kde:kde:2.0
cpe:/o:kde:kde:2.0.1
cpe:/o:kde:kde:2.0_beta
cpe:/o:kde:kde:2.1
cpe:/o:kde:kde:2.1.1
cpe:/o:kde:kde:2.1.2
cpe:/o:kde:kde:2.2
cpe:/o:kde:kde:2.2.1
cpe:/o:kde:kde:2.2.2
cpe:/o:kde:kde:3.0
cpe:/o:kde:kde:3.0.1
cpe:/o:kde:kde:3.0.2
cpe:/o:kde:kde:3.0.3
cpe:/o:kde:kde:3.0.3a
cpe:/o:kde:kde:3.0.4
cpe:/o:kde:kde:3.0.5
cpe:/o:kde:kde:3.0.5a
cpe:/o:kde:kde:3.0.5b
cpe:/o:kde:kde:3.1
cpe:/o:kde:kde:3.1.1
cpe:/o:kde:kde:3.1.1a
cpe:/o:kde:kde:3.1.2
cpe:/o:kde:kde:3.1.3
CVE-2003-0690
2003-10-06T00:00:00.000-04:00
2017-10-10T21:29:12.950-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
MISC
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
CONECTIVA
CLA-2003:747
BUGTRAQ
20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities
DEBIAN
DSA-388
DEBIAN
DSA-443
CONFIRM
http://www.kde.org/info/security/advisory-20030916-1.txt
MANDRAKE
MDKSA-2003:091
REDHAT
RHSA-2003:270
REDHAT
RHSA-2003:286
REDHAT
RHSA-2003:287
REDHAT
RHSA-2003:288
REDHAT
RHSA-2003:289
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
CVE-2003-0691
2003-12-31T00:00:00.000-05:00
2008-09-10T15:20:09.680-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none.
cpe:/o:kde:kde:1.1
cpe:/o:kde:kde:1.1.1
cpe:/o:kde:kde:1.1.2
cpe:/o:kde:kde:1.2
cpe:/o:kde:kde:2.0
cpe:/o:kde:kde:2.0.1
cpe:/o:kde:kde:2.0_beta
cpe:/o:kde:kde:2.1
cpe:/o:kde:kde:2.1.1
cpe:/o:kde:kde:2.1.2
cpe:/o:kde:kde:2.2
cpe:/o:kde:kde:2.2.1
cpe:/o:kde:kde:2.2.2
cpe:/o:kde:kde:3.0
cpe:/o:kde:kde:3.0.1
cpe:/o:kde:kde:3.0.2
cpe:/o:kde:kde:3.0.3
cpe:/o:kde:kde:3.0.3a
cpe:/o:kde:kde:3.0.4
cpe:/o:kde:kde:3.0.5
cpe:/o:kde:kde:3.0.5a
cpe:/o:kde:kde:3.0.5b
cpe:/o:kde:kde:3.1
cpe:/o:kde:kde:3.1.1
cpe:/o:kde:kde:3.1.1a
cpe:/o:kde:kde:3.1.2
cpe:/o:kde:kde:3.1.3
CVE-2003-0692
2003-10-06T00:00:00.000-04:00
2017-10-10T21:29:13.010-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
MISC
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
CONECTIVA
CLA-2003:747
BUGTRAQ
20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities
DEBIAN
DSA-388
CONFIRM
http://www.kde.org/info/security/advisory-20030916-1.txt
MANDRAKE
MDKSA-2003:091
REDHAT
RHSA-2003:270
REDHAT
RHSA-2003:288
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
cpe:/a:openbsd:openssh:3.7
CVE-2003-0693
2003-09-22T00:00:00.000-04:00
2018-05-02T21:29:22.177-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
FULLDISC
20030915 new ssh exploit?
FULLDISC
20030915 openssh remote exploit
FULLDISC
20030916 The lowdown on SSH vulnerability
BUGTRAQ
20030916 OpenSSH Buffer Management Bug Advisory
REDHAT
RHSA-2003:279
BUGTRAQ
20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
TRUSTIX
2003-0033
BUGTRAQ
20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
SUNALERT
1000620
CERT
CA-2003-24
DEBIAN
DSA-382
DEBIAN
DSA-383
CERT-VN
VU#333628
MANDRAKE
MDKSA-2003:090
CONFIRM
http://www.openssh.com/txt/buffer.adv
REDHAT
RHSA-2003:280
XF
openssh-packet-bo(13191)
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
cpe:/a:sendmail:advanced_message_server:1.2
cpe:/a:sendmail:advanced_message_server:1.3
cpe:/a:sendmail:sendmail:2.6
cpe:/a:sendmail:sendmail:2.6.1
cpe:/a:sendmail:sendmail:2.6.2
cpe:/a:sendmail:sendmail:3.0
cpe:/a:sendmail:sendmail:3.0.1
cpe:/a:sendmail:sendmail:3.0.2
cpe:/a:sendmail:sendmail:3.0.3
cpe:/a:sendmail:sendmail:8.8.8
cpe:/a:sendmail:sendmail:8.9.0
cpe:/a:sendmail:sendmail:8.9.1
cpe:/a:sendmail:sendmail:8.9.2
cpe:/a:sendmail:sendmail:8.9.3
cpe:/a:sendmail:sendmail:8.10
cpe:/a:sendmail:sendmail:8.10.1
cpe:/a:sendmail:sendmail:8.10.2
cpe:/a:sendmail:sendmail:8.11.0
cpe:/a:sendmail:sendmail:8.11.1
cpe:/a:sendmail:sendmail:8.11.2
cpe:/a:sendmail:sendmail:8.11.3
cpe:/a:sendmail:sendmail:8.11.4
cpe:/a:sendmail:sendmail:8.11.5
cpe:/a:sendmail:sendmail:8.11.6
cpe:/a:sendmail:sendmail:8.12:beta10
cpe:/a:sendmail:sendmail:8.12:beta12
cpe:/a:sendmail:sendmail:8.12:beta16
cpe:/a:sendmail:sendmail:8.12:beta5
cpe:/a:sendmail:sendmail:8.12:beta7
cpe:/a:sendmail:sendmail:8.12.0
cpe:/a:sendmail:sendmail:8.12.1
cpe:/a:sendmail:sendmail:8.12.2
cpe:/a:sendmail:sendmail:8.12.3
cpe:/a:sendmail:sendmail:8.12.4
cpe:/a:sendmail:sendmail:8.12.5
cpe:/a:sendmail:sendmail:8.12.6
cpe:/a:sendmail:sendmail:8.12.7
cpe:/a:sendmail:sendmail:8.12.8
cpe:/a:sendmail:sendmail:8.12.9
cpe:/a:sendmail:sendmail_pro:8.9.2
cpe:/a:sendmail:sendmail_pro:8.9.3
cpe:/a:sendmail:sendmail_switch:2.1
cpe:/a:sendmail:sendmail_switch:2.1.1
cpe:/a:sendmail:sendmail_switch:2.1.2
cpe:/a:sendmail:sendmail_switch:2.1.3
cpe:/a:sendmail:sendmail_switch:2.1.4
cpe:/a:sendmail:sendmail_switch:2.1.5
cpe:/a:sendmail:sendmail_switch:2.2
cpe:/a:sendmail:sendmail_switch:2.2.1
cpe:/a:sendmail:sendmail_switch:2.2.2
cpe:/a:sendmail:sendmail_switch:2.2.3
cpe:/a:sendmail:sendmail_switch:2.2.4
cpe:/a:sendmail:sendmail_switch:2.2.5
cpe:/a:sendmail:sendmail_switch:3.0
cpe:/a:sendmail:sendmail_switch:3.0.1
cpe:/a:sendmail:sendmail_switch:3.0.2
cpe:/a:sendmail:sendmail_switch:3.0.3
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
cpe:/o:compaq:tru64:4.0f
cpe:/o:compaq:tru64:4.0f_pk6_bl17
cpe:/o:compaq:tru64:4.0f_pk7_bl18
cpe:/o:compaq:tru64:4.0f_pk8_bl22
cpe:/o:compaq:tru64:4.0g
cpe:/o:compaq:tru64:4.0g_pk3_bl17
cpe:/o:compaq:tru64:4.0g_pk4_bl22
cpe:/o:compaq:tru64:5.1
cpe:/o:compaq:tru64:5.1_pk3_bl17
cpe:/o:compaq:tru64:5.1_pk4_bl18
cpe:/o:compaq:tru64:5.1_pk5_bl19
cpe:/o:compaq:tru64:5.1_pk6_bl20
cpe:/o:compaq:tru64:5.1a
cpe:/o:compaq:tru64:5.1a_pk1_bl1
cpe:/o:compaq:tru64:5.1a_pk2_bl2
cpe:/o:compaq:tru64:5.1a_pk3_bl3
cpe:/o:compaq:tru64:5.1a_pk4_bl21
cpe:/o:compaq:tru64:5.1a_pk5_bl23
cpe:/o:compaq:tru64:5.1b
cpe:/o:compaq:tru64:5.1b_pk1_bl1
cpe:/o:compaq:tru64:5.1b_pk2_bl22
cpe:/o:freebsd:freebsd:3.0:releng
cpe:/o:freebsd:freebsd:4.0:releng
cpe:/o:freebsd:freebsd:4.3:release_p38
cpe:/o:freebsd:freebsd:4.3:releng
cpe:/o:freebsd:freebsd:4.4:release_p42
cpe:/o:freebsd:freebsd:4.4:releng
cpe:/o:freebsd:freebsd:4.5:release_p32
cpe:/o:freebsd:freebsd:4.5:releng
cpe:/o:freebsd:freebsd:4.6:release_p20
cpe:/o:freebsd:freebsd:4.6:releng
cpe:/o:freebsd:freebsd:4.7:release_p17
cpe:/o:freebsd:freebsd:4.7:releng
cpe:/o:freebsd:freebsd:4.8:release_p6
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:freebsd:freebsd:5.0:release_p14
cpe:/o:freebsd:freebsd:5.0:releng
cpe:/o:freebsd:freebsd:5.1:release_p5
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/o:gentoo:linux:0.5
cpe:/o:gentoo:linux:0.7
cpe:/o:gentoo:linux:1.1a
cpe:/o:gentoo:linux:1.2
cpe:/o:gentoo:linux:1.4:rc1
cpe:/o:gentoo:linux:1.4:rc2
cpe:/o:gentoo:linux:1.4:rc3
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.0.4
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.22
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
cpe:/o:netbsd:netbsd:1.4.3
cpe:/o:netbsd:netbsd:1.5
cpe:/o:netbsd:netbsd:1.5::sh3
cpe:/o:netbsd:netbsd:1.5::x86
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.6
cpe:/o:netbsd:netbsd:1.6:beta
cpe:/o:netbsd:netbsd:1.6.1
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
cpe:/o:sgi:irix:6.5.21f
cpe:/o:sgi:irix:6.5.21m
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
cpe:/o:turbolinux:turbolinux_advanced_server:6.0
cpe:/o:turbolinux:turbolinux_server:6.1
cpe:/o:turbolinux:turbolinux_server:6.5
cpe:/o:turbolinux:turbolinux_server:7.0
cpe:/o:turbolinux:turbolinux_server:8.0
cpe:/o:turbolinux:turbolinux_workstation:6.0
cpe:/o:turbolinux:turbolinux_workstation:7.0
cpe:/o:turbolinux:turbolinux_workstation:8.0
CVE-2003-0694
2003-10-06T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SCO
SCOSA-2004.11
FULLDISC
20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
VULNWATCH
20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug
CONECTIVA
CLA-2003:742
BUGTRAQ
20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
BUGTRAQ
20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)
BUGTRAQ
20030917 GLSA: sendmail (200309-13)
BUGTRAQ
20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
CERT
CA-2003-25
DEBIAN
DSA-384
CERT-VN
VU#784980
MANDRAKE
MDKSA-2003:092
REDHAT
RHSA-2003:283
REDHAT
RHSA-2003:284
CONFIRM
http://www.sendmail.org/8.12.10.html
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
cpe:/a:openbsd:openssh:3.7.1
CVE-2003-0695
2003-10-06T00:00:00.000-04:00
2018-05-02T21:29:22.490-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:741
REDHAT
RHSA-2003:279
TRUSTIX
2003-0033
BUGTRAQ
20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
BUGTRAQ
20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)
MISC
http://marc.info/?l=openbsd-security-announce&m=106375582924840
DEBIAN
DSA-382
DEBIAN
DSA-383
MANDRAKE
MDKSA-2003:090
CONFIRM
http://www.openssh.com/txt/buffer.adv
REDHAT
RHSA-2003:280
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
CVE-2003-0696
2004-01-20T00:00:00.000-05:00
2017-07-10T21:29:35.213-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BID
8738
XF
aix-sendmail-getipnodebyname-dos(13328)
CONFIRM
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX51&topic=SECURITY&month=200310&label=getipnodebyname%28%29+API+does+not+close+sockets.&date=20031001&bulletin=datafile150755&embed=true
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).
cpe:/o:ibm:aix:4.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
CVE-2003-0697
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:12.633-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CONFIRM
http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1605.1
AIXAPAR
IY45250
AIXAPAR
IY45344
AIXAPAR
IY46256
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
CVE-2003-0698
2003-12-31T00:00:00.000-05:00
2008-09-10T15:20:13.070-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:linux_advanced_workstation:2.1
CVE-2003-0699
2003-08-27T00:00:00.000-04:00
2017-10-10T21:29:13.073-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
REDHAT
RHSA-2003:198
REDHAT
RHSA-2003:238
REDHAT
RHSA-2003:239
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
cpe:/a:redhat:kernel:2.4.21
CVE-2003-0700
2004-02-17T00:00:00.000-05:00
2017-10-10T21:29:13.183-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
REDHAT
RHSA-2003:238
REDHAT
RHSA-2004:044
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.
cpe:/a:microsoft:ie:5.01
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0::windows_server_2003
CVE-2003-0701
2003-08-27T00:00:00.000-04:00
2018-10-12T17:32:58.413-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment
CERT-VN
VU#334928
MS
MS03-032
XF
ie-dbcs-object-bo(12970)
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
cpe:/a:iss:realsecure_server_sensor:7.0:xpu20.16
cpe:/a:iss:realsecure_server_sensor:7.0:xpu20.18
CVE-2003-0702
2003-10-20T00:00:00.000-04:00
2017-07-10T21:29:35.337-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030905 ISS Server Sensor Denial of Service
MISC
http://www.enteredge.com/research/CAN-2003-0702.asp
XF
realsecure-isapi-dos(13088)
Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL.
cpe:/a:kismac:kismac:0.05d
CVE-2003-0703
2003-09-17T00:00:00.000-04:00
2017-07-10T21:29:35.400-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
ATSTAKE
A082203-1
BID
8497
XF
kismac-driverkext-load-modules(13007)
XF
kismac-exchangekernel-kernel-overwrite(13008)
KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh.
cpe:/a:kismac:kismac:0.05d
CVE-2003-0704
2003-09-17T00:00:00.000-04:00
2017-07-10T21:29:35.463-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
ATSTAKE
A082203-1
BID
8497
XF
kismac-driverkext-modify-ownership(13006)
XF
kismac-setuid-modify-ownership(13009)
XF
kismac-viha-gain-privileges(13010)
KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh.
cpe:/a:nicolas_boullis:mah-jong:1.4
CVE-2003-0705
2003-09-17T00:00:00.000-04:00
2008-09-10T15:20:13.930-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-378
Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.
cpe:/a:nicolas_boullis:mah-jong:1.4
CVE-2003-0706
2003-09-17T00:00:00.000-04:00
2008-09-10T15:20:13.993-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-378
Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop).
cpe:/a:tomi_manninen:linuxnode:0.3.2
CVE-2003-0707
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:02.360-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
DEBIAN
DSA-375
Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code.
cpe:/a:tomi_manninen:linuxnode:0.3.2
CVE-2003-0708
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:02.517-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
DEBIAN
DSA-375
Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.
cpe:/a:whois:whois:4.5.7
cpe:/a:whois:whois:4.6.6
CVE-2003-0709
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:14.210-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
MISC
http://www.zone-h.org/en/advisories/read/id=2925/
Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_me
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0711
2003-11-17T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
NTBUGTRAQ
20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
CERT
CA-2003-27
CERT-VN
VU#467036
MISC
http://www.ngssoftware.com/advisories/ms-pchealth.txt
BID
8828
MS
MS03-044
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
cpe:/a:microsoft:exchange_server:5.5
cpe:/a:microsoft:exchange_server:5.5:sp1
cpe:/a:microsoft:exchange_server:5.5:sp2
cpe:/a:microsoft:exchange_server:5.5:sp3
cpe:/a:microsoft:exchange_server:5.5:sp4
CVE-2003-0712
2003-11-17T00:00:00.000-05:00
2018-10-12T17:33:00.570-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031016 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
CERT
CA-2003-27
CERT-VN
VU#435444
BID
8832
MS
MS03-047
Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
cpe:/a:microsoft:exchange_server:5.5
cpe:/a:microsoft:exchange_server:5.5:sp1
cpe:/a:microsoft:exchange_server:5.5:sp2
cpe:/a:microsoft:exchange_server:5.5:sp3
cpe:/a:microsoft:exchange_server:5.5:sp4
cpe:/a:microsoft:exchange_server:2000
cpe:/a:microsoft:exchange_server:2000:sp1
cpe:/a:microsoft:exchange_server:2000:sp2
cpe:/a:microsoft:exchange_server:2000:sp3
CVE-2003-0714
2003-11-17T00:00:00.000-05:00
2018-10-12T17:33:01.070-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow
CERT
CA-2003-27
CERT-VN
VU#422156
BID
8838
MS
MS03-046
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0715
2003-09-17T00:00:00.000-04:00
2019-04-30T10:27:13.913-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030910 EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II
CERT
CA-2003-23
CERT-VN
VU#483492
MS
MS03-039
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_me
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0717
2003-11-17T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031018 Proof of concept for Windows Messenger Service overflow
BUGTRAQ
20031016 MS03-043 Popup Messenger Servce buffer-overflow
CERT
CA-2003-27
CERT-VN
VU#575892
BID
8826
MS
MS03-043
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
cpe:/a:microsoft:internet_information_server:5.1
cpe:/a:microsoft:internet_information_server:6.0
cpe:/a:microsoft:internet_information_services:5.0
CVE-2003-0718
2004-11-03T00:00:00.000-05:00
2018-10-30T12:25:10.357-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS
MS
MS04-030
XF
iis-webdav-xml-attribute-dos(17645)
XF
iis-ms04030-patch(17656)
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
cpe:/a:microsoft:netmeeting
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp4::fr
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_98::gold
cpe:/o:microsoft:windows_me
cpe:/o:microsoft:windows_nt:4.0:sp6a
cpe:/o:microsoft:windows_xp::sp1:tablet_pc
CVE-2003-0719
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:05.117-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT-VN
VU#586540
BUGTRAQ
20040430 A technical description of the SSL PCT vulnerability (CVE-2003-0719)
CERT
TA04-104A
ISS
20040413 Microsoft SSL Library Remote Compromise Vulnerability
MS
MS04-011
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
cpe:/a:university_of_washington:pine:3.98
cpe:/a:university_of_washington:pine:4.0.2
cpe:/a:university_of_washington:pine:4.0.4
cpe:/a:university_of_washington:pine:4.10
cpe:/a:university_of_washington:pine:4.20
cpe:/a:university_of_washington:pine:4.21
cpe:/a:university_of_washington:pine:4.30
cpe:/a:university_of_washington:pine:4.33
cpe:/a:university_of_washington:pine:4.44
cpe:/a:university_of_washington:pine:4.50
cpe:/a:university_of_washington:pine:4.52
cpe:/a:university_of_washington:pine:4.53
cpe:/a:university_of_washington:pine:4.56
CVE-2003-0720
2003-09-17T00:00:00.000-04:00
2018-05-02T21:29:22.600-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE
BUGTRAQ
20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE
BUGTRAQ
20030911 [slackware-security] security issues in pine (SSA:2003-253-01)
MISC
http://www.idefense.com/advisory/09.10.03.txt
REDHAT
RHSA-2003:273
REDHAT
RHSA-2003:274
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
cpe:/a:university_of_washington:pine:3.98
cpe:/a:university_of_washington:pine:4.0.2
cpe:/a:university_of_washington:pine:4.0.4
cpe:/a:university_of_washington:pine:4.10
cpe:/a:university_of_washington:pine:4.20
cpe:/a:university_of_washington:pine:4.21
cpe:/a:university_of_washington:pine:4.30
cpe:/a:university_of_washington:pine:4.33
cpe:/a:university_of_washington:pine:4.44
cpe:/a:university_of_washington:pine:4.50
cpe:/a:university_of_washington:pine:4.52
cpe:/a:university_of_washington:pine:4.53
cpe:/a:university_of_washington:pine:4.56
CVE-2003-0721
2003-09-17T00:00:00.000-04:00
2018-05-02T21:29:22.693-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030911 Pine: .procmailrc rule against integer overflow
BUGTRAQ
20030911 [slackware-security] security issues in pine (SSA:2003-253-01)
BUGTRAQ
20030915 remote Pine <= 4.56 exploit fully automatic
IDEFENSE
20030910 Two Exploitable Overflows in PINE
REDHAT
RHSA-2003:273
REDHAT
RHSA-2003:274
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
cpe:/o:sun:solaris
CVE-2003-0722
2003-09-22T00:00:00.000-04:00
2017-10-10T21:29:13.730-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030918 Solaris SADMIND Exploitation
BUGTRAQ
20030918 Solaris SADMIND Exploitation
SUNALERT
56740
CIAC
N-148
MISC
http://www.idefense.com/advisory/09.16.03.txt
CERT-VN
VU#41870
BID
8615
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
cpe:/a:gkrellm:gkrellm:2.1.7
cpe:/a:gkrellm:gkrellm:2.1.13
CVE-2003-0723
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:15.633-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
MANDRAKE
MDKSA-2003:087
Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code.
cpe:/o:compaq:tru64:5.1a
cpe:/o:compaq:tru64:5.1a_pk1_bl1
cpe:/o:compaq:tru64:5.1a_pk2_bl2
cpe:/o:compaq:tru64:5.1a_pk3_bl3
cpe:/o:compaq:tru64:5.1a_pk4_bl21
cpe:/o:compaq:tru64:5.1a_pk5_bl23
cpe:/o:compaq:tru64:5.1b_pk2_bl22
CVE-2003-0724
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:05.140-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
HP
SSRT3588
BID
8492
ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.
cpe:/a:realnetworks:helix_universal_server:8.0.1
cpe:/a:realnetworks:helix_universal_server:9.0
cpe:/a:realnetworks:helix_universal_server:9.0.1
cpe:/a:realnetworks:helix_universal_server:9.0.2.794
cpe:/a:realnetworks:realserver:7.0
cpe:/a:realnetworks:realserver:7.0.1
cpe:/a:realnetworks:realserver:7.0.2
cpe:/a:realnetworks:realserver:8.0
cpe:/a:realnetworks:realserver:8.0.1
cpe:/a:realnetworks:realserver:8.0.2
cpe:/a:realnetworks:realserver:8.0_beta
cpe:/a:realnetworks:realserver:g2_1.0
CVE-2003-0725
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:05.313-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_USER_ACCESS
VULNWATCH
20030825 New Bug in RealServer
MISC
http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html
CERT-VN
VU#934932
BID
8476
CONFIRM
http://www.service.real.com/help/faq/security/rootexploit082203.html
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
cpe:/a:realnetworks:realone_desktop_manager
cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774
cpe:/a:realnetworks:realone_player:2.0
cpe:/a:realnetworks:realone_player:6.0.10.505:gold
cpe:/a:realnetworks:realone_player:6.0.11.818
cpe:/a:realnetworks:realone_player:6.0.11.830
cpe:/a:realnetworks:realone_player:6.0.11.841
cpe:/a:realnetworks:realone_player:6.0.11.853
CVE-2003-0726
2003-10-20T00:00:00.000-04:00
2017-07-10T21:29:35.603-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1007532
MISC
http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html
BUGTRAQ
20030827 RealOne Player Allows Cross Zone and Domain Access
BID
8453
CONFIRM
http://www.service.real.com/help/faq/security/securityupdate_august2003.html
XF
realone-smil-execute-code(13028)
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
cpe:/a:oracle:database_server
CVE-2003-0727
2003-10-20T00:00:00.000-04:00
2017-09-27T21:29:00.293-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf
EXPLOIT-DB
42780
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
cpe:/a:horde:horde:2.2.4
CVE-2003-0728
2003-10-20T00:00:00.000-04:00
2016-10-17T22:36:56.207-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030813 PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4
BUGTRAQ
20030901 GLSA: horde (200309-02)
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
cpe:/a:tellurian:tftpdnt:1.8
cpe:/a:tellurian:tftpdnt:2.0
CVE-2003-0729
2003-10-20T00:00:00.000-04:00
2016-10-17T22:36:57.377-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)
BUGTRAQ
20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)
MISC
http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html
Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.
cpe:/a:xfree86_project:x11r6:4.2.1
cpe:/a:xfree86_project:x11r6:4.3.0
cpe:/o:netbsd:netbsd:1.5
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.6
cpe:/o:netbsd:netbsd:1.6.1
CVE-2003-0730
2003-10-20T00:00:00.000-04:00
2016-10-17T22:36:58.597-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
NETBSD
NetBSD-SA2003-015
SGI
20031101-01-U
CONECTIVA
CLA-2004:821
BUGTRAQ
20030830 Multiple integer overflows in XFree86 (local/remote)
SUNALERT
102803
CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
DEBIAN
DSA-380
MANDRAKE
MDKSA-2003:089
REDHAT
RHSA-2003:286
REDHAT
RHSA-2003:287
REDHAT
RHSA-2003:288
REDHAT
RHSA-2003:289
BID
8514
VUPEN
ADV-2007-0589
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
cpe:/a:cisco:ciscoworks_common_management_foundation:2.0
cpe:/a:cisco:ciscoworks_common_management_foundation:2.1
cpe:/a:cisco:resource_manager:1.0
cpe:/a:cisco:resource_manager:1.1
cpe:/a:cisco:resource_manager_essentials:2.0
cpe:/a:cisco:resource_manager_essentials:2.1
cpe:/a:cisco:resource_manager_essentials:2.2
cpe:/o:cisco:ciscoworks_cd1:1st
cpe:/o:cisco:ciscoworks_cd1:2nd
cpe:/o:cisco:ciscoworks_cd1:3rd
cpe:/o:cisco:ciscoworks_cd1:4th
cpe:/o:cisco:ciscoworks_cd1:5th
CVE-2003-0731
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:19.413-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CISCO
20030813 CiscoWorks Application Vulnerabilities
BUGTRAQ
20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
cpe:/a:cisco:ciscoworks_common_management_foundation:2.0
cpe:/a:cisco:ciscoworks_common_management_foundation:2.1
cpe:/a:cisco:resource_manager:1.0
cpe:/a:cisco:resource_manager:1.1
cpe:/a:cisco:resource_manager_essentials:2.0
cpe:/a:cisco:resource_manager_essentials:2.1
cpe:/a:cisco:resource_manager_essentials:2.2
cpe:/o:cisco:ciscoworks_cd1:1st
cpe:/o:cisco:ciscoworks_cd1:2nd
cpe:/o:cisco:ciscoworks_cd1:3rd
cpe:/o:cisco:ciscoworks_cd1:4th
cpe:/o:cisco:ciscoworks_cd1:5th
CVE-2003-0732
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:06.547-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
CISCO
20030813 CiscoWorks Application Vulnerabilities
BUGTRAQ
20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
cpe:/a:bea:liquid_data:1.1
cpe:/a:bea:weblogic_integration:2.0
cpe:/a:bea:weblogic_integration:7.0
cpe:/a:bea:weblogic_server:5.1
cpe:/a:bea:weblogic_server:7.0::express
CVE-2003-0733
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:06.717-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
BID
8357
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
cpe:/a:padl_software:pam_ldap:162
CVE-2003-0734
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:19.617-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
MANDRAKE
MDKSA-2003:088
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
cpe:/a:phpwebsite:phpwebsite:0.9.0
CVE-2003-0735
2003-10-20T00:00:00.000-04:00
2016-10-17T22:36:59.893-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
BUGTRAQ
20030902 GLSA: phpwebsite (200309-03)
CERT-VN
VU#925166
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
cpe:/a:phpwebsite:phpwebsite:0.9.0
CVE-2003-0736
2003-10-20T00:00:00.000-04:00
2016-10-17T22:37:01.267-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
BUGTRAQ
20030902 GLSA: phpwebsite (200309-03)
CERT-VN
VU#664422
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
cpe:/a:phpwebsite:phpwebsite:0.9.0
CVE-2003-0737
2003-10-20T00:00:00.000-04:00
2016-10-17T22:37:02.363-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
BUGTRAQ
20030902 GLSA: phpwebsite (200309-03)
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.
cpe:/a:phpwebsite:phpwebsite:0.9.0
CVE-2003-0738
2003-10-20T00:00:00.000-04:00
2016-10-17T22:37:03.580-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
BUGTRAQ
20030902 GLSA: phpwebsite (200309-03)
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
cpe:/a:vmware:workstation:4.0.1_build_5289
CVE-2003-0739
2003-10-20T00:00:00.000-04:00
2016-10-17T22:37:04.787-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030807 VMware Workstation 4.0.1 (for Linux systems) vulnerability
CONFIRM
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1106
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
cpe:/a:stunnel:stunnel:3.3
cpe:/a:stunnel:stunnel:3.4a
cpe:/a:stunnel:stunnel:3.7
cpe:/a:stunnel:stunnel:3.8
cpe:/a:stunnel:stunnel:3.9
cpe:/a:stunnel:stunnel:3.10
cpe:/a:stunnel:stunnel:3.11
cpe:/a:stunnel:stunnel:3.12
cpe:/a:stunnel:stunnel:3.13
cpe:/a:stunnel:stunnel:3.14
cpe:/a:stunnel:stunnel:3.15
cpe:/a:stunnel:stunnel:3.16
cpe:/a:stunnel:stunnel:3.17
cpe:/a:stunnel:stunnel:3.18
cpe:/a:stunnel:stunnel:3.19
cpe:/a:stunnel:stunnel:3.20
cpe:/a:stunnel:stunnel:3.21
cpe:/a:stunnel:stunnel:3.21a
cpe:/a:stunnel:stunnel:3.21b
cpe:/a:stunnel:stunnel:3.21c
cpe:/a:stunnel:stunnel:3.22
cpe:/a:stunnel:stunnel:3.24
cpe:/a:stunnel:stunnel:4.0
CVE-2003-0740
2003-10-20T00:00:00.000-04:00
2016-10-17T22:37:06.113-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:736
BUGTRAQ
20030903 Stunnel-3.x Daemon Hijacking
MANDRAKE
MDKSA-2003:108
REDHAT
RHSA-2003:297
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
CVE-2003-0741
2017-05-11T10:29:00.993-04:00
2017-05-11T10:29:01.010-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/o:sco:openserver:5.0.5
cpe:/o:sco:openserver:5.0.6
cpe:/o:sco:openserver:5.0.7
CVE-2003-0742
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:20.103-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.
cpe:/a:university_of_cambridge:exim:3.0
cpe:/a:university_of_cambridge:exim:3.3
cpe:/a:university_of_cambridge:exim:3.3.1
cpe:/a:university_of_cambridge:exim:3.3.2
cpe:/a:university_of_cambridge:exim:3.11
cpe:/a:university_of_cambridge:exim:3.12
cpe:/a:university_of_cambridge:exim:3.13
cpe:/a:university_of_cambridge:exim:3.14
cpe:/a:university_of_cambridge:exim:3.15
cpe:/a:university_of_cambridge:exim:3.16
cpe:/a:university_of_cambridge:exim:3.17
cpe:/a:university_of_cambridge:exim:3.18
cpe:/a:university_of_cambridge:exim:3.19
cpe:/a:university_of_cambridge:exim:3.20
cpe:/a:university_of_cambridge:exim:3.21
cpe:/a:university_of_cambridge:exim:3.22
cpe:/a:university_of_cambridge:exim:3.30
cpe:/a:university_of_cambridge:exim:3.31
cpe:/a:university_of_cambridge:exim:3.32
cpe:/a:university_of_cambridge:exim:3.33
cpe:/a:university_of_cambridge:exim:3.34
cpe:/a:university_of_cambridge:exim:3.35
cpe:/a:university_of_cambridge:exim:3.36
cpe:/a:university_of_cambridge:exim:4.10
cpe:/a:university_of_cambridge:exim:4.20
CVE-2003-0743
2003-10-20T00:00:00.000-04:00
2016-10-17T22:37:07.410-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:735
BUGTRAQ
20030901 exim remote heap overflow, probably not exploitable
VULN-DEV
20030903 Re: exim remote heap overflow, probably not exploitable
CONFIRM
http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog
CONFIRM
http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog
DEBIAN
DSA-376
CONFIRM
http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
MLIST
[Exim] 20030814 Minor security bug
MLIST
[Exim] 20030815 Minor security bug
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
cpe:/a:leafnode:leafnode:1.9.19
cpe:/a:leafnode:leafnode:1.9.20
cpe:/a:leafnode:leafnode:1.9.21
cpe:/a:leafnode:leafnode:1.9.22
cpe:/a:leafnode:leafnode:1.9.23
cpe:/a:leafnode:leafnode:1.9.24
cpe:/a:leafnode:leafnode:1.9.25
cpe:/a:leafnode:leafnode:1.9.26
cpe:/a:leafnode:leafnode:1.9.27
cpe:/a:leafnode:leafnode:1.9.29
cpe:/a:leafnode:leafnode:1.9.30
cpe:/a:leafnode:leafnode:1.9.31
cpe:/a:leafnode:leafnode:1.9.35
cpe:/a:leafnode:leafnode:1.9.36
cpe:/a:leafnode:leafnode:1.9.37
cpe:/a:leafnode:leafnode:1.9.38
cpe:/a:leafnode:leafnode:1.9.39
cpe:/a:leafnode:leafnode:1.9.40
cpe:/a:leafnode:leafnode:1.9.41
CVE-2003-0744
2003-10-20T00:00:00.000-04:00
2016-10-17T22:37:08.943-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030903 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01
CONFIRM
http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt
BUGTRAQ
20030904 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01
BID
8541
The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.
cpe:/a:castle_rock_computing:snmpc:5.1
cpe:/a:castle_rock_computing:snmpc:6.0
cpe:/a:castle_rock_computing:snmpc:6.0.5
cpe:/a:castle_rock_computing:snmpc:6.0.8
CVE-2003-0745
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:20.913-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030825 SNMPc v5 and v6 remote vulnerability
SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server.
cpe:/a:hp:openview
CVE-2003-0746
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:08.750-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SGI
20030902-01-P
HP
HPSBUX0308-274
CERT-VN
VU#377804
Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm.
cpe:/a:sap:internet_transaction_server:4620.2.0.323011
CVE-2003-0747
2003-10-20T00:00:00.000-04:00
2017-07-10T21:29:35.667-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030830 SAP Internet Transaction Server
BID
8515
XF
its-wgatedll-information-disclosure(13063)
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
cpe:/a:sap:internet_transaction_server:4620.2.0.323011
CVE-2003-0748
2003-10-20T00:00:00.000-04:00
2017-07-10T21:29:35.713-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030830 SAP Internet Transaction Server
BID
8516
XF
its-wgatedll-directory-traversal(13066)
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
cpe:/a:sap:internet_transaction_server:4620.2.0.323011
CVE-2003-0749
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:09.217-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030830 SAP Internet Transaction Server
BID
8517
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
cpe:/a:py-membres:py-membres:4.0
cpe:/a:py-membres:py-membres:4.1
cpe:/a:py-membres:py-membres:4.2
CVE-2003-0750
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:21.290-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter.
cpe:/a:py-membres:py-membres:4.0
cpe:/a:py-membres:py-membres:4.1
cpe:/a:py-membres:py-membres:4.2
CVE-2003-0751
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:21.353-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.
cpe:/a:attila-php.net:attilaphp:3.0
CVE-2003-0752
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:09.640-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030826 [PHP] AttilaPHP 3.0 : User/Admin Access
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
cpe:/a:newsphp:newsphp:216
CVE-2003-0753
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:21.493-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
BUGTRAQ
20030824 newsPHP file inclusion & bad login validation
nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter.
cpe:/a:newsphp:newsphp:216
CVE-2003-0754
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:21.570-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030824 newsPHP file inclusion & bad login validation
nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication.
cpe:/a:gtkftpd:gtkftp:1.0.2
cpe:/a:gtkftpd:gtkftp:1.0.3
cpe:/a:gtkftpd:gtkftp:1.0.4
CVE-2003-0755
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:21.633-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
VULN-DEV
20030826 gtkftpd[v1.0.4(and below)]: remote root buffer overflow exploit.
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.
cpe:/a:sitebuilder:sitebuilder:1.4
CVE-2003-0756
2003-10-20T00:00:00.000-04:00
2008-09-10T15:20:21.710-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
BUGTRAQ
20030831 Directory Traversal in SITEBUILDER - v1.4
Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter.
cpe:/a:checkpoint:firewall-1:4.0
cpe:/a:checkpoint:firewall-1:4.1
CVE-2003-0757
2003-10-20T00:00:00.000-04:00
2008-09-05T16:35:10.467-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
BUGTRAQ
20030902 IRM 007: The IP addresses of Check Point Firewall-1 internal interfaces may be enumerated using SecuRemote
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.
cpe:/a:ibm:db2_universal_database:7.2::linux
CVE-2003-0758
2003-10-06T00:00:00.000-04:00
2017-07-10T21:29:35.760-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
BUGTRAQ
20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
CIAC
N-154
MISC
http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10
BID
8552
XF
ibm-db2-db2dart-bo(13218)
Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
cpe:/a:ibm:db2_universal_database:7.2::linux
CVE-2003-0759
2003-10-06T00:00:00.000-04:00
2016-10-17T22:37:11.397-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt
VULNWATCH
20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
BUGTRAQ
20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
CIAC
N-154
MISC
http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10
BID
8553
AIXAPAR
IY47653
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
cpe:/a:optisoft:blubster:2.5
CVE-2003-0760
2003-09-17T00:00:00.000-04:00
2017-07-10T21:29:35.853-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
MISC
http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html
BID
8482
XF
blubster-port701-dos(13012)
Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701.
cpe:/a:digium:asterisk:1.2.13
CVE-2003-0761
2003-09-17T00:00:00.000-04:00
2008-09-05T16:35:11.093-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A090403-1
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
cpe:/a:foxweb:foxweb:2.5
CVE-2003-0762
2003-09-17T00:00:00.000-04:00
2008-09-10T15:20:23.557-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030905 [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension
Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value).
cpe:/a:squished_mosquito:escapade
CVE-2003-0763
2003-09-17T00:00:00.000-04:00
2016-10-17T22:37:12.660-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure
Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.
cpe:/a:squished_mosquito:escapade
CVE-2003-0764
2003-09-17T00:00:00.000-04:00
2016-10-17T22:37:13.647-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure
Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter.
cpe:/a:nullsoft:winamp:2.81
cpe:/a:nullsoft:winamp:2.91
cpe:/a:nullsoft:winamp:3.0
cpe:/a:nullsoft:winamp:3.1
CVE-2003-0765
2003-09-17T00:00:00.000-04:00
2016-10-17T22:37:14.740-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030908 Winamp 2.91 lets code execution through MIDI files
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
cpe:/a:ftp_desktop:ftp_desktop:3.5
CVE-2003-0766
2003-09-17T00:00:00.000-04:00
2017-04-28T21:59:00.757-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030908 Multiple Heap Overflows in FTP Desktop
Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command.
cpe:/a:gamespy:roger_wilco_dedicated_server:0.26
cpe:/a:gamespy:roger_wilco_dedicated_server:0.27
cpe:/a:gamespy:roger_wilco_dedicated_server:0.28
cpe:/a:gamespy:roger_wilco_dedicated_server:0.29
cpe:/a:gamespy:roger_wilco_dedicated_server:0.30a
cpe:/a:gamespy:roger_wilco_graphical_server:1.4.1.1
cpe:/a:gamespy:roger_wilco_graphical_server:1.4.1.2
cpe:/a:gamespy:roger_wilco_graphical_server:1.4.1.3
cpe:/a:gamespy:roger_wilco_graphical_server:1.4.1.4
cpe:/a:gamespy:roger_wilco_graphical_server:1.4.1.5
cpe:/a:gamespy:roger_wilco_graphical_server:1.4.1.6
CVE-2003-0767
2003-09-17T00:00:00.000-04:00
2016-10-17T22:37:17.460-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030908 Rogerwilco: server's buffer overflow
Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.
cpe:/a:microsoft:asp.net:1.1
CVE-2003-0768
2003-09-22T00:00:00.000-04:00
2016-10-17T22:37:18.567-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
cpe:/a:mirabilis:icq:2003a_build3777
cpe:/a:mirabilis:icq:2003a_build3799
cpe:/a:mirabilis:icq:2003a_build3800
CVE-2003-0769
2003-09-22T00:00:00.000-04:00
2008-09-10T15:20:24.040-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
cpe:/a:ikonboard.com:ikonboard:3.1.1
cpe:/a:ikonboard.com:ikonboard:3.1.2a
CVE-2003-0770
2003-09-22T00:00:00.000-04:00
2016-10-17T22:37:19.833-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution
BUGTRAQ
20030401 IkonBoard v3.1.1: arbitrary command execution
BUGTRAQ
20030908 IkonBoard 3.1.2a arbitrary command execution
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.
cpe:/a:apache_gallery:apache_gallery:0.4
cpe:/a:apache_gallery:apache_gallery:0.4.1
cpe:/a:apache_gallery:apache_gallery:0.5
cpe:/a:apache_gallery:apache_gallery:0.5.1
cpe:/a:apache_gallery:apache_gallery:0.6
CVE-2003-0771
2003-09-22T00:00:00.000-04:00
2016-10-17T22:37:21.007-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030907 Apache::Gallery local webserver compromise, privilege escalation
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
cpe:/a:ipswitch:ws_ftp_server:4.01
cpe:/a:progress:ipswitch_ws_ftp_server:3.4
CVE-2003-0772
2003-09-22T00:00:00.000-04:00
2019-08-13T10:39:50.873-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030906 Remote and Local Vulnerabilities In WS_FTP Server
CERT-VN
VU#219140
CERT-VN
VU#792284
BID
8542
XF
wsftp-ftp-command-bo(13119)
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
cpe:/a:sane:sane:1.0.0
cpe:/a:sane:sane:1.0.1
cpe:/a:sane:sane:1.0.2
cpe:/a:sane:sane:1.0.3
cpe:/a:sane:sane:1.0.4
cpe:/a:sane:sane:1.0.5
cpe:/a:sane:sane:1.0.6
cpe:/a:sane:sane:1.0.7
cpe:/a:sane:sane:1.0.7_beta1
cpe:/a:sane:sane:1.0.7_beta2
cpe:/a:sane:sane:1.0.8
cpe:/a:sane:sane:1.0.9
cpe:/a:sane:sane-backend:1.0.10
CVE-2003-0773
2003-09-22T00:00:00.000-04:00
2013-08-23T00:29:24.820-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SCO
CSSA-2004-005.0
DEBIAN
DSA-379
MANDRAKE
MDKSA-2003:099
SUSE
SuSE-SA:2003:046
REDHAT
RHSA-2003:278
REDHAT
RHSA-2003:285
BID
8593
BID
8595
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.
cpe:/a:sane:sane:1.0.0
cpe:/a:sane:sane:1.0.1
cpe:/a:sane:sane:1.0.2
cpe:/a:sane:sane:1.0.3
cpe:/a:sane:sane:1.0.4
cpe:/a:sane:sane:1.0.5
cpe:/a:sane:sane:1.0.6
cpe:/a:sane:sane:1.0.7
cpe:/a:sane:sane:1.0.7_beta1
cpe:/a:sane:sane:1.0.7_beta2
cpe:/a:sane:sane:1.0.8
cpe:/a:sane:sane:1.0.9
cpe:/a:sane:sane-backend:1.0.10
CVE-2003-0774
2003-09-22T00:00:00.000-04:00
2008-09-10T15:20:25.257-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
SCO
CSSA-2004-005.0
DEBIAN
DSA-379
MANDRAKE
MDKSA-2003:099
SUSE
SuSE-SA:2003:046
REDHAT
RHSA-2003:278
REDHAT
RHSA-2003:285
BID
8593
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
cpe:/a:sane:sane:1.0.0
cpe:/a:sane:sane:1.0.1
cpe:/a:sane:sane:1.0.2
cpe:/a:sane:sane:1.0.3
cpe:/a:sane:sane:1.0.4
cpe:/a:sane:sane:1.0.5
cpe:/a:sane:sane:1.0.6
cpe:/a:sane:sane:1.0.7
cpe:/a:sane:sane:1.0.7_beta1
cpe:/a:sane:sane:1.0.7_beta2
cpe:/a:sane:sane:1.0.8
cpe:/a:sane:sane:1.0.9
cpe:/a:sane:sane-backend:1.0.10
CVE-2003-0775
2003-09-22T00:00:00.000-04:00
2008-09-10T15:20:25.337-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SCO
CSSA-2004-005.0
DEBIAN
DSA-379
MANDRAKE
MDKSA-2003:099
SUSE
SuSE-SA:2003:046
REDHAT
RHSA-2003:278
REDHAT
RHSA-2003:285
BID
8593
BID
8600
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
cpe:/a:sane:sane:1.0.0
cpe:/a:sane:sane:1.0.1
cpe:/a:sane:sane:1.0.2
cpe:/a:sane:sane:1.0.3
cpe:/a:sane:sane:1.0.4
cpe:/a:sane:sane:1.0.5
cpe:/a:sane:sane:1.0.6
cpe:/a:sane:sane:1.0.7
cpe:/a:sane:sane:1.0.7_beta1
cpe:/a:sane:sane:1.0.7_beta2
cpe:/a:sane:sane:1.0.8
cpe:/a:sane:sane:1.0.9
cpe:/a:sane:sane-backend:1.0.10
CVE-2003-0776
2003-09-22T00:00:00.000-04:00
2008-09-10T15:20:25.413-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
SCO
CSSA-2004-005.0
DEBIAN
DSA-379
MANDRAKE
MDKSA-2003:099
SUSE
SuSE-SA:2003:046
REDHAT
RHSA-2003:278
REDHAT
RHSA-2003:285
BID
8593
saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.
cpe:/a:sane:sane:1.0.0
cpe:/a:sane:sane:1.0.1
cpe:/a:sane:sane:1.0.2
cpe:/a:sane:sane:1.0.3
cpe:/a:sane:sane:1.0.4
cpe:/a:sane:sane:1.0.5
cpe:/a:sane:sane:1.0.6
cpe:/a:sane:sane:1.0.7
cpe:/a:sane:sane:1.0.7_beta1
cpe:/a:sane:sane:1.0.7_beta2
cpe:/a:sane:sane:1.0.8
cpe:/a:sane:sane:1.0.9
cpe:/a:sane:sane-backend:1.0.10
CVE-2003-0777
2003-09-22T00:00:00.000-04:00
2008-09-10T15:20:25.477-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SCO
CSSA-2004-005.0
DEBIAN
DSA-379
MANDRAKE
MDKSA-2003:099
SUSE
SuSE-SA:2003:046
REDHAT
RHSA-2003:278
REDHAT
RHSA-2003:285
BID
8593
BID
8597
saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).
cpe:/a:sane:sane:1.0.0
cpe:/a:sane:sane:1.0.1
cpe:/a:sane:sane:1.0.2
cpe:/a:sane:sane:1.0.3
cpe:/a:sane:sane:1.0.4
cpe:/a:sane:sane:1.0.5
cpe:/a:sane:sane:1.0.6
cpe:/a:sane:sane:1.0.7
cpe:/a:sane:sane:1.0.7_beta1
cpe:/a:sane:sane:1.0.7_beta2
cpe:/a:sane:sane:1.0.8
cpe:/a:sane:sane:1.0.9
cpe:/a:sane:sane-backend:1.0.10
CVE-2003-0778
2003-09-22T00:00:00.000-04:00
2008-09-10T15:20:25.540-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SCO
CSSA-2004-005.0
DEBIAN
DSA-379
MANDRAKE
MDKSA-2003:099
SUSE
SuSE-SA:2003:046
REDHAT
RHSA-2003:278
REDHAT
RHSA-2003:285
BID
8593
BID
8596
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).
cpe:/a:digium:asterisk:0.1.7
cpe:/a:digium:asterisk:0.1.8
cpe:/a:digium:asterisk:0.1.9
cpe:/a:digium:asterisk:0.1.9.1
cpe:/a:digium:asterisk:0.2
cpe:/a:digium:asterisk:0.3
cpe:/a:digium:asterisk:0.4
CVE-2003-0779
2003-09-22T00:00:00.000-04:00
2008-09-10T15:20:25.617-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A091103-1
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
cpe:/a:mysql:mysql:4.1.0:alpha
cpe:/a:mysql:mysql:4.1.0.0
cpe:/a:oracle:mysql:3.23
cpe:/a:oracle:mysql:3.23.2
cpe:/a:oracle:mysql:3.23.3
cpe:/a:oracle:mysql:3.23.4
cpe:/a:oracle:mysql:3.23.5
cpe:/a:oracle:mysql:3.23.8
cpe:/a:oracle:mysql:3.23.9
cpe:/a:oracle:mysql:3.23.10
cpe:/a:oracle:mysql:3.23.22
cpe:/a:oracle:mysql:3.23.23
cpe:/a:oracle:mysql:3.23.24
cpe:/a:oracle:mysql:3.23.25
cpe:/a:oracle:mysql:3.23.26
cpe:/a:oracle:mysql:3.23.27
cpe:/a:oracle:mysql:3.23.28
cpe:/a:oracle:mysql:3.23.28:gamma
cpe:/a:oracle:mysql:3.23.29
cpe:/a:oracle:mysql:3.23.30
cpe:/a:oracle:mysql:3.23.31
cpe:/a:oracle:mysql:3.23.32
cpe:/a:oracle:mysql:3.23.33
cpe:/a:oracle:mysql:3.23.34
cpe:/a:oracle:mysql:3.23.36
cpe:/a:oracle:mysql:3.23.37
cpe:/a:oracle:mysql:3.23.38
cpe:/a:oracle:mysql:3.23.39
cpe:/a:oracle:mysql:3.23.40
cpe:/a:oracle:mysql:3.23.41
cpe:/a:oracle:mysql:3.23.42
cpe:/a:oracle:mysql:3.23.43
cpe:/a:oracle:mysql:3.23.44
cpe:/a:oracle:mysql:3.23.45
cpe:/a:oracle:mysql:3.23.46
cpe:/a:oracle:mysql:3.23.47
cpe:/a:oracle:mysql:3.23.48
cpe:/a:oracle:mysql:3.23.49
cpe:/a:oracle:mysql:3.23.50
cpe:/a:oracle:mysql:3.23.51
cpe:/a:oracle:mysql:3.23.52
cpe:/a:oracle:mysql:3.23.53
cpe:/a:oracle:mysql:3.23.53a
cpe:/a:oracle:mysql:3.23.54
cpe:/a:oracle:mysql:3.23.54a
cpe:/a:oracle:mysql:3.23.55
cpe:/a:oracle:mysql:3.23.56
cpe:/a:oracle:mysql:4.0.0
cpe:/a:oracle:mysql:4.0.1
cpe:/a:oracle:mysql:4.0.2
cpe:/a:oracle:mysql:4.0.3
cpe:/a:oracle:mysql:4.0.4
cpe:/a:oracle:mysql:4.0.5
cpe:/a:oracle:mysql:4.0.5a
cpe:/a:oracle:mysql:4.0.6
cpe:/a:oracle:mysql:4.0.7
cpe:/a:oracle:mysql:4.0.7:gamma
cpe:/a:oracle:mysql:4.0.8
cpe:/a:oracle:mysql:4.0.8:gamma
cpe:/a:oracle:mysql:4.0.9
cpe:/a:oracle:mysql:4.0.9:gamma
cpe:/a:oracle:mysql:4.0.10
cpe:/a:oracle:mysql:4.0.11
cpe:/a:oracle:mysql:4.0.11:gamma
cpe:/a:oracle:mysql:4.0.12
cpe:/a:oracle:mysql:4.0.13
cpe:/a:oracle:mysql:4.0.14
cpe:/o:conectiva:linux:7.0
cpe:/o:conectiva:linux:8.0
cpe:/o:conectiva:linux:9.0
CVE-2003-0780
2003-09-22T00:00:00.000-04:00
2019-10-07T12:42:21.527-04:00
9.0
NETWORK
LOW
SINGLE_INSTANCE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONECTIVA
CLA-2003:743
FULLDISC
20030910 Buffer overflow in MySQL
BUGTRAQ
20030913 exploit for mysql -- [get_salt_from_password] problem
TRUSTIX
2003-0034
DEBIAN
DSA-381
CERT-VN
VU#516492
MANDRAKE
MDKSA-2003:094
REDHAT
RHSA-2003:281
REDHAT
RHSA-2003:282
BUGTRAQ
20030910 Buffer overflow in MySQL
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
cpe:/a:ecartis:ecartis:1.0.0
CVE-2003-0781
2004-05-04T00:00:00.000-04:00
2017-07-10T21:29:35.963-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-467
XF
ecartis-subscribe-password-disclosure(12929)
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
cpe:/a:ecartis:ecartis:1.0.0
CVE-2003-0782
2004-05-04T00:00:00.000-04:00
2017-07-10T21:29:36.027-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
DEBIAN
DSA-467
XF
ecartis-multiple-bo(12928)
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
cpe:/a:yongguang_zhang:hztty:2.0
CVE-2003-0783
2003-10-06T00:00:00.000-04:00
2017-07-10T21:29:36.073-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030921 Fw: 0x333hztty => hztty 2.0 local root exploit
SECTRACK
1007756
SECTRACK
1007757
DEBIAN
DSA-385
BID
8656
XF
hztty-bo(13243)
Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
CVE-2003-0784
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:25.960-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
AIXAPAR
IY47764
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
cpe:/h:brian_bassett:ipmasq:3.5.10
CVE-2003-0785
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:26.023-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-389
ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
cpe:/a:openbsd:openssh:3.7.1
cpe:/a:openbsd:openssh:3.7.1p1
CVE-2003-0786
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:26.103-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
FULLDISC
20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)
CERT-VN
VU#602204
CONFIRM
http://www.openssh.com/txt/sshpam.adv
BUGTRAQ
20030923 Portable OpenSSH 3.7.1p2 released
BUGTRAQ
20030923 Multiple PAM vulnerabilities in portable OpenSSH
BID
8677
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
cpe:/a:openbsd:openssh:3.7.1
cpe:/a:openbsd:openssh:3.7.1p1
CVE-2003-0787
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:26.163-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
FULLDISC
20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)
CERT-VN
VU#209807
CONFIRM
http://www.openssh.com/txt/sshpam.adv
BUGTRAQ
20030923 Portable OpenSSH 3.7.1p2 released
BUGTRAQ
20030923 Multiple PAM vulnerabilities in portable OpenSSH
BID
8677
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
cpe:/a:easy_software_products:cups:1.0.4
cpe:/a:easy_software_products:cups:1.0.4_8
cpe:/a:easy_software_products:cups:1.1.1
cpe:/a:easy_software_products:cups:1.1.4
cpe:/a:easy_software_products:cups:1.1.4_2
cpe:/a:easy_software_products:cups:1.1.4_3
cpe:/a:easy_software_products:cups:1.1.4_5
cpe:/a:easy_software_products:cups:1.1.6
cpe:/a:easy_software_products:cups:1.1.7
cpe:/a:easy_software_products:cups:1.1.10
cpe:/a:easy_software_products:cups:1.1.12
cpe:/a:easy_software_products:cups:1.1.13
cpe:/a:easy_software_products:cups:1.1.14
cpe:/a:easy_software_products:cups:1.1.15
cpe:/a:easy_software_products:cups:1.1.16
cpe:/a:easy_software_products:cups:1.1.17
cpe:/a:easy_software_products:cups:1.1.18
CVE-2003-0788
2003-12-01T00:00:00.000-05:00
2017-07-10T21:29:36.133-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
MISC
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97958
CONECTIVA
CLA-2003:779
CONECTIVA
CLA-2003:788
MANDRAKE
MDKSA-2003:104
REDHAT
RHSA-2003:275
BID
8952
TURBO
TLSA-2003-63
XF
cups-ipp-dos(13584)
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).
cpe:/a:apache:http_server:2.0.48
CVE-2003-0789
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:36.197-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
CONFIRM
http://apache.secsup.org/dist/httpd/Announcement2.html
CONECTIVA
CLA-2003:775
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
APPLE
APPLE-SA-2004-01-26
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00045.html
BUGTRAQ
20031031 GLSA: apache (200310-04)
GENTOO
200310-04
CIAC
O-015
MANDRAKE
MDKSA-2003:103
REDHAT
RHSA-2003:320
HP
HPSBUX0311-301
BID
8926
BID
9504
XF
apache-modcgi-info-disclosure(13552)
MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
CVE-2003-0790
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:28.117-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a broken component of fetchmail that is not "reachable" by any execution path, so it cannot be triggered by any sort of attack and is not exploitable.
cpe:/a:mozilla:mozilla:0.8
cpe:/a:mozilla:mozilla:0.9.2
cpe:/a:mozilla:mozilla:0.9.2.1
cpe:/a:mozilla:mozilla:0.9.3
cpe:/a:mozilla:mozilla:0.9.4
cpe:/a:mozilla:mozilla:0.9.4.1
cpe:/a:mozilla:mozilla:0.9.5
cpe:/a:mozilla:mozilla:0.9.6
cpe:/a:mozilla:mozilla:0.9.7
cpe:/a:mozilla:mozilla:0.9.8
cpe:/a:mozilla:mozilla:0.9.9
cpe:/a:mozilla:mozilla:0.9.35
cpe:/a:mozilla:mozilla:0.9.48
cpe:/a:mozilla:mozilla:1.0
cpe:/a:mozilla:mozilla:1.0:rc1
cpe:/a:mozilla:mozilla:1.0:rc2
cpe:/a:mozilla:mozilla:1.0.1
cpe:/a:mozilla:mozilla:1.0.2
cpe:/a:mozilla:mozilla:1.1
cpe:/a:mozilla:mozilla:1.1:alpha
cpe:/a:mozilla:mozilla:1.1:beta
cpe:/a:mozilla:mozilla:1.2
cpe:/a:mozilla:mozilla:1.2:alpha
cpe:/a:mozilla:mozilla:1.2:beta
cpe:/a:mozilla:mozilla:1.2.1
cpe:/a:mozilla:mozilla:1.3
cpe:/a:mozilla:mozilla:1.3.1
cpe:/a:mozilla:mozilla:1.4
cpe:/a:mozilla:mozilla:1.4:alpha
cpe:/a:mozilla:mozilla:1.4:beta
cpe:/o:sco:openserver:5.0.7
CVE-2003-0791
2003-10-07T00:00:00.000-04:00
2008-09-10T15:20:29.147-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2005-05-24T17:50:00.000-04:00
ALLOWS_USER_ACCESS
MANDRAKE
MDKSA-2004:021
SCO
SCOSA-2004.8
BID
9322
MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=221526
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
cpe:/a:fetchmail:fetchmail:4.5.1
cpe:/a:fetchmail:fetchmail:4.5.2
cpe:/a:fetchmail:fetchmail:4.5.3
cpe:/a:fetchmail:fetchmail:4.5.4
cpe:/a:fetchmail:fetchmail:4.5.5
cpe:/a:fetchmail:fetchmail:4.5.6
cpe:/a:fetchmail:fetchmail:4.5.7
cpe:/a:fetchmail:fetchmail:4.5.8
cpe:/a:fetchmail:fetchmail:4.6.0
cpe:/a:fetchmail:fetchmail:4.6.1
cpe:/a:fetchmail:fetchmail:4.6.2
cpe:/a:fetchmail:fetchmail:4.6.3
cpe:/a:fetchmail:fetchmail:4.6.4
cpe:/a:fetchmail:fetchmail:4.6.5
cpe:/a:fetchmail:fetchmail:4.6.6
cpe:/a:fetchmail:fetchmail:4.6.7
cpe:/a:fetchmail:fetchmail:4.6.8
cpe:/a:fetchmail:fetchmail:4.6.9
cpe:/a:fetchmail:fetchmail:4.7.0
cpe:/a:fetchmail:fetchmail:4.7.1
cpe:/a:fetchmail:fetchmail:4.7.2
cpe:/a:fetchmail:fetchmail:4.7.3
cpe:/a:fetchmail:fetchmail:4.7.4
cpe:/a:fetchmail:fetchmail:4.7.5
cpe:/a:fetchmail:fetchmail:4.7.6
cpe:/a:fetchmail:fetchmail:4.7.7
cpe:/a:fetchmail:fetchmail:5.0.0
cpe:/a:fetchmail:fetchmail:5.0.1
cpe:/a:fetchmail:fetchmail:5.0.2
cpe:/a:fetchmail:fetchmail:5.0.3
cpe:/a:fetchmail:fetchmail:5.0.4
cpe:/a:fetchmail:fetchmail:5.0.5
cpe:/a:fetchmail:fetchmail:5.0.6
cpe:/a:fetchmail:fetchmail:5.0.7
cpe:/a:fetchmail:fetchmail:5.0.8
cpe:/a:fetchmail:fetchmail:5.1.0
cpe:/a:fetchmail:fetchmail:5.1.4
cpe:/a:fetchmail:fetchmail:5.2.0
cpe:/a:fetchmail:fetchmail:5.2.1
cpe:/a:fetchmail:fetchmail:5.2.3
cpe:/a:fetchmail:fetchmail:5.2.4
cpe:/a:fetchmail:fetchmail:5.2.7
cpe:/a:fetchmail:fetchmail:5.2.8
cpe:/a:fetchmail:fetchmail:5.3.0
cpe:/a:fetchmail:fetchmail:5.3.1
cpe:/a:fetchmail:fetchmail:5.3.3
cpe:/a:fetchmail:fetchmail:5.3.8
cpe:/a:fetchmail:fetchmail:5.4.0
cpe:/a:fetchmail:fetchmail:5.4.3
cpe:/a:fetchmail:fetchmail:5.4.4
cpe:/a:fetchmail:fetchmail:5.4.5
cpe:/a:fetchmail:fetchmail:5.5.0
cpe:/a:fetchmail:fetchmail:5.5.2
cpe:/a:fetchmail:fetchmail:5.5.3
cpe:/a:fetchmail:fetchmail:5.5.5
cpe:/a:fetchmail:fetchmail:5.5.6
cpe:/a:fetchmail:fetchmail:5.6.0
cpe:/a:fetchmail:fetchmail:5.7.0
cpe:/a:fetchmail:fetchmail:5.7.2
cpe:/a:fetchmail:fetchmail:5.7.4
cpe:/a:fetchmail:fetchmail:5.8
cpe:/a:fetchmail:fetchmail:5.8.1
cpe:/a:fetchmail:fetchmail:5.8.2
cpe:/a:fetchmail:fetchmail:5.8.3
cpe:/a:fetchmail:fetchmail:5.8.4
cpe:/a:fetchmail:fetchmail:5.8.5
cpe:/a:fetchmail:fetchmail:5.8.6
cpe:/a:fetchmail:fetchmail:5.8.11
cpe:/a:fetchmail:fetchmail:5.8.13
cpe:/a:fetchmail:fetchmail:5.8.14
cpe:/a:fetchmail:fetchmail:5.8.17
cpe:/a:fetchmail:fetchmail:5.9.0
cpe:/a:fetchmail:fetchmail:5.9.4
cpe:/a:fetchmail:fetchmail:5.9.5
cpe:/a:fetchmail:fetchmail:5.9.8
cpe:/a:fetchmail:fetchmail:5.9.10
cpe:/a:fetchmail:fetchmail:5.9.11
cpe:/a:fetchmail:fetchmail:5.9.13
cpe:/a:fetchmail:fetchmail:6.0.0
cpe:/a:fetchmail:fetchmail:6.1.0
cpe:/a:fetchmail:fetchmail:6.1.3
cpe:/a:fetchmail:fetchmail:6.2.0
cpe:/a:fetchmail:fetchmail:6.2.1
cpe:/a:fetchmail:fetchmail:6.2.2
cpe:/a:fetchmail:fetchmail:6.2.3
cpe:/a:fetchmail:fetchmail:6.2.4
CVE-2003-0792
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:36.277-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SCO
CSSA-2004-004.0
BUGTRAQ
20040220 LNSA-#2004-0002: Fetchmail 6.2.4 and earlier remote denial of service
GENTOO
GLSA-200403-10
MANDRAKE
MDKSA-2003:101
IMMUNIX
IMNX-2003-7+-023-01
BID
8843
TURBO
TLSA-2003-61
XF
fetchmail-email-dos(13450)
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
cpe:/a:gnome:gdm:2.2.5.4
cpe:/a:gnome:gdm:2.4.1
cpe:/a:gnome:gdm:2.4.1.1
cpe:/a:gnome:gdm:2.4.1.2
cpe:/a:gnome:gdm:2.4.1.3
cpe:/a:gnome:gdm:2.4.1.4
cpe:/a:gnome:gdm:2.4.1.5
cpe:/a:gnome:gdm:2.4.1.6
cpe:/a:gnome:gdm:2.4.4
CVE-2003-0793
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:36.353-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
CONECTIVA
CLA-2003:766
MANDRAKE
MDKSA-2003:100
BID
8846
XF
gdm-dos(13447)
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
cpe:/a:gnome:gdm:2.2.5.4
cpe:/a:gnome:gdm:2.4.1
cpe:/a:gnome:gdm:2.4.1.1
cpe:/a:gnome:gdm:2.4.1.2
cpe:/a:gnome:gdm:2.4.1.3
cpe:/a:gnome:gdm:2.4.1.4
cpe:/a:gnome:gdm:2.4.1.5
cpe:/a:gnome:gdm:2.4.1.6
cpe:/a:gnome:gdm:2.4.4
CVE-2003-0794
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:36.417-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
CONECTIVA
CLA-2003:766
MANDRAKE
MDKSA-2003:100
BID
8846
XF
gdm-command-dos(13448)
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
cpe:/a:gnu:zebra:0.91a
cpe:/a:gnu:zebra:0.92a
cpe:/a:gnu:zebra:0.93a
cpe:/a:gnu:zebra:0.93b
cpe:/a:quagga:quagga:0.95
cpe:/a:quagga:quagga:0.96
cpe:/a:quagga:quagga:0.96.1
cpe:/a:quagga:quagga:0.96.2
cpe:/a:quagga:quagga:0.96.3
cpe:/a:sgi:propack:2.2.1
cpe:/a:sgi:propack:2.3
CVE-2003-0795
2003-12-15T00:00:00.000-05:00
2016-10-17T22:37:28.367-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031114 Quagga remote vulnerability
DEBIAN
DSA-415
REDHAT
RHSA-2003:305
REDHAT
RHSA-2003:307
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
cpe:/o:sgi:irix:6.5.21f
cpe:/o:sgi:irix:6.5.21m
cpe:/o:sgi:irix:6.5.22
CVE-2003-0796
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:36.493-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SGI
20031102-01-P
SGI
20031102-02-P
BID
9085
XF
rpcmountd-mount-gain-access(13807)
Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled.
cpe:/o:sgi:irix:6.5
cpe:/o:sgi:irix:6.5.1
cpe:/o:sgi:irix:6.5.2
cpe:/o:sgi:irix:6.5.3
cpe:/o:sgi:irix:6.5.4
cpe:/o:sgi:irix:6.5.5
cpe:/o:sgi:irix:6.5.6
cpe:/o:sgi:irix:6.5.7
cpe:/o:sgi:irix:6.5.8
cpe:/o:sgi:irix:6.5.9
cpe:/o:sgi:irix:6.5.10
cpe:/o:sgi:irix:6.5.11
cpe:/o:sgi:irix:6.5.12
cpe:/o:sgi:irix:6.5.13
cpe:/o:sgi:irix:6.5.14
cpe:/o:sgi:irix:6.5.15
cpe:/o:sgi:irix:6.5.16
cpe:/o:sgi:irix:6.5.17f
cpe:/o:sgi:irix:6.5.17m
cpe:/o:sgi:irix:6.5.18
cpe:/o:sgi:irix:6.5.18f
cpe:/o:sgi:irix:6.5.18m
cpe:/o:sgi:irix:6.5.19
cpe:/o:sgi:irix:6.5.19f
cpe:/o:sgi:irix:6.5.19m
cpe:/o:sgi:irix:6.5.20
cpe:/o:sgi:irix:6.5.20f
cpe:/o:sgi:irix:6.5.20m
cpe:/o:sgi:irix:6.5.21
cpe:/o:sgi:irix:6.5.21f
cpe:/o:sgi:irix:6.5.21m
cpe:/o:sgi:irix:6.5.22
CVE-2003-0797
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:36.573-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20031102-01-P
SGI
20031102-02-P
BID
9084
XF
rpcmountd-dos(13808)
Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors.
CVE-2003-0798
2017-05-11T10:29:01.027-04:00
2017-05-11T10:29:01.027-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0799
2017-05-11T10:29:01.040-04:00
2017-05-11T10:29:01.040-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0800
2017-05-11T10:29:01.073-04:00
2017-05-11T10:29:01.073-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:nokia:electronic_documentation:5.0
CVE-2003-0801
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:29.993-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ATSTAKE
A091503-1
Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.
cpe:/a:nokia:electronic_documentation:5.0
CVE-2003-0802
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:30.057-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ATSTAKE
A091503-1
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
cpe:/a:nokia:electronic_documentation:5.0
CVE-2003-0803
2003-10-06T00:00:00.000-04:00
2008-09-10T15:20:30.117-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A091503-1
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x:10.2.7
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
cpe:/o:apple:mac_os_x_server:10.2.7
cpe:/o:freebsd:freebsd:4.0
cpe:/o:freebsd:freebsd:4.1
cpe:/o:freebsd:freebsd:4.1.1
cpe:/o:freebsd:freebsd:4.2
cpe:/o:freebsd:freebsd:4.3
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.6.2
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.8
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:freebsd:freebsd:5.0
cpe:/o:freebsd:freebsd:5.1
cpe:/o:openbsd:openbsd:3.2
cpe:/o:openbsd:openbsd:3.3
cpe:/o:openbsd:openbsd:3.4
CVE-2003-0804
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:30.570-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
FREEBSD
FreeBSD-SA-03:14
SGI
20040502-01-P
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
cpe:/a:university_of_minnesota:gopherd:2.0.3
cpe:/a:university_of_minnesota:gopherd:2.0.4
cpe:/a:university_of_minnesota:gopherd:2.3
cpe:/a:university_of_minnesota:gopherd:2.3.1
cpe:/a:university_of_minnesota:gopherd:3.0.0
cpe:/a:university_of_minnesota:gopherd:3.0.1
cpe:/a:university_of_minnesota:gopherd:3.0.2
cpe:/a:university_of_minnesota:gopherd:3.0.3
cpe:/a:university_of_minnesota:gopherd:3.0.4
cpe:/a:university_of_minnesota:gopherd:3.0.5
CVE-2003-0805
2003-10-06T00:00:00.000-04:00
2016-10-17T22:37:29.600-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer
BUGTRAQ
20030818 FW: [gopher] UMN Gopher 3.0.6 released
DEBIAN
DSA-387
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4::fr
cpe:/o:microsoft:windows_nt:4.0:sp6a
cpe:/o:microsoft:windows_xp::sp1:tablet_pc
CVE-2003-0806
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:06.303-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CIAC
O-114
CERT-VN
VU#471260
BID
10126
CERT
TA04-104A
MS
MS04-011
XF
win-winlogon-bo(15702)
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_xp::gold
CVE-2003-0807
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:07.320-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SECTRACK
1009762
CIAC
O-115
CERT-VN
VU#698564
BID
10123
CERT
TA04-104A
MS
MS04-012
XF
win-cis-rpc-http-dos(15709)
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0809
2003-11-17T00:00:00.000-05:00
2018-10-12T17:33:08.413-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BID
8565
MS
MS03-040
XF
ie-xmlobject-code-execution(13300)
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp:::media_center
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0812
2003-12-15T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031111 EEYE: Windows Workstation Service Remote Buffer Overflow
BUGTRAQ
20031112 Proof of concept for Windows Workstation Service overflow
CERT
CA-2003-28
CISCO
20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)
CERT-VN
VU#567620
BID
9011
MS
MS03-049
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::embedded
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:embedded
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0813
2003-11-17T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20031010 Re : [VERY] BAD news on RPC DCOM Exploit
FULLDISC
20031010 Re: Bad news on RPC DCOM vulnerability
FULLDISC
20031011 Bad news on RPC DCOM2 vulnerability
BUGTRAQ
20031010 Bad news on RPC DCOM vulnerability
BUGTRAQ
20031011 RE: Bad news on RPC DCOM vulnerability
NTBUGTRAQ
20031010 Bad news on RPC DCOM vulnerability
CERT-VN
VU#547820
BID
8811
MISC
http://www.securitylab.ru/_exploits/rpc2.c.txt
CERT
TA04-104A
ISS
20031014 Microsoft RPC Race Condition Denial of Service
MS
MS04-012
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0814
2004-02-03T00:00:00.000-05:00
2018-10-12T17:33:12.117-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SECTRACK
1007687
BUGTRAQ
20030910 MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method
CERT-VN
VU#326412
MISC
http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm
BUGTRAQ
20030911 LiuDieYu's missing files are here.
MS
MS03-048
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0815
2004-02-03T00:00:00.000-05:00
2018-10-12T17:33:13.883-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030910 MSIE->LinkillerJPU:another caller-based authorization(is broken).
BUGTRAQ
20030910 MSIE->Findeath: break caller-based authorization
SECTRACK
1007687
CIAC
O-021
BUGTRAQ
20030910 MSIE->LinkillerSaveRef:another caller-based authorization
MISC
http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM
MISC
http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM
MISC
http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM
BUGTRAQ
20030911 LiuDieYu's missing files are here.
BID
9014
MS
MS03-048
XF
ie-pointer-zone-bypass(13676)
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0816
2004-02-03T00:00:00.000-05:00
2018-10-12T17:33:17.007-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030910 MSIE->RefBack
BUGTRAQ
20030910 MSIE->NAFjpuInHistory
BUGTRAQ
20030910 MSIE->WsFakeSrc
BUGTRAQ
20030910 MSIE->WsOpenFileJPU
BUGTRAQ
20030910 MSIE->WsBASEjpu
BUGTRAQ
20030910 MSIE->BackMyParent2:Multi-Thread version
SECTRACK
1007687
BUGTRAQ
20030910 MSIE->WsOpenJpuInHistory
CERT-VN
VU#652452
CERT-VN
VU#771604
MISC
http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
MISC
http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
MISC
http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
MISC
http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
MISC
http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
MISC
http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
MISC
http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
MISC
http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
MISC
http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
BUGTRAQ
20030910 MSIE->NAFfileJPU
BUGTRAQ
20030911 LiuDieYu's missing files are here.
MS
MS03-048
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0817
2004-02-03T00:00:00.000-05:00
2018-10-12T17:33:21.663-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BID
9012
MS
MS03-048
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0818
2004-03-03T00:00:00.000-05:00
2019-04-30T10:27:13.710-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
BUGTRAQ
20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
NTBUGTRAQ
20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
NTBUGTRAQ
20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
CERT-VN
VU#216324
CERT-VN
VU#583108
CERT
TA04-041A
MS
MS04-007
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
cpe:/a:microsoft:proxy_server:2.0
cpe:/a:microsoft:proxy_server:2.0:sp1
CVE-2003-0819
2004-02-17T00:00:00.000-05:00
2018-10-12T17:33:24.757-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CERT
CA-2004-01
CERT-VN
VU#749342
BID
9406
BID
9408
SECTRACK
1008698
MISC
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
MS
MS04-001
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
cpe:/a:microsoft:word:97
cpe:/a:microsoft:word:97:::ja
cpe:/a:microsoft:word:97:::ko
cpe:/a:microsoft:word:97:::zh
cpe:/a:microsoft:word:97:sr1
cpe:/a:microsoft:word:97:sr2
cpe:/a:microsoft:word:98
cpe:/a:microsoft:word:98:::ja
cpe:/a:microsoft:word:98:::ko
cpe:/a:microsoft:word:98:::zh
cpe:/a:microsoft:word:98:sr1::ja
cpe:/a:microsoft:word:98:sr2::ja
cpe:/a:microsoft:word:2000
cpe:/a:microsoft:word:2000:::ja
cpe:/a:microsoft:word:2000:::ko
cpe:/a:microsoft:word:2000:::zh
cpe:/a:microsoft:word:2000:sp2
cpe:/a:microsoft:word:2000:sp3
cpe:/a:microsoft:word:2000:sr1
cpe:/a:microsoft:word:2000:sr1a
cpe:/a:microsoft:word:2002
cpe:/a:microsoft:word:2002:sp1
cpe:/a:microsoft:word:2002:sp2
cpe:/a:microsoft:works:2001
cpe:/a:microsoft:works:2002
cpe:/a:microsoft:works:2003
cpe:/a:microsoft:works:2004
CVE-2003-0820
2003-12-15T00:00:00.000-05:00
2018-10-12T17:33:25.557-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031015 Few issues previously unpublished in English
MISC
http://www.security.nnov.ru/search/document.asp?docid=5243
BID
8835
MS
MS03-050
XF
word-macro-execute-code(13682)
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
cpe:/a:microsoft:word:97
cpe:/a:microsoft:word:97:::ja
cpe:/a:microsoft:word:97:::ko
cpe:/a:microsoft:word:97:::zh
cpe:/a:microsoft:word:97:sr1
cpe:/a:microsoft:word:97:sr2
cpe:/a:microsoft:word:98
cpe:/a:microsoft:word:98:::ja
cpe:/a:microsoft:word:98:::ko
cpe:/a:microsoft:word:98:::zh
cpe:/a:microsoft:word:98:sr1::ja
cpe:/a:microsoft:word:98:sr2::ja
cpe:/a:microsoft:word:2000
cpe:/a:microsoft:word:2000:::ja
cpe:/a:microsoft:word:2000:::ko
cpe:/a:microsoft:word:2000:::zh
cpe:/a:microsoft:word:2000:sp2
cpe:/a:microsoft:word:2000:sp3
cpe:/a:microsoft:word:2000:sr1
cpe:/a:microsoft:word:2000:sr1a
cpe:/a:microsoft:word:2002
cpe:/a:microsoft:word:2002:sp1
cpe:/a:microsoft:word:2002:sp2
cpe:/a:microsoft:works:2001
cpe:/a:microsoft:works:2002
cpe:/a:microsoft:works:2003
cpe:/a:microsoft:works:2004
CVE-2003-0821
2003-12-15T00:00:00.000-05:00
2018-10-12T17:33:26.757-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BID
9010
MS
MS03-050
XF
excel-macro-execute-code(13681)
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
cpe:/a:microsoft:frontpage_server_extensions:2000
cpe:/a:microsoft:frontpage_server_extensions:2002
cpe:/a:microsoft:sharepoint_team_services:2002
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0822
2003-12-15T00:00:00.000-05:00
2019-04-30T10:27:12.397-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031112 Frontpage Extensions Remote Command Execution
NTBUGTRAQ
20031112 Frontpage Extensions Remote Command Execution
CERT-VN
VU#279156
MS
MS03-051
XF
fpse-debug-bo(13674)
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0823
2004-02-03T00:00:00.000-05:00
2018-10-12T17:33:29.133-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030910 MSIE->HijackClick: 1+1=2
CERT-VN
VU#413886
BUGTRAQ
20030911 LiuDieYu's missing files are here.
SECTRACK
1006036
MS
MS03-048
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
cpe:/a:microsoft:frontpage_server_extensions:2000
cpe:/a:microsoft:frontpage_server_extensions:2002
cpe:/a:microsoft:sharepoint_team_services:2002
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_xp::gold:professional
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_xp::sp1:home
CVE-2003-0824
2003-12-15T00:00:00.000-05:00
2019-04-30T10:27:12.397-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CERT-VN
VU#179012
MS
MS03-051
XF
fpse-smarthtml-dos(13680)
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_2003_server::r2:x64
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp1:server
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp2:server
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:server
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:server
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp5:server
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6:server
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:server
CVE-2003-0825
2004-03-03T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CIAC
O-077
CERT-VN
VU#445214
BID
9624
MS
MS04-006
XF
win-wins-gsflag-dos(15037)
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
cpe:/a:gnu:lsh:1.4
cpe:/a:gnu:lsh:1.4.1
cpe:/a:gnu:lsh:1.4.2
CVE-2003-0826
2003-10-06T00:00:00.000-04:00
2016-10-17T22:37:41.197-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://bugs.debian.org/211662
FULLDISC
20030919 lsh patch (was Re: [Full-Disclosure] new ssh exploit?)
CONFIRM
http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html
BUGTRAQ
20030919 Remote root vuln in lsh 1.4.x
BUGTRAQ
20030920 LSH: Buffer overrun and remote root compromise in lshd
DEBIAN
DSA-717
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
cpe:/a:ibm:db2_universal_database:7.1::linux
cpe:/a:ibm:db2_universal_database:7.2::linux
CVE-2003-0827
2003-10-06T00:00:00.000-04:00
2016-10-17T22:37:42.433-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030919 AppSecInc Security Alert: Denial of Service Vulnerability in DB2 Discovery Service
AIXAPAR
IY47686
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
cpe:/a:gus_and_psilord:freesweep:0.88
cpe:/a:gus_and_psilord:freesweep:0.90
CVE-2003-0828
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:37.180-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-391
BID
8716
XF
freesweep-bo(13301)
Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables.
cpe:/a:marbles:marbles:1.0.1
CVE-2003-0830
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:35.757-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-390
Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable.
cpe:/a:proftpd_project:proftpd:1.2.7
cpe:/a:proftpd_project:proftpd:1.2.7_rc1
cpe:/a:proftpd_project:proftpd:1.2.7_rc2
cpe:/a:proftpd_project:proftpd:1.2.7_rc3
cpe:/a:proftpd_project:proftpd:1.2.8
cpe:/a:proftpd_project:proftpd:1.2.8_rc1
cpe:/a:proftpd_project:proftpd:1.2.8_rc2
cpe:/a:proftpd_project:proftpd:1.2.9_rc1
cpe:/a:proftpd_project:proftpd:1.2.9_rc2
CVE-2003-0831
2003-11-17T00:00:00.000-05:00
2017-10-04T21:29:00.417-04:00
9.0
NETWORK
LOW
SINGLE_INSTANCE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
FULLDISC
20031014 Another ProFTPd root EXPLOIT ?
BUGTRAQ
20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)
BUGTRAQ
20031013 Remote root exploit for proftpd \n bug
CERT-VN
VU#405348
MANDRAKE
MDKSA-2003:095
ISS
20030923 ProFTPD ASCII File Remote Compromise Vulnerability
XF
proftpd-ascii-xfer-newline-bo(12200)
EXPLOIT-DB
107
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
cpe:/a:webfs:webfs:1.17
cpe:/a:webfs:webfs:1.18
cpe:/a:webfs:webfs:1.19
cpe:/a:webfs:webfs:1.20
CVE-2003-0832
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:35.897-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
DEBIAN
DSA-392
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
cpe:/a:webfs:webfs:1.17
cpe:/a:webfs:webfs:1.18
cpe:/a:webfs:webfs:1.19
cpe:/a:webfs:webfs:1.20
CVE-2003-0833
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:35.993-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-392
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
cpe:/o:sco:open_unix:8.0
cpe:/o:sco:unixware:7.1.1
cpe:/o:sco:unixware:7.1.3
CVE-2003-0834
2003-12-01T00:00:00.000-05:00
2018-05-02T21:29:22.803-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SGI
20040801-01-P
HP
HPSBUX0311-297
SUNALERT
57414
IDEFENSE
20040825 CDE libDtHelp LOGNAME Buffer Overflow Vulnerability
CERT-VN
VU#575804
BID
8973
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
cpe:/a:mplayer:mplayer:0.90
cpe:/a:mplayer:mplayer:0.90_pre
cpe:/a:mplayer:mplayer:0.90_rc
cpe:/a:mplayer:mplayer:0.90_rc4
cpe:/a:mplayer:mplayer:0.91
cpe:/a:mplayer:mplayer:1.0_pre1
CVE-2003-0835
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:44.853-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:760
BUGTRAQ
20030925 MPlayer Security Advisory #01: Remotely exploitable buffer overflow
BUGTRAQ
20030926 Mplayer Buffer Overflow
BUGTRAQ
20030929 GLSA: media-video/mplayer (200309-15)
CONFIRM
http://www.mplayerhq.hu/homepage/design6/news.html
Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.
cpe:/a:ibm:db2_universal_database:7.2::linux
cpe:/a:ibm:db2_universal_database:8.1::aix
CVE-2003-0836
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:37.647-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.
cpe:/a:ibm:db2_universal_database:7.2::linux
CVE-2003-0837
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:37.307-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031001 ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability
BID
8743
XF
db2-invoke-bo(13331)
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-0838
2003-11-17T00:00:00.000-05:00
2018-10-12T17:33:33.447-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030907 BAD NEWS: Microsoft Security Bulletin MS03-032
BUGTRAQ
20030907 BAD NEWS: Microsoft Security Bulletin MS03-032
BUGTRAQ
20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032
NTBUGTRAQ
20030907 BAD NEWS: Microsoft Security Bulletin MS03-032
MISC
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
NTBUGTRAQ
20031001 DNS/Hosts file issues
BID
8556
MS
MS03-040
XF
ie-popup-code-execution(13314)
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
cpe:/o:microsoft:windows_2003_server:r2
CVE-2003-0839
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:48.793-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20031008 Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability
MISC
http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
cpe:/o:hp:hp-ux:11.00
CVE-2003-0840
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:50.137-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031008 HPUX dtprintinfo buffer overflow vulnerability
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.
cpe:/a:oracle:peopletools:8.42
CVE-2003-0841
2003-11-17T00:00:00.000-05:00
2019-08-19T11:38:36.060-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2019-08-15T13:42:51.200-04:00
BUGTRAQ
20031007 PeopleSoft Grid Option Vulnerability
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
cpe:/a:dag_apt_repository:mod_gzip:1.3.26.1a
CVE-2003-0842
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:52.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030601 Mod_gzip Debug Mode Vulnerabilities
Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header.
cpe:/a:dag_apt_repository:mod_gzip:1.3.26.1a
CVE-2003-0843
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:53.730-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030601 Mod_gzip Debug Mode Vulnerabilities
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
cpe:/a:dag_apt_repository:mod_gzip:1.3.26.1a
CVE-2003-0844
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:54.887-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030601 Mod_gzip Debug Mode Vulnerabilities
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
CVE-2003-0845
2003-11-17T00:00:00.000-05:00
2017-10-10T21:29:15.307-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031005 JBoss 3.2.1: Remote Command Injection
BUGTRAQ
20031006 Update JBoss 308 & 321: Remote Command Injection
CONFIRM
http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866
REDHAT
RHSA-2007:1048
BID
8773
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
cpe:/o:suse:suse_linux:7.3::pro
CVE-2003-0846
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:57.373-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031006 Local root exploit in SuSE Linux 7.3Pro
BUGTRAQ
20031006 Re: Local root exploit in SuSE Linux 8.2Pro
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.
cpe:/o:suse:suse_linux:8.2::professional
CVE-2003-0847
2003-11-17T00:00:00.000-05:00
2016-10-17T22:37:58.527-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031006 Local root exploit in SuSE Linux 8.2Pro
BUGTRAQ
20031006 Re: Local root exploit in SuSE Linux 8.2Pro
SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.
cpe:/a:slocate:slocate:2.1
cpe:/a:slocate:slocate:2.2
cpe:/a:slocate:slocate:2.3
cpe:/a:slocate:slocate:2.4
cpe:/a:slocate:slocate:2.5
cpe:/a:slocate:slocate:2.6
CVE-2003-0848
2003-11-17T00:00:00.000-05:00
2017-10-10T21:29:15.387-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SCO
CSSA-2004-001.0
SGI
20040201-01-U
SGI
20040202-01-U
BUGTRAQ
20031006 SA-20031006 slocate vulnerability
BUGTRAQ
20031011 SA-20031006 slocate buffer overflow - exploitation proof
REDHAT
RHSA-2004:040
DEBIAN
DSA-428
MISC
http://www.ebitech.sk/patrik/SA/SA-20031006.txt
MISC
http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt
MANDRAKE
MDKSA-2004:004
FEDORA
FEDORA-2004-059
REDHAT
RHSA-2004:041
TRUSTIX
2004-0005
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
cpe:/a:gnu:cfengine:2.0.0
cpe:/a:gnu:cfengine:2.0.1
cpe:/a:gnu:cfengine:2.0.2
cpe:/a:gnu:cfengine:2.0.3
cpe:/a:gnu:cfengine:2.0.4
cpe:/a:gnu:cfengine:2.0.5
cpe:/a:gnu:cfengine:2.0.5:b1
cpe:/a:gnu:cfengine:2.0.5:pre
cpe:/a:gnu:cfengine:2.0.5:pre2
cpe:/a:gnu:cfengine:2.0.6
cpe:/a:gnu:cfengine:2.0.7
cpe:/a:gnu:cfengine:2.0.7:p1
cpe:/a:gnu:cfengine:2.0.7:p2
cpe:/a:gnu:cfengine:2.0.7:p3
cpe:/a:gnu:cfengine:2.1.0:a6
cpe:/a:gnu:cfengine:2.1.0:a8
cpe:/a:gnu:cfengine:2.1.0:a9
CVE-2003-0849
2003-11-17T00:00:00.000-05:00
2016-10-17T22:38:00.937-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030925 Cfengine2 cfservd remote stack overflow
BUGTRAQ
20030928 cfengine2-2.0.3 remote exploit for redhat
BUGTRAQ
20031005 GLSA: cfengine (200310-02)
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
cpe:/a:dug_song:dsniff:2.3
cpe:/a:rafal_wojtczuk:libnids:1.11
cpe:/a:rafal_wojtczuk:libnids:1.12
cpe:/a:rafal_wojtczuk:libnids:1.13
cpe:/a:rafal_wojtczuk:libnids:1.14
cpe:/a:rafal_wojtczuk:libnids:1.16
cpe:/a:rafal_wojtczuk:libnids:1.17
CVE-2003-0850
2003-11-17T00:00:00.000-05:00
2016-10-17T22:38:02.280-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:773
BUGTRAQ
20031027 Libnids <= 1.17 buffer overflow
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=191323
DEBIAN
DSA-410
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
cpe:/a:cisco:css11000_content_services_switch
cpe:/a:cisco:pix_firewall:6.2.2_.111
cpe:/a:openssl:openssl:0.9.6
cpe:/a:openssl:openssl:0.9.6a
cpe:/a:openssl:openssl:0.9.6b
cpe:/a:openssl:openssl:0.9.6c
cpe:/a:openssl:openssl:0.9.6d
cpe:/a:openssl:openssl:0.9.6e
cpe:/a:openssl:openssl:0.9.6f
cpe:/a:openssl:openssl:0.9.6g
cpe:/a:openssl:openssl:0.9.6h
cpe:/a:openssl:openssl:0.9.6i
cpe:/a:openssl:openssl:0.9.6j
cpe:/a:openssl:openssl:0.9.6k
cpe:/a:openssl:openssl:0.9.7
cpe:/a:openssl:openssl:0.9.7a
cpe:/a:openssl:openssl:0.9.7b
cpe:/o:cisco:ios:12.1%2811%29e
cpe:/o:cisco:ios:12.1%2811b%29e
cpe:/o:cisco:ios:12.2sx
cpe:/o:cisco:ios:12.2sy
cpe:/o:cisco:pix_firewall_software:6.0
cpe:/o:cisco:pix_firewall_software:6.0%281%29
cpe:/o:cisco:pix_firewall_software:6.0%282%29
cpe:/o:cisco:pix_firewall_software:6.0%283%29
cpe:/o:cisco:pix_firewall_software:6.0%284%29
cpe:/o:cisco:pix_firewall_software:6.0%284.101%29
cpe:/o:cisco:pix_firewall_software:6.1
cpe:/o:cisco:pix_firewall_software:6.1%281%29
cpe:/o:cisco:pix_firewall_software:6.1%282%29
cpe:/o:cisco:pix_firewall_software:6.1%283%29
cpe:/o:cisco:pix_firewall_software:6.1%284%29
cpe:/o:cisco:pix_firewall_software:6.1%285%29
cpe:/o:cisco:pix_firewall_software:6.2
cpe:/o:cisco:pix_firewall_software:6.2%281%29
cpe:/o:cisco:pix_firewall_software:6.2%282%29
cpe:/o:cisco:pix_firewall_software:6.2%283%29
cpe:/o:cisco:pix_firewall_software:6.3%281%29
cpe:/o:cisco:pix_firewall_software:6.3%283.102%29
CVE-2003-0851
2003-12-01T00:00:00.000-05:00
2018-10-30T12:26:18.123-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
NETBSD
NetBSD-SA2004-003
SGI
20040304-01-U
BUGTRAQ
20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing
BUGTRAQ
20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability
REDHAT
RHSA-2004:119
CISCO
20030930 SSL Implementation Vulnerabilities
CERT-VN
VU#412478
CONFIRM
http://www.openssl.org/news/secadv_20031104.txt
FEDORA
FEDORA-2005-1042
BID
8970
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
cpe:/a:sylpheed:sylpheed:0.9.4
cpe:/a:sylpheed:sylpheed:0.9.5
cpe:/a:sylpheed:sylpheed:0.9.6
cpe:/a:sylpheed-claws:sylpheed-claws:0.9.4
cpe:/a:sylpheed-claws:sylpheed-claws:0.9.5
cpe:/a:sylpheed-claws:sylpheed-claws:0.9.6
CVE-2003-0852
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:37.430-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
FULLDISC
20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows
CONFIRM
http://sylpheed.good-day.net/#changes
MISC
http://www.guninski.com/sylph.html
BID
8877
XF
sylpheed-smtp-format-string(13508)
Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.
cpe:/a:gnu:fileutils:4.0
cpe:/a:gnu:fileutils:4.0.36
cpe:/a:gnu:fileutils:4.1
cpe:/a:gnu:fileutils:4.1.6
cpe:/a:gnu:fileutils:4.1.7
cpe:/a:washington_university:wu-ftpd:2.4.1
cpe:/a:washington_university:wu-ftpd:2.4.2_beta2::academ
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18::academ
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr7
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15
cpe:/a:washington_university:wu-ftpd:2.4.2_vr16
cpe:/a:washington_university:wu-ftpd:2.4.2_vr17
cpe:/a:washington_university:wu-ftpd:2.5.0
cpe:/a:washington_university:wu-ftpd:2.6.0
cpe:/a:washington_university:wu-ftpd:2.6.1
cpe:/a:washington_university:wu-ftpd:2.6.2
CVE-2003-0853
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:44.070-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONECTIVA
CLA-2003:768
CONECTIVA
CLA-2003:771
FULLDISC
20031022 Fun with /bin/ls, yet still ls better than windows
CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
MISC
http://www.guninski.com/binls.html
MANDRAKE
MDKSA-2003:106
REDHAT
RHSA-2003:309
REDHAT
RHSA-2003:310
IMMUNIX
IMNX-2003-7+-026-01
BID
8875
TURBO
TLSA-2003-60
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
cpe:/a:gnu:fileutils:4.0
cpe:/a:gnu:fileutils:4.0.36
cpe:/a:gnu:fileutils:4.1
cpe:/a:gnu:fileutils:4.1.6
cpe:/a:gnu:fileutils:4.1.7
cpe:/a:washington_university:wu-ftpd:2.4.1
cpe:/a:washington_university:wu-ftpd:2.4.2_beta2::academ
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18::academ
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr7
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14
cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15
cpe:/a:washington_university:wu-ftpd:2.4.2_vr16
cpe:/a:washington_university:wu-ftpd:2.4.2_vr17
cpe:/a:washington_university:wu-ftpd:2.5.0
cpe:/a:washington_university:wu-ftpd:2.6.0
cpe:/a:washington_university:wu-ftpd:2.6.1
cpe:/a:washington_university:wu-ftpd:2.6.2
CVE-2003-0854
2003-11-17T00:00:00.000-05:00
2017-10-10T21:29:15.467-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:768
CONECTIVA
CLA-2003:771
FULLDISC
20031022 Fun with /bin/ls, yet still ls better than windows
CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
DEBIAN
DSA-705
MISC
http://www.guninski.com/binls.html
MANDRAKE
MDKSA-2003:106
REDHAT
RHSA-2003:309
REDHAT
RHSA-2003:310
IMMUNIX
IMNX-2003-7+-026-01
TURBO
TLSA-2003-60
EXPLOIT-DB
115
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
cpe:/a:charles_kerr:pan:0.13.3
CVE-2003-0855
2003-11-03T00:00:00.000-05:00
2008-09-05T16:35:26.593-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SGI
20040202-01-U
CONFIRM
http://bugzilla.gnome.org/show_bug.cgi?id=107025
CONFIRM
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107519
REDHAT
RHSA-2003:311
REDHAT
RHSA-2003:312
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.
cpe:/a:stephen_hemminger:iproute:2.4.7
CVE-2003-0856
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:15.527-04:00
4.9
LOCAL
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
DEBIAN
DSA-492
SUSE
SUSE-SR:2005:001
FEDORA
FEDORA-2004-115
REDHAT
RHSA-2003:316
REDHAT
RHSA-2003:317
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
cpe:/o:redhat:enterprise_linux:2.1
cpe:/o:redhat:enterprise_linux:3.0
CVE-2003-0857
2003-12-31T00:00:00.000-05:00
2008-09-05T16:35:26.953-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-11-29T11:57:00.000-05:00
CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=108574
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
cpe:/a:gnu:zebra:0.91
cpe:/a:quagga:quagga_routing_software_suite:0.95
CVE-2003-0858
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:15.590-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
DEBIAN
DSA-415
REDHAT
RHSA-2003:305
REDHAT
RHSA-2003:307
REDHAT
RHSA-2003:315
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
cpe:/a:gnu:glibc:2.3.2
cpe:/a:gnu:zebra:0.91a
cpe:/a:gnu:zebra:0.92a
cpe:/a:gnu:zebra:0.93a
cpe:/a:gnu:zebra:0.93b
cpe:/a:quagga:quagga_routing_software_suite:0.96.2
cpe:/a:sgi:propack:2.2.1
cpe:/a:sgi:propack:2.3
cpe:/h:intel:ia64
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:redhat:enterprise_linux:3.0::advanced_servers
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
CVE-2003-0859
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:15.667-04:00
4.9
LOCAL
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
REDHAT
RHSA-2003:325
REDHAT
RHSA-2003:334
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
cpe:/a:php:php:4.0
cpe:/a:php:php:4.0.1
cpe:/a:php:php:4.0.1:patch1
cpe:/a:php:php:4.0.1:patch2
cpe:/a:php:php:4.0.2
cpe:/a:php:php:4.0.3
cpe:/a:php:php:4.0.3:patch1
cpe:/a:php:php:4.0.4
cpe:/a:php:php:4.0.5
cpe:/a:php:php:4.0.6
cpe:/a:php:php:4.0.7
cpe:/a:php:php:4.0.7:rc1
cpe:/a:php:php:4.0.7:rc2
cpe:/a:php:php:4.0.7:rc3
cpe:/a:php:php:4.1.0
cpe:/a:php:php:4.1.1
cpe:/a:php:php:4.1.2
cpe:/a:php:php:4.2::dev
cpe:/a:php:php:4.2.0
cpe:/a:php:php:4.2.1
cpe:/a:php:php:4.2.2
cpe:/a:php:php:4.2.3
cpe:/a:php:php:4.3.0
cpe:/a:php:php:4.3.1
cpe:/a:php:php:4.3.2
CVE-2003-0860
2003-11-17T00:00:00.000-05:00
2018-10-30T12:25:35.387-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://www.php.net/ChangeLog-4.php#4.3.3
CONFIRM
http://www.php.net/release_4_3_3.php
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
cpe:/a:php:php:4.0
cpe:/a:php:php:4.0.1
cpe:/a:php:php:4.0.1:patch1
cpe:/a:php:php:4.0.1:patch2
cpe:/a:php:php:4.0.2
cpe:/a:php:php:4.0.3
cpe:/a:php:php:4.0.3:patch1
cpe:/a:php:php:4.0.4
cpe:/a:php:php:4.0.5
cpe:/a:php:php:4.0.6
cpe:/a:php:php:4.0.7
cpe:/a:php:php:4.0.7:rc1
cpe:/a:php:php:4.0.7:rc2
cpe:/a:php:php:4.0.7:rc3
cpe:/a:php:php:4.1.0
cpe:/a:php:php:4.1.1
cpe:/a:php:php:4.1.2
cpe:/a:php:php:4.2::dev
cpe:/a:php:php:4.2.0
cpe:/a:php:php:4.2.1
cpe:/a:php:php:4.2.2
cpe:/a:php:php:4.2.3
cpe:/a:php:php:4.3.0
cpe:/a:php:php:4.3.1
cpe:/a:php:php:4.3.2
CVE-2003-0861
2003-11-17T00:00:00.000-05:00
2018-10-30T12:25:35.387-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://www.php.net/ChangeLog-4.php#4.3.3
CONFIRM
http://www.php.net/release_4_3_3.php
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
CVE-2003-0862
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:46.647-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0813. Reason: This candidate is a duplicate of CVE-2003-0813. Notes: All CVE users should reference CVE-2003-0813 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:php:php:4.3.0
cpe:/a:php:php:4.3.1
cpe:/a:php:php:4.3.2
CVE-2003-0863
2003-11-17T00:00:00.000-05:00
2018-10-30T12:25:35.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030716 PHP safe mode broken?
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
cpe:/a:ircnet:ircnet_ircd:2.10
cpe:/a:ircnet:ircnet_ircd:2.10.3_p3
CVE-2003-0864
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:37.493-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
ftp://ftp.irc.org/irc/server/ChangeLog
CONECTIVA
CLA-2003:765
BUGTRAQ
20031012 buffer overflow in IRCD software
BUGTRAQ
20031019 [OpenPKG-SA-2003.045] OpenPKG Security Advisory (ircd)
BID
8817
XF
ircd-mjoin-bo(13408)
Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.
cpe:/a:mpg123:mpg123:0.59r
cpe:/a:mpg123:mpg123:0.59s
CVE-2003-0865
2003-11-17T00:00:00.000-05:00
2016-10-17T22:38:07.217-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SCO
CSSA-2004-002.0
CONECTIVA
CLA-2003:781
BUGTRAQ
20030930 GLSA: mpg123 (200309-17)
DEBIAN
DSA-435
BUGTRAQ
20030923 mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit.
BID
8680
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
cpe:/a:apache:tomcat:4.0.0
cpe:/a:apache:tomcat:4.0.1
cpe:/a:apache:tomcat:4.0.2
cpe:/a:apache:tomcat:4.0.3
cpe:/a:apache:tomcat:4.0.4
cpe:/a:apache:tomcat:4.0.5
cpe:/a:apache:tomcat:4.0.6
CVE-2003-0866
2003-11-17T00:00:00.000-05:00
2019-03-25T07:29:02.783-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506
SUNALERT
239312
CONFIRM
http://tomcat.apache.org/security-4.html
DEBIAN
DSA-395
BID
8824
VUPEN
ADV-2008-1979
XF
tomcat-non-http-dos(13429)
MLIST
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
CVE-2003-0867
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:48.243-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0662. Reason: This candidate is a duplicate of CVE-2003-0662. Notes: All CVE users should reference CVE-2003-0662 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2003-0868
2017-05-11T10:29:01.087-04:00
2017-05-11T10:29:01.087-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0869
2017-05-11T10:29:01.103-04:00
2017-05-11T10:29:01.120-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:opera_software:opera_web_browser:7.11
cpe:/a:opera_software:opera_web_browser:7.20
CVE-2003-0870
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:37.620-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20031020 Opera HREF escaped server name overflow
ATSTAKE
A102003-1
BID
8853
XF
opera-escape-heap-overflow(13458)
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
cpe:/o:apple:mac_os_x:10.3
cpe:/o:apple:mac_os_x_server:10.3
CVE-2003-0871
2003-11-03T00:00:00.000-05:00
2008-09-10T15:20:48.383-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
APPLE
APPLE-SA-2003-10-28
BID
8922
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
cpe:/o:sco:openserver:5.0.5
CVE-2003-0872
2003-11-17T00:00:00.000-05:00
2008-09-05T16:35:29.047-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SCO
CSSA-2003-SCO.27
BID
8864
Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files.
CVE-2003-0873
2017-05-11T10:29:01.137-04:00
2017-05-11T10:29:01.137-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:deskpro:deskpro:1.1_.0
CVE-2003-0874
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:37.680-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20031020 Multiple SQL Injection Vulnerabilities in DeskPRO
BUGTRAQ
20031020 Multiple SQL Injection Vulnerabilities in DeskPRO
MISC
http://www.securiteam.com/unixfocus/6R0052K8KM.html
BID
8856
XF
deskpro-multiple-sql-injection(13391)
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.
cpe:/a:openslp:openslp:1.0.11
CVE-2003-0875
2003-11-17T00:00:00.000-05:00
2016-10-17T22:38:09.843-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONECTIVA
CLA-2003:723
BUGTRAQ
20030818 OpenSLP initscript symlink vulnerability
Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.
cpe:/o:apple:mac_os_x:10.0
cpe:/o:apple:mac_os_x:10.0.1
cpe:/o:apple:mac_os_x:10.0.2
cpe:/o:apple:mac_os_x:10.0.3
cpe:/o:apple:mac_os_x:10.0.4
cpe:/o:apple:mac_os_x:10.1
cpe:/o:apple:mac_os_x:10.1.1
cpe:/o:apple:mac_os_x:10.1.2
cpe:/o:apple:mac_os_x:10.1.3
cpe:/o:apple:mac_os_x:10.1.4
cpe:/o:apple:mac_os_x:10.1.5
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x:10.2.7
cpe:/o:apple:mac_os_x:10.2.8
cpe:/o:apple:mac_os_x_server:10.0
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
cpe:/o:apple:mac_os_x_server:10.2.7
cpe:/o:apple:mac_os_x_server:10.2.8
CVE-2003-0876
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:37.743-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
ATSTAKE
A102803-1
BID
8916
BID
8917
XF
macos-insecure-file-permissions(13537)
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
cpe:/o:apple:mac_os_x:10.0
cpe:/o:apple:mac_os_x:10.0.1
cpe:/o:apple:mac_os_x:10.0.2
cpe:/o:apple:mac_os_x:10.0.3
cpe:/o:apple:mac_os_x:10.0.4
cpe:/o:apple:mac_os_x:10.1
cpe:/o:apple:mac_os_x:10.1.1
cpe:/o:apple:mac_os_x:10.1.2
cpe:/o:apple:mac_os_x:10.1.3
cpe:/o:apple:mac_os_x:10.1.4
cpe:/o:apple:mac_os_x:10.1.5
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x:10.2.7
cpe:/o:apple:mac_os_x:10.2.8
CVE-2003-0877
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:37.790-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
ATSTAKE
A102803-1
BID
8914
BID
8917
XF
macos-core-files-symlink(13542)
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
cpe:/o:apple:mac_os_x:10.3
CVE-2003-0878
2003-11-03T00:00:00.000-05:00
2008-09-05T16:35:29.920-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.
CVE-2003-0879
2003-11-17T00:00:00.000-05:00
2008-09-10T15:20:51.477-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0518. Reason: This candidate is a reservation duplicate of CVE-2003-0518. Notes: All CVE users should reference CVE-2003-0518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/o:apple:mac_os_x:10.3
CVE-2003-0880
2003-11-03T00:00:00.000-05:00
2008-09-05T16:35:30.170-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
cpe:/o:apple:mac_os_x:10.3
CVE-2003-0881
2003-11-03T00:00:00.000-05:00
2008-09-05T16:35:30.327-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.
cpe:/o:apple:mac_os_x:10.3
CVE-2003-0882
2003-11-03T00:00:00.000-05:00
2008-09-05T16:35:30.483-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
cpe:/o:apple:mac_os_x:10.3
CVE-2003-0883
2003-11-03T00:00:00.000-05:00
2008-09-05T16:35:30.623-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.
cpe:/a:xscreensaver:xscreensaver:4.14
CVE-2003-0885
2003-12-31T00:00:00.000-05:00
2008-09-05T16:35:30.780-04:00
6.4
NETWORK
LOW
NONE
NONE
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-03-01T09:28:00.000-05:00
CONFIRM
http://bugs.gentoo.org/show_bug.cgi?id=41253
CONFIRM
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.
cpe:/a:hylafax:hylafax:4.1
cpe:/a:hylafax:hylafax:4.1.1
cpe:/a:hylafax:hylafax:4.1.2
cpe:/a:hylafax:hylafax:4.1.3
cpe:/a:hylafax:hylafax:4.1.5
cpe:/a:hylafax:hylafax:4.1.6
cpe:/a:hylafax:hylafax:4.1.7
CVE-2003-0886
2003-12-01T00:00:00.000-05:00
2016-10-17T22:38:11.107-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONECTIVA
CLA-2003:783
BUGTRAQ
20031111 HylaFAX - Format String Vulnerability Fixed
DEBIAN
DSA-401
MANDRAKE
MDKSA-2003:105
SUSE
SuSE-SA:2003:045
Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.
cpe:/a:angus_mackay:ez-ipupdate:3.0.11b5
cpe:/a:angus_mackay:ez-ipupdate:3.0.11b7
CVE-2003-0887
2003-12-31T00:00:00.000-05:00
2008-09-05T16:35:31.093-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-03T10:12:00.000-05:00
CONFIRM
http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5
CONFIRM
http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6
ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.
cpe:/a:oracle:oracle9i:enterprise_9.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0.4
cpe:/a:oracle:oracle9i:personal_9.0.1
cpe:/a:oracle:oracle9i:personal_9.2.0.4
cpe:/a:oracle:oracle9i:standard_9.0
cpe:/a:oracle:oracle9i:standard_9.0.1
cpe:/a:oracle:oracle9i:standard_9.0.1.2
cpe:/a:oracle:oracle9i:standard_9.0.1.3
cpe:/a:oracle:oracle9i:standard_9.0.1.4
cpe:/a:oracle:oracle9i:standard_9.0.2
cpe:/a:oracle:oracle9i:standard_9.2.0.4
CVE-2003-0894
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:37.853-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf
SECTRACK
1007956
CERT-VN
VU#496340
BID
8844
BID
8845
XF
oracle-oracleo-binaries-bo(13451)
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x:10.2.7
cpe:/o:apple:mac_os_x:10.2.8
CVE-2003-0895
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:37.917-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00038.html
ATSTAKE
A102803-3
BID
8913
XF
macos-long-command-bo(13541)
Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).
cpe:/a:sun:jre:1.4.1:update3
CVE-2003-0896
2003-11-17T00:00:00.000-05:00
2016-10-17T22:38:12.327-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MISC
http://lsd-pl.net/code/JVM/jre.tar.gz
BUGTRAQ
20021023 [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
SUNALERT
57221
SUNALERT
200356
HP
HPSBUX0311-295
BUGTRAQ
20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
BUGTRAQ
20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machineimplementation
BID
8879
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.
cpe:/o:microsoft:windows_xp::gold
CVE-2003-0897
2003-11-17T00:00:00.000-05:00
2017-07-10T21:29:37.977-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031023 Shatter XP
XF
winxp-commctl32-code-execution(13558)
"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.
cpe:/a:ibm:db2_universal_database:7.1::linux
cpe:/a:ibm:db2_universal_database:8.0::linux
CVE-2003-0898
2003-11-17T00:00:00.000-05:00
2016-10-17T22:38:14.623-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt
BUGTRAQ
20030805 Local Vulnerability in IBM DB2 7.1 db2job binary
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
cpe:/a:acme_labs:thttpd:2.21
cpe:/a:acme_labs:thttpd:2.21b
cpe:/a:acme_labs:thttpd:2.22
cpe:/a:acme_labs:thttpd:2.23b1
CVE-2003-0899
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:38.040-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031027 Remote overflow in thttpd
BID
8906
XF
thttpd-defang-bo(13530)
DEBIAN
DSA-396
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
cpe:/a:larry_wall:perl:5.8.1
CVE-2003-0900
2003-12-31T00:00:00.000-05:00
2008-09-05T16:35:32.247-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2005-05-24T14:49:00.000-04:00
CONFIRM
https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
cpe:/a:postgresql:postgresql:7.2
cpe:/a:postgresql:postgresql:7.2.1
cpe:/a:postgresql:postgresql:7.2.2
cpe:/a:postgresql:postgresql:7.2.3
cpe:/a:postgresql:postgresql:7.2.4
cpe:/a:postgresql:postgresql:7.3
cpe:/a:postgresql:postgresql:7.3.1
cpe:/a:postgresql:postgresql:7.3.2
cpe:/a:postgresql:postgresql:7.3.3
CVE-2003-0901
2003-11-03T00:00:00.000-05:00
2008-09-05T16:35:32.390-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c
CONECTIVA
CLA-2003:784
CONECTIVA
CLSA-2003:772
DEBIAN
DSA-397
REDHAT
RHSA-2003:313
REDHAT
RHSA-2003:314
BID
8741
Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.
cpe:/a:minimalist:minimalist:2.2
cpe:/a:minimalist:minimalist:2.4
CVE-2003-0902
2004-02-03T00:00:00.000-05:00
2008-09-10T15:20:54.460-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-402
Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands.
cpe:/a:microsoft:data_access_components:2.5
cpe:/a:microsoft:data_access_components:2.6
cpe:/a:microsoft:data_access_components:2.7
cpe:/a:microsoft:data_access_components:2.8
CVE-2003-0903
2004-02-17T00:00:00.000-05:00
2018-10-12T17:33:34.727-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
CERT-VN
VU#139150
BID
9407
MS
MS04-003
XF
mdac-broadcastrequest-bo(14187)
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
cpe:/a:microsoft:exchange_server:2003
cpe:/a:microsoft:sharepoint_services:2.0
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:web
CVE-2003-0904
2004-01-20T00:00:00.000-05:00
2018-10-12T17:33:35.807-04:00
6.0
NETWORK
MEDIUM
SINGLE_INSTANCE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT-VN
VU#530660
CONFIRM
http://www.microsoft.com/exchange/support/e2k3owa.asp
NTBUGTRAQ
20031114 Exchange 2003 OWA major security flaw
BID
9118
BID
9409
MS
MS04-002
XF
exchange-owa-account-access(13869)
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
cpe:/a:microsoft:windows_media_services:4.1
CVE-2003-0905
2004-04-15T00:00:00.000-04:00
2018-10-12T17:33:36.727-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CERT-VN
VU#982630
BID
9825
MS
MS04-008
XF
win-media-services-dos(15038)
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp4::fr
cpe:/o:microsoft:windows_nt:4.0:sp6a
cpe:/o:microsoft:windows_xp::sp1:tablet_pc
CVE-2003-0906
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:37.273-04:00
7.6
NETWORK
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CERT-VN
VU#547028
BID
10120
CERT
TA04-104A
MS
MS04-011
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_xp::sp1:tablet_pc
CVE-2003-0907
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:38.040-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20040413 Microsoft Help and Support Center argument injection vulnerability
BUGTRAQ
20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support
CIAC
O-114
MISC
http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities
CERT-VN
VU#260588
BID
10119
CERT
TA04-104A
MS
MS04-011
XF
win-hcpurl-code-execution(15704)
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
cpe:/o:microsoft:windows_2000
CVE-2003-0908
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:39.243-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability
MISC
http://www.appsecinc.com/resources/alerts/general/04-0001.html
CIAC
O-114
CERT-VN
VU#526084
MISC
http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html
BID
10124
CERT
TA04-104A
MS
MS04-011
XF
win2k-utilitymgr-gain-privileges(15632)
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
cpe:/o:microsoft:windows_xp::gold
CVE-2003-0909
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:40.180-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CIAC
O-114
CERT-VN
VU#206468
BID
10125
CERT
TA04-104A
MS
MS04-011
XF
winxp-task-gain-privileges(15678)
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_nt:4.0
CVE-2003-0910
2004-06-01T00:00:00.000-04:00
2018-10-12T17:33:40.867-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
FULLDISC
20040413 EEYE: Windows Expand-Down Data Segment Local Privilege Escalation
CIAC
O-114
EEYE
AD20040413D
CERT-VN
VU#122076
BID
10122
CERT
TA04-104A
MS
MS04-011
XF
win-ldt-gain-privileges(15707)
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
cpe:/o:apple:mac_os_x:10.3
cpe:/o:apple:mac_os_x_server:10.3
CVE-2003-0913
2003-12-01T00:00:00.000-05:00
2017-07-10T21:29:38.417-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=120269
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00040.html
BID
8979
XF
macos-terminal-gain-access(13620)
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
cpe:/a:isc:bind:8.2.3
cpe:/a:isc:bind:8.2.4
cpe:/a:isc:bind:8.2.5
cpe:/a:isc:bind:8.2.6
cpe:/a:isc:bind:8.2.7
cpe:/a:isc:bind:8.3.0
cpe:/a:isc:bind:8.3.1
cpe:/a:isc:bind:8.3.2
cpe:/a:isc:bind:8.3.3
cpe:/a:isc:bind:8.3.4
cpe:/a:isc:bind:8.3.5
cpe:/a:isc:bind:8.3.6
cpe:/a:isc:bind:8.4
cpe:/a:isc:bind:8.4.1
cpe:/a:nixu:namesurfer:standard_3.0.1
cpe:/a:nixu:namesurfer:suite_3.0.1
cpe:/o:compaq:tru64:4.0f
cpe:/o:compaq:tru64:4.0f_pk6_bl17
cpe:/o:compaq:tru64:4.0f_pk7_bl18
cpe:/o:compaq:tru64:4.0f_pk8_bl22
cpe:/o:compaq:tru64:4.0g
cpe:/o:compaq:tru64:4.0g_pk3_bl17
cpe:/o:compaq:tru64:4.0g_pk4_bl22
cpe:/o:compaq:tru64:5.1
cpe:/o:compaq:tru64:5.1_pk3_bl17
cpe:/o:compaq:tru64:5.1_pk4_bl18
cpe:/o:compaq:tru64:5.1_pk5_bl19
cpe:/o:compaq:tru64:5.1_pk6_bl20
cpe:/o:compaq:tru64:5.1a
cpe:/o:compaq:tru64:5.1a_pk1_bl1
cpe:/o:compaq:tru64:5.1a_pk2_bl2
cpe:/o:compaq:tru64:5.1a_pk3_bl3
cpe:/o:compaq:tru64:5.1a_pk4_bl21
cpe:/o:compaq:tru64:5.1a_pk5_bl23
cpe:/o:compaq:tru64:5.1b
cpe:/o:compaq:tru64:5.1b_pk1_bl1
cpe:/o:compaq:tru64:5.1b_pk2_bl22
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.6.2
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.8
cpe:/o:freebsd:freebsd:4.9
cpe:/o:freebsd:freebsd:5.0
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.11
cpe:/o:ibm:aix:5.1l
cpe:/o:netbsd:netbsd:1.6
cpe:/o:netbsd:netbsd:1.6.1
cpe:/o:netbsd:netbsd:current
cpe:/o:sco:unixware:7.1.1
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0914
2003-12-15T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SCO
CSSA-2004-003.0
SCO
CSSA-2003-SCO.33
SUNALERT
57434
DEBIAN
DSA-409
CERT-VN
VU#734644
TRUSTIX
2003-0044
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
CVE-2003-0917
2017-05-11T10:29:01.150-04:00
2017-05-11T10:29:01.150-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0918
2017-05-11T10:29:01.183-04:00
2017-05-11T10:29:01.183-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0919
2017-05-11T10:29:01.197-04:00
2017-05-11T10:29:01.197-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0920
2017-05-11T10:29:01.213-04:00
2017-05-11T10:29:01.213-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0921
2017-05-11T10:29:01.243-04:00
2017-05-11T10:29:01.243-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0922
2017-05-11T10:29:01.290-04:00
2017-05-11T10:29:01.290-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0923
2017-05-11T10:29:01.323-04:00
2017-05-11T10:29:01.323-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:netpbm:netpbm:9.25
CVE-2003-0924
2004-02-17T00:00:00.000-05:00
2017-10-09T21:30:14.987-04:00
3.7
LOCAL
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SGI
20040201-01-U
DEBIAN
DSA-426
GENTOO
GLSA-200410-02
CERT-VN
VU#487102
MANDRAKE
MDKSA-2004:011
REDHAT
RHSA-2004:030
REDHAT
RHSA-2004:031
BID
9442
XF
netpbm-temp-insecure-file(14874)
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
cpe:/a:ethereal_group:ethereal:0.9
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.9.9
cpe:/a:ethereal_group:ethereal:0.9.10
cpe:/a:ethereal_group:ethereal:0.9.11
cpe:/a:ethereal_group:ethereal:0.9.12
cpe:/a:ethereal_group:ethereal:0.9.13
cpe:/a:ethereal_group:ethereal:0.9.14
cpe:/a:ethereal_group:ethereal:0.9.15
CVE-2003-0925
2003-12-01T00:00:00.000-05:00
2017-10-10T21:29:16.107-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:780
DEBIAN
DSA-407
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00011.html
MANDRAKE
MDKSA-2003:114
REDHAT
RHSA-2003:323
REDHAT
RHSA-2003:324
BID
8951
TURBO
TLSA-2003-64
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
cpe:/a:ethereal_group:ethereal:0.9
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.9.9
cpe:/a:ethereal_group:ethereal:0.9.10
cpe:/a:ethereal_group:ethereal:0.9.11
cpe:/a:ethereal_group:ethereal:0.9.12
cpe:/a:ethereal_group:ethereal:0.9.13
cpe:/a:ethereal_group:ethereal:0.9.14
cpe:/a:ethereal_group:ethereal:0.9.15
CVE-2003-0926
2003-12-01T00:00:00.000-05:00
2017-10-10T21:29:16.167-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLA-2003:780
DEBIAN
DSA-407
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00011.html
MANDRAKE
MDKSA-2003:114
REDHAT
RHSA-2003:323
REDHAT
RHSA-2003:324
BID
8951
TURBO
TLSA-2003-64
Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.
cpe:/a:ethereal_group:ethereal:0.9
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.9.9
cpe:/a:ethereal_group:ethereal:0.9.10
cpe:/a:ethereal_group:ethereal:0.9.11
cpe:/a:ethereal_group:ethereal:0.9.12
cpe:/a:ethereal_group:ethereal:0.9.13
cpe:/a:ethereal_group:ethereal:0.9.14
cpe:/a:ethereal_group:ethereal:0.9.15
CVE-2003-0927
2003-12-01T00:00:00.000-05:00
2017-10-10T21:29:16.230-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2003:780
DEBIAN
DSA-407
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00011.html
MANDRAKE
MDKSA-2003:114
REDHAT
RHSA-2003:323
REDHAT
RHSA-2003:324
BID
8951
TURBO
TLSA-2003-64
XF
ethereal-socks-heap-overflow(13578)
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
cpe:/a:clearswift:mailsweeper:4.3.15
CVE-2003-0928
2004-09-28T00:00:00.000-04:00
2016-10-17T22:38:18.173-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues
MISC
http://www.corsaire.com/advisories/c030807-001.txt
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
cpe:/a:clearswift:mailsweeper:4.3.15
CVE-2003-0929
2004-09-28T00:00:00.000-04:00
2016-10-17T22:38:19.280-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues
MISC
http://www.corsaire.com/advisories/c030807-001.txt
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
cpe:/a:clearswift:mailsweeper:4.3.15
CVE-2003-0930
2004-09-28T00:00:00.000-04:00
2016-10-17T22:38:20.407-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues
MISC
http://www.corsaire.com/advisories/c030807-001.txt
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.
cpe:/a:sygate_technologies:enforcer:4.0
CVE-2003-0931
2004-09-28T00:00:00.000-04:00
2017-07-10T21:29:38.527-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20040810 Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue
MISC
http://www.corsaire.com/advisories/c031120-001.txt
XF
sygate-enforcer-payload-dos(16949)
Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999.
cpe:/a:omega-rpg:omega-rpg:0.9.0_pa9
CVE-2003-0932
2003-12-15T00:00:00.000-05:00
2008-09-10T15:20:56.930-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-400
Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable.
cpe:/a:conquest:conquest:7.1.1_-6
CVE-2003-0933
2003-12-01T00:00:00.000-05:00
2008-09-10T15:20:57.070-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
DEBIAN
DSA-398
Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable.
cpe:/h:symbol_technologies:pdt:8100
CVE-2003-0934
2003-12-01T00:00:00.000-05:00
2016-10-17T22:38:22.737-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031110 Symbol Technologies Default WEP KEYS Vulnerability
MISC
http://www.secnap.net/security/031106.html
Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network.
cpe:/a:net-snmp:net-snmp:5.0.1
cpe:/a:net-snmp:net-snmp:5.0.3
cpe:/a:net-snmp:net-snmp:5.0.4_pre2
cpe:/a:net-snmp:net-snmp:5.0.5
cpe:/a:net-snmp:net-snmp:5.0.6
cpe:/a:net-snmp:net-snmp:5.0.7
cpe:/a:net-snmp:net-snmp:5.0.8
CVE-2003-0935
2003-12-01T00:00:00.000-05:00
2017-10-10T21:29:16.293-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
CONECTIVA
CLA-2003:778
CONFIRM
http://sourceforge.net/forum/forum.php?forum_id=308015
REDHAT
RHSA-2003:335
REDHAT
RHSA-2004:023
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
cpe:/a:symantec:pcanywhere:10.0
cpe:/a:symantec:pcanywhere:10.5
cpe:/a:symantec:pcanywhere:11.0
CVE-2003-0936
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:24.220-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit
BUGTRAQ
20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM
CONFIRM
http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html
Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
cpe:/o:sco:open_unix:8.0
cpe:/o:sco:unixware:7.1.1
cpe:/o:sco:unixware:7.1.3
CVE-2003-0937
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:25.283-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SCO
CSSA-2003-SCO.32
BUGTRAQ
20031112 Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.
MISC
http://www.texonet.com/advisories/TEXONET-20031024.txt
SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.
cpe:/a:sap:sap_db:7.4.03.27
CVE-2003-0938
2003-12-15T00:00:00.000-05:00
2017-07-10T21:29:38.573-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
ATSTAKE
A111703-1
XF
sapdb-NETAPI32-gain-privileges(13765)
vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.
cpe:/a:sap:sap_db:7.4.03.27
CVE-2003-0939
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:36.780-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A111703-1
CONFIRM
http://www.sapdb.org/7.4/new_relinfo.txt
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.
cpe:/a:sap:sap_db:7.4.03.29
CVE-2003-0940
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:36.937-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ATSTAKE
A111703-2
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
cpe:/a:sap:sap_db:7.4.03.29
CVE-2003-0941
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:37.107-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A111703-2
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.
cpe:/a:sap:sap_db:7.4.03.29
CVE-2003-0942
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:37.263-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A111703-2
Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa.
cpe:/a:sap:sap_db:7.4.03.29
CVE-2003-0943
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:37.403-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A111703-2
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).
cpe:/a:sap:sap_db:7.4.03.29
CVE-2003-0944
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:37.560-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
ATSTAKE
A111703-2
Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI.
cpe:/a:sap:sap_db:7.4.03.29
CVE-2003-0945
2003-12-15T00:00:00.000-05:00
2017-07-10T21:29:38.620-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
ATSTAKE
A111703-2
XF
sapdb-manager-sessionid-predictable(13774)
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.
cpe:/a:clam_anti-virus:clamav:0.60
cpe:/a:clam_anti-virus:clamav:0.60p
CVE-2003-0946
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:26.360-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=197038
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.
CVE-2003-0947
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:27.563-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031112 iwconfig vulnerability - the last code was demaged sending by email
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
cpe:/a:wireless_tools:wireless_tools:19
cpe:/a:wireless_tools:wireless_tools:20
cpe:/a:wireless_tools:wireless_tools:21
cpe:/a:wireless_tools:wireless_tools:22
cpe:/a:wireless_tools:wireless_tools:23
cpe:/a:wireless_tools:wireless_tools:24
cpe:/a:wireless_tools:wireless_tools:25
cpe:/a:wireless_tools:wireless_tools:26
CVE-2003-0948
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:38.187-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_ADMIN_ACCESS
MISC
http://www.securiteam.com/exploits/6Y00R1P8KY.html
BID
8901
Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable.
cpe:/a:michael_bischoff:xsok:1.02
CVE-2003-0949
2004-02-03T00:00:00.000-05:00
2017-07-10T21:29:38.680-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
DEBIAN
DSA-405
BID
9321
XF
xsok-command-execution(14098)
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
cpe:/a:peoplesoft:peopletools:8.4
cpe:/a:peoplesoft:peopletools:8.10
cpe:/a:peoplesoft:peopletools:8.11
cpe:/a:peoplesoft:peopletools:8.12
cpe:/a:peoplesoft:peopletools:8.13
cpe:/a:peoplesoft:peopletools:8.14
cpe:/a:peoplesoft:peopletools:8.15
cpe:/a:peoplesoft:peopletools:8.16
cpe:/a:peoplesoft:peopletools:8.17
cpe:/a:peoplesoft:peopletools:8.18
cpe:/a:peoplesoft:peopletools:8.19
cpe:/a:peoplesoft:peopletools:8.20
cpe:/a:peoplesoft:peopletools:8.40
cpe:/a:peoplesoft:peopletools:8.41
cpe:/a:peoplesoft:peopletools:8.42
cpe:/a:peoplesoft:peopletools:8.43
CVE-2003-0950
2003-12-15T00:00:00.000-05:00
2017-07-10T21:29:38.743-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BID
9041
ISS
20031112 IClient Servlet Remote Command Execution Vulnerability
XF
peoplesoft-iclientservlet-file-upload(12805)
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
cpe:/o:hp:hp-ux:11.23
CVE-2003-0951
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:16.340-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
HP
HPSBUX0311-296
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.
CVE-2003-0952
2017-05-11T10:29:01.337-04:00
2017-05-11T10:29:01.337-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-0953
2017-05-11T10:29:01.353-04:00
2017-05-11T10:29:01.370-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
CVE-2003-0954
2003-12-31T00:00:00.000-05:00
2008-09-05T16:35:38.843-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2005-05-24T14:41:00.000-04:00
ALLOWS_ADMIN_ACCESS
SECTRACK
1008258
BID
9078
AIXAPAR
IY48272
AIXAPAR
IY48747
AIXAPAR
IY49238
Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.
cpe:/o:openbsd:openbsd:3.3
cpe:/o:openbsd:openbsd:3.4
CVE-2003-0955
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:28.753-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
OPENBSD
20031105 005: RELIABILITY FIX: November 4, 2003
FULLDISC
20031104 OpenBSD kernel overflow, yet still *BSD much better than windows
CONFIRM
http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2
CONFIRM
http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2
MISC
http://www.guninski.com/msuxobsd2.html
OPENBSD
20031104 010: RELIABILITY FIX: November 4, 2003
BID
8978
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.
cpe:/o:linux:linux_kernel:2.4.22
CVE-2003-0956
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:38.790-04:00
2.6
LOCAL
HIGH
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg
XF
linux-kernel-odirect-information-disclosure(42942)
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.
CVE-2003-0959
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:38.853-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A
XF
linux-kernel-unspecified-priv-escalation(43072)
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.
cpe:/a:openca:openca:0.8.0
cpe:/a:openca:openca:0.8.1
cpe:/a:openca:openca:0.8.6
cpe:/a:openca:openca:0.9.0
cpe:/a:openca:openca:0.9.0.1
cpe:/a:openca:openca:0.9.0.2
cpe:/a:openca:openca:0.9.1
cpe:/a:openca:openca:0.9.1.2
cpe:/a:openca:openca:0.9.1.3
CVE-2003-0960
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:29.830-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031128 [OpenCA Advisory] Vulnerabilities in signature verification
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.
cpe:/o:linux:linux_kernel:2.4.22
CVE-2003-0961
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:31.253-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONECTIVA
CLA-2003:796
MISC
http://isec.pl/papers/linux_kernel_do_brk.pdf
BUGTRAQ
20031204 [iSEC] Linux kernel do_brk() vulnerability details
BUGTRAQ
20031204 Hot fix for do_brk bug
BUGTRAQ
20040112 SmoothWall Project Security Advisory SWP-2004:001
DEBIAN
DSA-403
DEBIAN
DSA-417
DEBIAN
DSA-423
DEBIAN
DSA-433
DEBIAN
DSA-439
DEBIAN
DSA-440
DEBIAN
DSA-442
DEBIAN
DSA-450
DEBIAN
DSA-470
DEBIAN
DSA-475
CERT-VN
VU#301156
MANDRAKE
MDKSA-2003:110
SUSE
SuSE-SA:2003:049
REDHAT
RHSA-2003:368
REDHAT
RHSA-2003:389
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
cpe:/a:andrew_tridgell:rsync:2.3.1
cpe:/a:andrew_tridgell:rsync:2.3.2
cpe:/a:andrew_tridgell:rsync:2.4.0
cpe:/a:andrew_tridgell:rsync:2.4.1
cpe:/a:andrew_tridgell:rsync:2.4.3
cpe:/a:andrew_tridgell:rsync:2.4.4
cpe:/a:andrew_tridgell:rsync:2.4.5
cpe:/a:andrew_tridgell:rsync:2.4.6
cpe:/a:andrew_tridgell:rsync:2.4.8
cpe:/a:andrew_tridgell:rsync:2.5.0
cpe:/a:andrew_tridgell:rsync:2.5.1
cpe:/a:andrew_tridgell:rsync:2.5.2
cpe:/a:andrew_tridgell:rsync:2.5.3
cpe:/a:andrew_tridgell:rsync:2.5.4
cpe:/a:andrew_tridgell:rsync:2.5.5
cpe:/a:andrew_tridgell:rsync:2.5.6
cpe:/a:redhat:rsync:2.4.6-2::i386
cpe:/a:redhat:rsync:2.4.6-5::i386
cpe:/a:redhat:rsync:2.4.6-5::ia64
cpe:/a:redhat:rsync:2.5.4-2::i386
cpe:/a:redhat:rsync:2.5.5-1::i386
cpe:/a:redhat:rsync:2.5.5-4::i386
cpe:/o:engardelinux:secure_community:1.0.1
cpe:/o:engardelinux:secure_community:2.0
cpe:/o:engardelinux:secure_linux:1.1::professional
cpe:/o:engardelinux:secure_linux:1.2::professional
cpe:/o:engardelinux:secure_linux:1.5::professional
cpe:/o:slackware:slackware_linux:8.1
cpe:/o:slackware:slackware_linux:9.0
cpe:/o:slackware:slackware_linux:9.1
cpe:/o:slackware:slackware_linux:current
CVE-2003-0962
2003-12-15T00:00:00.000-05:00
2018-05-02T21:29:23.193-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SGI
20031202-01-U
CONECTIVA
CLA-2003:794
BUGTRAQ
20031204 rsync security advisory (fwd)
TRUSTIX
2003-0048
BUGTRAQ
20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)
BUGTRAQ
20031204 GLSA: exploitable heap overflow in rsync (200312-03)
CERT-VN
VU#325603
MANDRAKE
MDKSA-2003:111
REDHAT
RHSA-2003:398
BID
9153
XF
linux-rsync-heap-overflow(13899)
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
cpe:/a:alexander_v._lukyanov:lftp:2.3
cpe:/a:alexander_v._lukyanov:lftp:2.4.9
cpe:/a:alexander_v._lukyanov:lftp:2.5.2
cpe:/a:alexander_v._lukyanov:lftp:2.6.0
cpe:/a:alexander_v._lukyanov:lftp:2.6.3
cpe:/a:alexander_v._lukyanov:lftp:2.6.4
cpe:/a:alexander_v._lukyanov:lftp:2.6.5
cpe:/a:alexander_v._lukyanov:lftp:2.6.6
cpe:/a:alexander_v._lukyanov:lftp:2.6.7
cpe:/a:alexander_v._lukyanov:lftp:2.6.8
cpe:/a:alexander_v._lukyanov:lftp:2.6.9
CVE-2003-0963
2004-01-05T00:00:00.000-05:00
2017-10-10T21:29:16.417-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SGI
20040101-01-U
SGI
20040202-01-U
BUGTRAQ
20031212 [slackware-security] lftp security update (SSA:2003-346-01)
BUGTRAQ
20031213 lftp buffer overflows
BUGTRAQ
20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp)
BUGTRAQ
20031218 GLSA: lftp (200312-07)
CONECTIVA
CLA-2004:800
DEBIAN
DSA-406
MANDRAKE
MDKSA-2003:116
SUSE
SuSE-SA:2003:051
REDHAT
RHSA-2003:403
REDHAT
RHSA-2003:404
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
CVE-2003-0964
2003-11-17T00:00:00.000-05:00
2008-09-10T15:21:00.523-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: N/A. Notes: none.
cpe:/a:gnu:mailman:2.1.4
CVE-2003-0965
2004-02-17T00:00:00.000-05:00
2017-10-10T21:29:16.480-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2004:842
MLIST
[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4
DEBIAN
DSA-436
MANDRAKE
MDKSA-2004:013
REDHAT
RHSA-2004:020
BID
9336
XF
mailman-admin-xss(14121)
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
cpe:/a:elm_development_group:elm:2.5.6
CVE-2003-0966
2004-02-17T00:00:00.000-05:00
2017-10-09T21:30:15.033-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SGI
20040103-01-U
MISC
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
REDHAT
RHSA-2004:009
BID
9430
XF
elm-frm-subject-bo(14840)
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.
cpe:/a:freeradius:freeradius:0.9.2
CVE-2003-0967
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:16.543-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031120 Remote DoS in FreeRADIUS, all versions.
BUGTRAQ
20031121 FreeRADIUS 0.9.2 "Tunnel-Password" attribute Handling Vulnerability
CONFIRM
http://marc.info/?l=freeradius-users&m=106947389449613&w=2
REDHAT
RHSA-2003:386
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
CVE-2003-0968
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:36.300-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031126 FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
cpe:/a:mpg321:mpg321:0.2.10
CVE-2003-0969
2004-01-20T00:00:00.000-05:00
2017-10-09T21:30:15.283-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
DEBIAN
DSA-411
SUSE
SuSE-SA:2004:002
BID
9364
XF
mpg321-mp3-format-string(14148)
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
cpe:/h:sun:sun_fire:b1600
CVE-2003-0970
2003-12-15T00:00:00.000-05:00
2008-09-05T16:35:41.107-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
SUNALERT
57430
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
cpe:/a:gnu:privacy_guard:1.0.2
cpe:/a:gnu:privacy_guard:1.0.3
cpe:/a:gnu:privacy_guard:1.0.3b
cpe:/a:gnu:privacy_guard:1.0.4
cpe:/a:gnu:privacy_guard:1.0.5
cpe:/a:gnu:privacy_guard:1.0.6
cpe:/a:gnu:privacy_guard:1.0.7
cpe:/a:gnu:privacy_guard:1.2
cpe:/a:gnu:privacy_guard:1.2.1
cpe:/a:gnu:privacy_guard:1.2.2
cpe:/a:gnu:privacy_guard:1.2.2:rc1
cpe:/a:gnu:privacy_guard:1.2.3
CVE-2003-0971
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:16.607-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SGI
20040202-01-U
CONECTIVA
CLA-2003:798
CONFIRM
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
CONFIRM
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html
BUGTRAQ
20031127 GnuPG's ElGamal signing keys compromised
DEBIAN
DSA-429
CERT-VN
VU#940388
MANDRAKE
MDKSA-2003:109
SUSE
SuSE-SA:2003:048
REDHAT
RHSA-2003:390
REDHAT
RHSA-2003:395
BID
9115
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
cpe:/a:gnu:screen:3.9.4
cpe:/a:gnu:screen:3.9.8
cpe:/a:gnu:screen:3.9.9
cpe:/a:gnu:screen:3.9.10
cpe:/a:gnu:screen:3.9.11
cpe:/a:gnu:screen:3.9.13
cpe:/a:gnu:screen:3.9.15
cpe:/a:gnu:screen:4.0.1
CVE-2003-0972
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:38.770-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONECTIVA
CLA-2004:809
CONFIRM
http://groups.yahoo.com/group/gnu-screen/message/3118
BUGTRAQ
20031127 GNU screen buffer overflow
DEBIAN
DSA-408
MANDRAKE
MDKSA-2003:113
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
cpe:/a:apache:mod_python:2.7
cpe:/a:apache:mod_python:2.7.1
cpe:/a:apache:mod_python:2.7.2
cpe:/a:apache:mod_python:2.7.3
cpe:/a:apache:mod_python:2.7.4
cpe:/a:apache:mod_python:2.7.5
cpe:/a:apache:mod_python:2.7.6
cpe:/a:apache:mod_python:2.7.7
cpe:/a:apache:mod_python:2.7.8
cpe:/a:apache:mod_python:3.0
cpe:/a:apache:mod_python:3.0.1
cpe:/a:apache:mod_python:3.0.2
cpe:/a:apache:mod_python:3.0.3
CVE-2003-0973
2003-12-15T00:00:00.000-05:00
2017-10-10T21:29:16.667-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
FEDORA
FEDORA-2004-1325
CONECTIVA
CLA-2004:837
DEBIAN
DSA-452
CONFIRM
http://www.modpython.org/pipermail/mod_python/2003-November/004005.html
REDHAT
RHSA-2004:058
REDHAT
RHSA-2004:063
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
cpe:/a:applied_watch_technologies:applied_watch_command_center:1.0
CVE-2003-0974
2003-12-15T00:00:00.000-05:00
2016-10-17T22:38:39.927-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031128 Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
BUGTRAQ
20031128 Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite
BUGTRAQ
20031201 Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
MISC
http://www.bugtraq.org/advisories/_BSSADV-0000.txt
BID
9124
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c.
cpe:/a:apple:safari:1.0
cpe:/a:apple:safari:1.1
cpe:/o:apple:mac_os_x:10.2.8
cpe:/o:apple:mac_os_x:10.3.1
cpe:/o:apple:mac_os_x_server:10.2.8
cpe:/o:apple:mac_os_x_server:10.3.1
CVE-2003-0975
2003-12-15T00:00:00.000-05:00
2017-07-10T21:29:39.073-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM
http://lists.apple.com/mhonarc/security-announce/msg00042.html
BUGTRAQ
20031118 Apple Safari 1.1 (v100)
XF
mozilla-netscape-steal-cookies(7973)
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
cpe:/o:novell:netware:6.5
cpe:/o:novell:netware:6.5:sp1
CVE-2003-0976
2003-12-15T00:00:00.000-05:00
2017-07-10T21:29:39.120-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm
XF
netware-nfs-share-access(13915)
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.
cpe:/a:cvs:cvs:1.10.7
cpe:/a:cvs:cvs:1.10.8
cpe:/a:cvs:cvs:1.11
cpe:/a:cvs:cvs:1.11.1
cpe:/a:cvs:cvs:1.11.1_p1
cpe:/a:cvs:cvs:1.11.2
cpe:/a:cvs:cvs:1.11.3
cpe:/a:cvs:cvs:1.11.4
cpe:/a:cvs:cvs:1.11.5
cpe:/a:cvs:cvs:1.11.6
cpe:/o:slackware:slackware_linux:8.1
cpe:/o:slackware:slackware_linux:9.0
cpe:/o:slackware:slackware_linux:9.1
CVE-2003-0977
2004-01-05T00:00:00.000-05:00
2017-10-10T21:29:16.763-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SGI
20040103-01-U
SGI
20040202-01-U
CONFIRM
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1
CONECTIVA
CLA-2004:808
BUGTRAQ
20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)
BUGTRAQ
20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability
DEBIAN
DSA-422
MANDRAKE
MDKSA-2003:112
REDHAT
RHSA-2004:003
REDHAT
RHSA-2004:004
XF
cvs-module-file-manipulation(13929)
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
cpe:/a:gnu:privacy_guard:1.2
cpe:/a:gnu:privacy_guard:1.2.1
cpe:/a:gnu:privacy_guard:1.2.2
cpe:/a:gnu:privacy_guard:1.2.2:rc1
cpe:/a:gnu:privacy_guard:1.2.3
cpe:/a:gnu:privacy_guard:1.3.3
CVE-2003-0978
2004-01-05T00:00:00.000-05:00
2017-07-10T21:29:39.227-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue
SUSE
SuSE-SA:2003:048
MISC
http://www.s-quadra.com/advisories/Adv-20031203.txt
XF
gnupg-gpgkeyshkp-format-string(13892)
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
cpe:/a:freescripts:visitorbook:le
CVE-2003-0979
2004-01-05T00:00:00.000-05:00
2016-10-17T22:38:44.647-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20031210 Visitorbook LE Multiple Vulnerabilities
MISC
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.
cpe:/a:freescripts:visitorbook:le
CVE-2003-0980
2004-01-05T00:00:00.000-05:00
2016-10-17T22:38:46.020-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20031210 Visitorbook LE Multiple Vulnerabilities
MISC
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.
cpe:/a:freescripts:visitorbook:le
CVE-2003-0981
2004-01-05T00:00:00.000-05:00
2016-10-17T22:38:47.473-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20031210 Visitorbook LE Multiple Vulnerabilities
MISC
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
cpe:/a:cisco:application_and_content_networking_software:4.0.3
cpe:/a:cisco:application_and_content_networking_software:4.1.1
cpe:/a:cisco:application_and_content_networking_software:4.1.3
cpe:/a:cisco:application_and_content_networking_software:4.2
cpe:/a:cisco:application_and_content_networking_software:4.2.7
cpe:/a:cisco:application_and_content_networking_software:4.2.9
cpe:/a:cisco:application_and_content_networking_software:5.0
cpe:/a:cisco:application_and_content_networking_software:5.0.1
cpe:/a:cisco:application_and_content_networking_software:5.0.3
cpe:/a:cisco:content_distribution_manager_4630
cpe:/a:cisco:content_distribution_manager_4630:4.0
cpe:/a:cisco:content_distribution_manager_4630:4.1
cpe:/a:cisco:content_distribution_manager_4650
cpe:/a:cisco:content_distribution_manager_4650:4.0
cpe:/a:cisco:content_distribution_manager_4650:4.1
cpe:/a:cisco:content_distribution_manager_4670
cpe:/a:cisco:content_engine:507
cpe:/a:cisco:content_engine:507_2.2_.0
cpe:/a:cisco:content_engine:507_3.1
cpe:/a:cisco:content_engine:507_4.0
cpe:/a:cisco:content_engine:507_4.1
cpe:/a:cisco:content_engine:560
cpe:/a:cisco:content_engine:560_2.2_.0
cpe:/a:cisco:content_engine:560_3.1
cpe:/a:cisco:content_engine:560_4.0
cpe:/a:cisco:content_engine:560_4.1
cpe:/a:cisco:content_engine:590
cpe:/a:cisco:content_engine:590_2.2_.0
cpe:/a:cisco:content_engine:590_3.1
cpe:/a:cisco:content_engine:590_4.0
cpe:/a:cisco:content_engine:590_4.1
cpe:/a:cisco:content_engine:7320
cpe:/a:cisco:content_engine:7320_2.2_.0
cpe:/a:cisco:content_engine:7320_3.1
cpe:/a:cisco:content_engine:7320_4.0
cpe:/a:cisco:content_engine:7320_4.1
cpe:/a:cisco:content_engine_module:for_cisco_router_2600_series
cpe:/a:cisco:content_engine_module:for_cisco_router_3600_series
cpe:/a:cisco:content_engine_module:for_cisco_router_3700_series
cpe:/a:cisco:enterprise_content_delivery_network_software:4.0
cpe:/a:cisco:enterprise_content_delivery_network_software:4.1
cpe:/h:cisco:content_router_4430
cpe:/h:cisco:content_router_4450
CVE-2003-0982
2004-01-05T00:00:00.000-05:00
2018-10-30T12:25:18.480-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CISCO
20031210 Vulnerability in Authentication Library for ACNS
CERT-VN
VU#352462
BID
9187
XF
cisco-acns-password-bo(13945)
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.
cpe:/h:cisco:80-7111-01_for_the_unity-svrx255-1a
cpe:/h:cisco:80-7112-01_for_the_unity-svrx255-2a
CVE-2003-0983
2004-01-05T00:00:00.000-05:00
2008-09-10T15:21:19.977-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CISCO
20031210 Unity Vulnerabilities on IBM-based Servers
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
cpe:/o:linux:linux_kernel:2.4.0
cpe:/o:linux:linux_kernel:2.4.0:test1
cpe:/o:linux:linux_kernel:2.4.0:test10
cpe:/o:linux:linux_kernel:2.4.0:test11
cpe:/o:linux:linux_kernel:2.4.0:test12
cpe:/o:linux:linux_kernel:2.4.0:test2
cpe:/o:linux:linux_kernel:2.4.0:test3
cpe:/o:linux:linux_kernel:2.4.0:test4
cpe:/o:linux:linux_kernel:2.4.0:test5
cpe:/o:linux:linux_kernel:2.4.0:test6
cpe:/o:linux:linux_kernel:2.4.0:test7
cpe:/o:linux:linux_kernel:2.4.0:test8
cpe:/o:linux:linux_kernel:2.4.0:test9
cpe:/o:linux:linux_kernel:2.4.1
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:linux:linux_kernel:2.4.3
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.4.18:pre1
cpe:/o:linux:linux_kernel:2.4.18:pre2
cpe:/o:linux:linux_kernel:2.4.18:pre3
cpe:/o:linux:linux_kernel:2.4.18:pre4
cpe:/o:linux:linux_kernel:2.4.18:pre5
cpe:/o:linux:linux_kernel:2.4.18:pre6
cpe:/o:linux:linux_kernel:2.4.18:pre7
cpe:/o:linux:linux_kernel:2.4.18:pre8
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:linux:linux_kernel:2.4.19:pre1
cpe:/o:linux:linux_kernel:2.4.19:pre2
cpe:/o:linux:linux_kernel:2.4.19:pre3
cpe:/o:linux:linux_kernel:2.4.19:pre4
cpe:/o:linux:linux_kernel:2.4.19:pre5
cpe:/o:linux:linux_kernel:2.4.19:pre6
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:linux:linux_kernel:2.4.21
cpe:/o:linux:linux_kernel:2.4.21:pre1
cpe:/o:linux:linux_kernel:2.4.21:pre4
cpe:/o:linux:linux_kernel:2.4.21:pre7
cpe:/o:linux:linux_kernel:2.4.22
CVE-2003-0984
2004-01-05T00:00:00.000-05:00
2017-10-10T21:29:16.870-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2004:799
BUGTRAQ
20040112 SmoothWall Project Security Advisory SWP-2004:001
DEBIAN
DSA-1067
DEBIAN
DSA-1069
DEBIAN
DSA-1070
DEBIAN
DSA-1082
ENGARDE
ESA-20040105-001
MANDRAKE
MDKSA-2004:001
SUSE
SuSE-SA:2003:049
FEDORA
FEDORA-2003-046
REDHAT
RHSA-2003:417
REDHAT
RHSA-2004:188
BID
9154
SECTRACK
1008594
XF
linux-rtc-memory-leak(13943)
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
cpe:/o:linux:linux_kernel:2.4.0
cpe:/o:linux:linux_kernel:2.4.0:test1
cpe:/o:linux:linux_kernel:2.4.0:test10
cpe:/o:linux:linux_kernel:2.4.0:test11
cpe:/o:linux:linux_kernel:2.4.0:test12
cpe:/o:linux:linux_kernel:2.4.0:test2
cpe:/o:linux:linux_kernel:2.4.0:test3
cpe:/o:linux:linux_kernel:2.4.0:test4
cpe:/o:linux:linux_kernel:2.4.0:test5
cpe:/o:linux:linux_kernel:2.4.0:test6
cpe:/o:linux:linux_kernel:2.4.0:test7
cpe:/o:linux:linux_kernel:2.4.0:test8
cpe:/o:linux:linux_kernel:2.4.0:test9
cpe:/o:linux:linux_kernel:2.4.1
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:linux:linux_kernel:2.4.3
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.4.18:pre1
cpe:/o:linux:linux_kernel:2.4.18:pre2
cpe:/o:linux:linux_kernel:2.4.18:pre3
cpe:/o:linux:linux_kernel:2.4.18:pre4
cpe:/o:linux:linux_kernel:2.4.18:pre5
cpe:/o:linux:linux_kernel:2.4.18:pre6
cpe:/o:linux:linux_kernel:2.4.18:pre7
cpe:/o:linux:linux_kernel:2.4.18:pre8
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:linux:linux_kernel:2.4.19:pre1
cpe:/o:linux:linux_kernel:2.4.19:pre2
cpe:/o:linux:linux_kernel:2.4.19:pre3
cpe:/o:linux:linux_kernel:2.4.19:pre4
cpe:/o:linux:linux_kernel:2.4.19:pre5
cpe:/o:linux:linux_kernel:2.4.19:pre6
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:linux:linux_kernel:2.4.21
cpe:/o:linux:linux_kernel:2.4.21:pre1
cpe:/o:linux:linux_kernel:2.4.21:pre4
cpe:/o:linux:linux_kernel:2.4.21:pre7
cpe:/o:linux:linux_kernel:2.4.22
cpe:/o:linux:linux_kernel:2.4.23
CVE-2003-0985
2004-01-20T00:00:00.000-05:00
2018-05-02T21:29:23.397-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SGI
20040102-01-U
BUGTRAQ
20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
CONECTIVA
CLA-2004:799
IMMUNIX
IMNX-2004-73-001-01
MISC
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
CONFIRM
http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
TRUSTIX
2004-0001
BUGTRAQ
20040105 Linux kernel mremap vulnerability
BUGTRAQ
20040105 Linux kernel do_mremap() proof-of-concept exploit code
BUGTRAQ
20040106 Linux mremap bug correction
BUGTRAQ
20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
BUGTRAQ
20040112 SmoothWall Project Security Advisory SWP-2004:001
CONFIRM
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0
CIAC
O-045
DEBIAN
DSA-413
DEBIAN
DSA-417
DEBIAN
DSA-423
DEBIAN
DSA-427
DEBIAN
DSA-439
DEBIAN
DSA-440
DEBIAN
DSA-442
DEBIAN
DSA-450
DEBIAN
DSA-470
DEBIAN
DSA-475
DEBIAN
DSA-1067
DEBIAN
DSA-1069
DEBIAN
DSA-1070
DEBIAN
DSA-1082
CERT-VN
VU#490620
CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
ENGARDE
ESA-20040105-001
MANDRAKE
MDKSA-2004:001
SUSE
SuSE-SA:2004:003
REDHAT
RHSA-2003:416
REDHAT
RHSA-2003:417
REDHAT
RHSA-2003:418
REDHAT
RHSA-2003:419
BID
9356
XF
linux-domremap-gain-privileges(14135)
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
cpe:/o:linux:linux_kernel:2.4.0:test10
cpe:/o:linux:linux_kernel:2.4.0:test11
cpe:/o:linux:linux_kernel:2.4.0:test12
cpe:/o:linux:linux_kernel:2.4.0:test2
cpe:/o:linux:linux_kernel:2.4.0:test3
cpe:/o:linux:linux_kernel:2.4.0:test4
cpe:/o:linux:linux_kernel:2.4.0:test5
cpe:/o:linux:linux_kernel:2.4.0:test6
cpe:/o:linux:linux_kernel:2.4.0:test7
cpe:/o:linux:linux_kernel:2.4.0:test8
cpe:/o:linux:linux_kernel:2.4.0:test9
cpe:/o:linux:linux_kernel:2.4.18::x86
cpe:/o:linux:linux_kernel:2.4.18:pre1
cpe:/o:linux:linux_kernel:2.4.18:pre2
cpe:/o:linux:linux_kernel:2.4.18:pre3
cpe:/o:linux:linux_kernel:2.4.18:pre4
cpe:/o:linux:linux_kernel:2.4.18:pre5
cpe:/o:linux:linux_kernel:2.4.18:pre6
cpe:/o:linux:linux_kernel:2.4.18:pre7
cpe:/o:linux:linux_kernel:2.4.18:pre8
cpe:/o:linux:linux_kernel:2.4.19:pre1
cpe:/o:linux:linux_kernel:2.4.19:pre2
cpe:/o:linux:linux_kernel:2.4.19:pre3
cpe:/o:linux:linux_kernel:2.4.19:pre4
cpe:/o:linux:linux_kernel:2.4.19:pre5
cpe:/o:linux:linux_kernel:2.4.19:pre6
cpe:/o:linux:linux_kernel:2.4.21:pre1
cpe:/o:linux:linux_kernel:2.4.21:pre4
cpe:/o:linux:linux_kernel:2.4.21:pre7
cpe:/o:linux:linux_kernel:2.4.22:pre10
cpe:/o:linux:linux_kernel:2.4.23
cpe:/o:linux:linux_kernel:2.4.23:pre9
cpe:/o:linux:linux_kernel:2.4.23_ow2
cpe:/o:linux:linux_kernel:2.4.24
cpe:/o:linux:linux_kernel:2.4.24_ow1
cpe:/o:linux:linux_kernel:2.6.0
cpe:/o:linux:linux_kernel:2.6.1:rc1
cpe:/o:linux:linux_kernel:2.6.1:rc2
cpe:/o:linux:linux_kernel:2.6.2
cpe:/o:redhat:enterprise_linux:3.0::advanced_servers
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:redhat:enterprise_linux:3.0::workstation
CVE-2003-0986
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:16.950-04:00
1.7
LOCAL
LOW
SINGLE_INSTANCE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://linux.bkbits.net:8080/linux-2.4/cset@3fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ
CONFIRM
http://linux.bkbits.net:8080/linux-2.6/cset@3ffcf122S7e3xPZCpibrXq6KRRjwqw
REDHAT
RHSA-2004:017
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
cpe:/a:apache:http_server:1.3.30
CVE-2003-0987
2004-03-03T00:00:00.000-05:00
2017-10-10T21:29:17.043-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
GENTOO
GLSA-200405-22
SECTRACK
1008920
SUNALERT
101555
SUNALERT
101841
SUNALERT
57628
CONFIRM
http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
CONFIRM
http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
MANDRAKE
MDKSA-2004:046
REDHAT
RHSA-2004:600
REDHAT
RHSA-2005:816
BID
9571
SLACKWARE
SSA:2004-133
TRUSTIX
2004-0027
XF
apache-moddigest-response-replay(15041)
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
cpe:/o:kde:kde:3.1.0
cpe:/o:kde:kde:3.1.1
cpe:/o:kde:kde:3.1.2
cpe:/o:kde:kde:3.1.3
CVE-2003-0988
2004-02-17T00:00:00.000-05:00
2017-10-09T21:30:15.377-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONECTIVA
CLA-2004:810
BUGTRAQ
20040114 KDE Security Advisory: VCF file information reader vulnerability
GENTOO
GLSA-200404-02
CERT-VN
VU#820798
CONFIRM
http://www.kde.org/info/security/advisory-20040114-1.txt
MANDRAKE
MDKSA-2004:003
REDHAT
RHSA-2004:005
REDHAT
RHSA-2004:006
BID
9419
XF
kde-kdepim-bo(14833)
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
cpe:/a:redhat:tcpdump:3.8.0
cpe:/o:redhat:linux:9.0::i386
CVE-2003-0989
2004-02-17T00:00:00.000-05:00
2018-10-19T11:29:38.620-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CALDERA
CSSA-2004-008.0
SCO
SCOSA-2004.9
SGI
20040103-01-U
SGI
20040202-01-U
APPLE
APPLE-SA-2004-02-23
TRUSTIX
2004-0004
ENGARDE
ESA-20040119-002
BUGTRAQ
20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
DEBIAN
DSA-425
CERT-VN
VU#738518
MANDRAKE
MDKSA-2004:008
FEDORA
FEDORA-2004-090
FEDORA
FEDORA-2004-092
MLIST
[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1
FEDORA
FLSA:1222
REDHAT
RHSA-2004:007
REDHAT
RHSA-2004:008
BUGTRAQ
20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.
BID
9507
SECTRACK
1008716
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
CVE-2003-0990
2004-01-20T00:00:00.000-05:00
2017-07-10T21:29:39.493-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031224 Bugtraq Security Systems ADV-0001
MISC
http://www.bugtraq.org/advisories/_BSSADV-0001.txt
BUGTRAQ
20031226 Re: Reported Command Injection in Squirrelmail GPG
BID
9296
XF
squirrelmail-parseaddress-command-execution(14079)
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
cpe:/a:gnu:mailman:1.0
cpe:/a:gnu:mailman:1.1
cpe:/a:gnu:mailman:2.0
cpe:/a:gnu:mailman:2.0:beta3
cpe:/a:gnu:mailman:2.0:beta4
cpe:/a:gnu:mailman:2.0:beta5
cpe:/a:gnu:mailman:2.0.1
cpe:/a:gnu:mailman:2.0.2
cpe:/a:gnu:mailman:2.0.3
cpe:/a:gnu:mailman:2.0.4
cpe:/a:gnu:mailman:2.0.5
cpe:/a:gnu:mailman:2.0.6
cpe:/a:gnu:mailman:2.0.7
cpe:/a:gnu:mailman:2.0.8
cpe:/a:gnu:mailman:2.0.9
cpe:/a:gnu:mailman:2.0.10
cpe:/a:gnu:mailman:2.0.11
cpe:/a:gnu:mailman:2.0.12
cpe:/a:gnu:mailman:2.0.13
cpe:/a:gnu:mailman:2.1
cpe:/a:sgi:propack:2.3
CVE-2003-0991
2004-03-03T00:00:00.000-05:00
2017-10-09T21:30:15.437-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20040201-01-U
CONECTIVA
CLA-2004:842
MLIST
[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release
DEBIAN
DSA-436
MANDRAKE
MDKSA-2004:013
REDHAT
RHSA-2004:019
BID
9620
XF
mailman-command-handler-dos(15106)
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
cpe:/a:gnu:mailman:2.1.3
CVE-2003-0992
2004-02-17T00:00:00.000-05:00
2017-10-10T21:29:17.120-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONECTIVA
CLA-2004:842
CONFIRM
http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html
MANDRAKE
MDKSA-2004:013
REDHAT
RHSA-2004:020
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
cpe:/a:apache:http_server:1.3
cpe:/a:apache:http_server:1.3.1
cpe:/a:apache:http_server:1.3.3
cpe:/a:apache:http_server:1.3.4
cpe:/a:apache:http_server:1.3.6
cpe:/a:apache:http_server:1.3.7::dev
cpe:/a:apache:http_server:1.3.9
cpe:/a:apache:http_server:1.3.11
cpe:/a:apache:http_server:1.3.12
cpe:/a:apache:http_server:1.3.14
cpe:/a:apache:http_server:1.3.17
cpe:/a:apache:http_server:1.3.18
cpe:/a:apache:http_server:1.3.19
cpe:/a:apache:http_server:1.3.20
cpe:/a:apache:http_server:1.3.22
cpe:/a:apache:http_server:1.3.23
cpe:/a:apache:http_server:1.3.24
cpe:/a:apache:http_server:1.3.25
cpe:/a:apache:http_server:1.3.26
cpe:/a:apache:http_server:1.3.27
cpe:/a:apache:http_server:1.3.28
cpe:/a:apache:http_server:1.3.29
CVE-2003-0993
2004-03-29T00:00:00.000-05:00
2017-10-09T21:30:15.517-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MANDRAKE
MDKSA-2004:046
CONFIRM
http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
MLIST
[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
BUGTRAQ
20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
GENTOO
GLSA-200405-22
SUNALERT
101555
SUNALERT
101841
SUNALERT
57628
CONFIRM
http://www.apacheweek.com/features/security-13
BID
9829
SLACKWARE
SSA:2004-133
TRUSTIX
2004-0027
XF
apache-modaccess-obtain-information(15422)
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
cpe:/a:symantec:norton_antivirus:2.1::ms_exchange
cpe:/a:symantec:norton_antivirus:2001
cpe:/a:symantec:norton_antivirus:2001::pro
cpe:/a:symantec:norton_antivirus:2002
cpe:/a:symantec:norton_antivirus:2002::pro
cpe:/a:symantec:norton_antivirus:2003
cpe:/a:symantec:norton_antivirus:2003::pro
cpe:/a:symantec:norton_antivirus:2004::pro
cpe:/a:symantec:norton_antivirus:v3.0::handhelds
cpe:/a:symantec:norton_internet_security:2001
cpe:/a:symantec:norton_internet_security:2001::pro
cpe:/a:symantec:norton_internet_security:2002
cpe:/a:symantec:norton_internet_security:2002::pro
cpe:/a:symantec:norton_internet_security:2003
cpe:/a:symantec:norton_internet_security:2003::pro
cpe:/a:symantec:norton_internet_security:2004
cpe:/a:symantec:norton_internet_security:2004::pro
cpe:/a:symantec:norton_system_works:2001
cpe:/a:symantec:norton_system_works:2002
cpe:/a:symantec:norton_system_works:2003
cpe:/a:symantec:norton_system_works:2004
cpe:/a:symantec:windows_liveupdate:1.70.x
cpe:/a:symantec:windows_liveupdate:1.90.x
CVE-2003-0994
2004-02-03T00:00:00.000-05:00
2016-10-17T22:38:57.927-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
BUGTRAQ
20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
MISC
http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
cpe:/o:microsoft:windows_2000::sp4
CVE-2003-0995
2004-01-05T00:00:00.000-05:00
2019-04-30T10:27:13.913-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MS
MS03-039
XF
win2k-message-queue-bo(13131)
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
cpe:/a:ca:unicenter_remote_control_host:6.0
CVE-2003-0996
2004-01-05T00:00:00.000-05:00
2008-09-05T16:35:45.733-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://support.ca.com/techbases/rp/urc6x-secnote.html
Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
cpe:/a:ca:unicenter_remote_control_host:6.0
CVE-2003-0997
2004-01-05T00:00:00.000-05:00
2008-09-05T16:35:45.887-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CONFIRM
http://support.ca.com/techbases/rp/urc6x-secnote.html
Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
cpe:/a:ca:controlit:5.0::advanced
cpe:/a:ca:controlit:5.0::enterprise
cpe:/a:ca:controlit:5.1::enterprise
cpe:/a:ca:unicenter_remote_control:5.2
cpe:/a:ca:unicenter_remote_control:6.0
cpe:/a:ca:unicenter_remote_control_option:5.0
cpe:/a:ca:unicenter_remote_control_option:5.1
cpe:/a:ca:unicenter_remote_control_option:5.1:::de
CVE-2003-0998
2004-01-05T00:00:00.000-05:00
2008-09-05T16:35:46.030-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://support.ca.com/techbases/rp/urc5x-secnote.html
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-0999
2004-01-05T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
57451
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
cpe:/a:xchat:xchat:2.0.6
CVE-2003-1000
2004-01-05T00:00:00.000-05:00
2016-10-17T22:38:59.133-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html
BUGTRAQ
20031214 GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
cpe:/h:cisco:catalyst_6500
cpe:/h:cisco:catalyst_6500_ws-svc-nam-1:2.2%281a%29
cpe:/h:cisco:catalyst_6500_ws-svc-nam-1:3.1%281a%29
cpe:/h:cisco:catalyst_6500_ws-svc-nam-2:2.2%281a%29
cpe:/h:cisco:catalyst_6500_ws-svc-nam-2:3.1%281a%29
cpe:/h:cisco:catalyst_6500_ws-x6380-nam:2.1%282%29
cpe:/h:cisco:catalyst_6500_ws-x6380-nam:3.1%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-1:2.2%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-1:3.1%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-2:2.2%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-2:3.1%281a%29
cpe:/h:cisco:catalyst_7600_ws-x6380-nam:2.1%282%29
cpe:/h:cisco:catalyst_7600_ws-x6380-nam:3.1%281a%29
cpe:/h:cisco:firewall_services_module
cpe:/h:cisco:firewall_services_module:1.1.2
cpe:/o:cisco:catos:5.4%281%29
cpe:/o:cisco:catos:7.5%281%29
cpe:/o:cisco:catos:7.6%281%29
CVE-2003-1001
2004-01-05T00:00:00.000-05:00
2008-09-10T15:21:24.353-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CISCO
20031215 Cisco FWSM Vulnerabilities
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
cpe:/h:cisco:catalyst_6500
cpe:/h:cisco:catalyst_6500_ws-svc-nam-1:2.2%281a%29
cpe:/h:cisco:catalyst_6500_ws-svc-nam-1:3.1%281a%29
cpe:/h:cisco:catalyst_6500_ws-svc-nam-2:2.2%281a%29
cpe:/h:cisco:catalyst_6500_ws-svc-nam-2:3.1%281a%29
cpe:/h:cisco:catalyst_6500_ws-x6380-nam:2.1%282%29
cpe:/h:cisco:catalyst_6500_ws-x6380-nam:3.1%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-1:2.2%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-1:3.1%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-2:2.2%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-2:3.1%281a%29
cpe:/h:cisco:catalyst_7600_ws-x6380-nam:2.1%282%29
cpe:/h:cisco:catalyst_7600_ws-x6380-nam:3.1%281a%29
cpe:/h:cisco:firewall_services_module
cpe:/h:cisco:firewall_services_module:1.1.2
cpe:/o:cisco:catos:5.4%281%29
cpe:/o:cisco:catos:7.5%281%29
cpe:/o:cisco:catos:7.6%281%29
CVE-2003-1002
2004-01-05T00:00:00.000-05:00
2008-09-10T15:21:24.413-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CISCO
20031215 Cisco FWSM Vulnerabilities
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
cpe:/a:cisco:pix_firewall:6.2.2_.111
cpe:/o:cisco:pix_firewall_software:5.0
cpe:/o:cisco:pix_firewall_software:5.1
cpe:/o:cisco:pix_firewall_software:5.1%284%29
cpe:/o:cisco:pix_firewall_software:5.1%284.206%29
cpe:/o:cisco:pix_firewall_software:5.2
cpe:/o:cisco:pix_firewall_software:5.2%281%29
cpe:/o:cisco:pix_firewall_software:5.2%282%29
cpe:/o:cisco:pix_firewall_software:5.2%283.210%29
cpe:/o:cisco:pix_firewall_software:5.2%285%29
cpe:/o:cisco:pix_firewall_software:5.2%286%29
cpe:/o:cisco:pix_firewall_software:5.2%287%29
cpe:/o:cisco:pix_firewall_software:5.2%289%29
cpe:/o:cisco:pix_firewall_software:5.3
cpe:/o:cisco:pix_firewall_software:5.3%281%29
cpe:/o:cisco:pix_firewall_software:5.3%281.200%29
cpe:/o:cisco:pix_firewall_software:5.3%282%29
cpe:/o:cisco:pix_firewall_software:5.3%283%29
cpe:/o:cisco:pix_firewall_software:6.0
cpe:/o:cisco:pix_firewall_software:6.0%281%29
cpe:/o:cisco:pix_firewall_software:6.0%282%29
cpe:/o:cisco:pix_firewall_software:6.0%283%29
cpe:/o:cisco:pix_firewall_software:6.0%284%29
cpe:/o:cisco:pix_firewall_software:6.0%284.101%29
cpe:/o:cisco:pix_firewall_software:6.1
cpe:/o:cisco:pix_firewall_software:6.1%281%29
cpe:/o:cisco:pix_firewall_software:6.1%282%29
cpe:/o:cisco:pix_firewall_software:6.1%283%29
cpe:/o:cisco:pix_firewall_software:6.1%284%29
cpe:/o:cisco:pix_firewall_software:6.1%285%29
cpe:/o:cisco:pix_firewall_software:6.2
cpe:/o:cisco:pix_firewall_software:6.2%281%29
cpe:/o:cisco:pix_firewall_software:6.2%282%29
cpe:/o:cisco:pix_firewall_software:6.2%283%29
cpe:/o:cisco:pix_firewall_software:6.2%283.100%29
cpe:/o:cisco:pix_firewall_software:6.3
cpe:/o:cisco:pix_firewall_software:6.3%281%29
cpe:/o:cisco:pix_firewall_software:6.3%283.102%29
CVE-2003-1003
2004-01-05T00:00:00.000-05:00
2018-10-30T12:26:18.123-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CISCO
20031215 Cisco PIX Vulnerabilities
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
cpe:/a:cisco:pix_firewall:6.2.2_.111
cpe:/o:cisco:pix_firewall_software:6.2
cpe:/o:cisco:pix_firewall_software:6.2%281%29
cpe:/o:cisco:pix_firewall_software:6.2%282%29
cpe:/o:cisco:pix_firewall_software:6.2%283%29
cpe:/o:cisco:pix_firewall_software:6.2%283.100%29
CVE-2003-1004
2004-01-05T00:00:00.000-05:00
2018-10-30T12:26:18.060-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
CISCO
20031215 Cisco PIX Vulnerabilities
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
cpe:/o:apple:mac_os_x:10.2.8
cpe:/o:apple:mac_os_x:10.3.2
cpe:/o:apple:mac_os_x_server:10.2.8
cpe:/o:apple:mac_os_x_server:10.3.2
CVE-2003-1005
2003-12-31T00:00:00.000-05:00
2008-09-10T15:21:24.633-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-24T14:45:00.000-04:00
APPLE
APPLE-SA-2003-12-19
AUSCERT
ESB-2003.0867
BID
9266
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
cpe:/o:apple:mac_os_x:10.0
cpe:/o:apple:mac_os_x:10.0.1
cpe:/o:apple:mac_os_x:10.0.2
cpe:/o:apple:mac_os_x:10.0.3
cpe:/o:apple:mac_os_x:10.0.4
cpe:/o:apple:mac_os_x:10.1
cpe:/o:apple:mac_os_x:10.1.1
cpe:/o:apple:mac_os_x:10.1.2
cpe:/o:apple:mac_os_x:10.1.3
cpe:/o:apple:mac_os_x:10.1.4
cpe:/o:apple:mac_os_x:10.1.5
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x:10.2.7
cpe:/o:apple:mac_os_x:10.2.8
cpe:/o:apple:mac_os_x:10.3
cpe:/o:apple:mac_os_x:10.3.1
cpe:/o:apple:mac_os_x:10.3.2
cpe:/o:apple:mac_os_x_server:10.0
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
cpe:/o:apple:mac_os_x_server:10.2.7
cpe:/o:apple:mac_os_x_server:10.2.8
cpe:/o:apple:mac_os_x_server:10.3
cpe:/o:apple:mac_os_x_server:10.3.1
cpe:/o:apple:mac_os_x_server:10.3.2
CVE-2003-1006
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:39.620-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
CERT-VN
VU#878526
BUGTRAQ
20031215 Buffer overflow/privilege escalation in MacOS X
BUGTRAQ
20031216 Re: Buffer overflow/privilege escalation in MacOS X
BUGTRAQ
20031219 Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also
BID
9228
XF
macos-cd9660-bo(13995)
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
cpe:/o:apple:mac_os_x:10.2.8
cpe:/o:apple:mac_os_x:10.3.2
cpe:/o:apple:mac_os_x_server:10.2.8
cpe:/o:apple:mac_os_x_server:10.3.2
CVE-2003-1007
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:39.680-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
SECTRACK
1008532
BID
9264
XF
applefileserver-dos(14051)
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
cpe:/o:apple:mac_os_x:10.2.8
cpe:/o:apple:mac_os_x:10.3.2
cpe:/o:apple:mac_os_x_server:10.2.8
cpe:/o:apple:mac_os_x_server:10.3.2
CVE-2003-1008
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:39.727-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
XF
macos-screen-saver-bypass(14195)
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
cpe:/o:apple:mac_os_x:10.0.2
cpe:/o:apple:mac_os_x:10.0.3
cpe:/o:apple:mac_os_x:10.2.8
cpe:/o:apple:mac_os_x:10.3.2
cpe:/o:apple:mac_os_x_server:10.2
cpe:/o:apple:mac_os_x_server:10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2
cpe:/o:apple:mac_os_x_server:10.2.3
cpe:/o:apple:mac_os_x_server:10.2.4
cpe:/o:apple:mac_os_x_server:10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6
cpe:/o:apple:mac_os_x_server:10.2.7
cpe:/o:apple:mac_os_x_server:10.2.8
cpe:/o:apple:mac_os_x_server:10.3
cpe:/o:apple:mac_os_x_server:10.3.1
cpe:/o:apple:mac_os_x_server:10.3.2
CVE-2003-1009
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:39.777-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
MISC
http://docs.info.apple.com/article.html?artnum=32478
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
MISC
http://www.carrel.org/dhcp-vuln.html
BID
9110
XF
macos-dhcp-gain-privileges(13874)
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
CVE-2003-1010
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:39.837-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
BID
9265
XF
macos-fsusage-gain-privileges(14193)
Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors.
cpe:/o:apple:mac_os_x:10.0
cpe:/o:apple:mac_os_x:10.0.1
cpe:/o:apple:mac_os_x:10.0.2
cpe:/o:apple:mac_os_x:10.0.3
cpe:/o:apple:mac_os_x:10.0.4
cpe:/o:apple:mac_os_x:10.1
cpe:/o:apple:mac_os_x:10.1.1
cpe:/o:apple:mac_os_x:10.1.2
cpe:/o:apple:mac_os_x:10.1.3
cpe:/o:apple:mac_os_x:10.1.4
cpe:/o:apple:mac_os_x:10.1.5
cpe:/o:apple:mac_os_x:10.2
cpe:/o:apple:mac_os_x:10.2.1
cpe:/o:apple:mac_os_x:10.2.2
cpe:/o:apple:mac_os_x:10.2.3
cpe:/o:apple:mac_os_x:10.2.4
cpe:/o:apple:mac_os_x:10.2.5
cpe:/o:apple:mac_os_x:10.2.6
cpe:/o:apple:mac_os_x:10.2.7
cpe:/o:apple:mac_os_x:10.2.8
CVE-2003-1011
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:39.883-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://docs.info.apple.com/article.html?artnum=61798
BUGTRAQ
20031031 Console Root On OSX up to 10.2.8
BID
8945
XF
macos-ctrlc-gain-access(13573)
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
cpe:/a:ethereal_group:ethereal:0.9
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.9.9
cpe:/a:ethereal_group:ethereal:0.9.10
cpe:/a:ethereal_group:ethereal:0.9.11
cpe:/a:ethereal_group:ethereal:0.9.12
cpe:/a:ethereal_group:ethereal:0.9.13
cpe:/a:ethereal_group:ethereal:0.9.14
cpe:/a:ethereal_group:ethereal:0.9.15
cpe:/a:ethereal_group:ethereal:0.9.16
CVE-2003-1012
2004-01-05T00:00:00.000-05:00
2017-10-10T21:29:17.247-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20040103-01-U
SGI
20040202-01-U
CONECTIVA
CLA-2004:801
DEBIAN
DSA-407
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00012.html
MANDRAKE
MDKSA-2004:002
REDHAT
RHSA-2004:001
REDHAT
RHSA-2004:002
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.
cpe:/a:ethereal_group:ethereal:0.9
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.9.9
cpe:/a:ethereal_group:ethereal:0.9.10
cpe:/a:ethereal_group:ethereal:0.9.11
cpe:/a:ethereal_group:ethereal:0.9.12
cpe:/a:ethereal_group:ethereal:0.9.13
cpe:/a:ethereal_group:ethereal:0.9.14
cpe:/a:ethereal_group:ethereal:0.9.15
cpe:/a:ethereal_group:ethereal:0.9.16
CVE-2003-1013
2004-01-05T00:00:00.000-05:00
2017-10-10T21:29:17.323-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20040103-01-U
SGI
20040202-01-U
CONECTIVA
CLA-2004:801
DEBIAN
DSA-407
CONFIRM
http://www.ethereal.com/appnotes/enpa-sa-00012.html
MANDRAKE
MDKSA-2004:002
REDHAT
RHSA-2004:001
REDHAT
RHSA-2004:002
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
CVE-2003-1014
2004-10-20T00:00:00.000-04:00
2017-07-10T21:29:39.947-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040914 Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue
MISC
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
XF
mime-field-filtering-bypass(17333)
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients.
cpe:/a:clearswift:mailsweeper:4.3.7
cpe:/a:clearswift:mailsweeper:4.3.8
cpe:/a:clearswift:mailsweeper:4.3.10
cpe:/a:clearswift:mailsweeper:4.3.11
cpe:/a:clearswift:mailsweeper:4.3.13
cpe:/a:clearswift:mailsweeper:4.3.14
cpe:/a:clearswift:mailsweeper:4.3.15
cpe:/a:f-secure:internet_gatekeeper:6.3
cpe:/a:f-secure:internet_gatekeeper:6.4
cpe:/a:f-secure:internet_gatekeeper:6.31
cpe:/a:f-secure:internet_gatekeeper:6.32
cpe:/a:paul_l_daniels:ripmime:1.2.0
cpe:/a:paul_l_daniels:ripmime:1.2.1
cpe:/a:paul_l_daniels:ripmime:1.2.2
cpe:/a:paul_l_daniels:ripmime:1.2.3
cpe:/a:paul_l_daniels:ripmime:1.2.4
cpe:/a:paul_l_daniels:ripmime:1.2.5
cpe:/a:paul_l_daniels:ripmime:1.2.6
cpe:/a:paul_l_daniels:ripmime:1.2.7
cpe:/a:paul_l_daniels:ripmime:1.3.2.0
cpe:/a:paul_l_daniels:ripmime:1.3.2.2
cpe:/a:paul_l_daniels:ripmime:1.3.2.3
CVE-2003-1015
2004-10-20T00:00:00.000-04:00
2017-07-10T21:29:40.010-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040914 Corsaire Security Advisory - Multiple vendor MIME field whitespace issue
MISC
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
XF
mime-tools-incorrect-concatenation(9273)
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients.
cpe:/a:clearswift:mailsweeper:4.3.7
cpe:/a:clearswift:mailsweeper:4.3.8
cpe:/a:clearswift:mailsweeper:4.3.10
cpe:/a:clearswift:mailsweeper:4.3.11
cpe:/a:clearswift:mailsweeper:4.3.13
cpe:/a:clearswift:mailsweeper:4.3.14
cpe:/a:clearswift:mailsweeper:4.3.15
cpe:/a:f-secure:internet_gatekeeper:6.3
cpe:/a:f-secure:internet_gatekeeper:6.4
cpe:/a:f-secure:internet_gatekeeper:6.31
cpe:/a:f-secure:internet_gatekeeper:6.32
cpe:/a:paul_l_daniels:ripmime:1.2.0
cpe:/a:paul_l_daniels:ripmime:1.2.1
cpe:/a:paul_l_daniels:ripmime:1.2.2
cpe:/a:paul_l_daniels:ripmime:1.2.3
cpe:/a:paul_l_daniels:ripmime:1.2.4
cpe:/a:paul_l_daniels:ripmime:1.2.5
cpe:/a:paul_l_daniels:ripmime:1.2.6
cpe:/a:paul_l_daniels:ripmime:1.2.7
cpe:/a:paul_l_daniels:ripmime:1.3.2.0
cpe:/a:paul_l_daniels:ripmime:1.3.2.2
cpe:/a:paul_l_daniels:ripmime:1.3.2.3
CVE-2003-1016
2004-10-20T00:00:00.000-04:00
2017-07-10T21:29:40.057-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040914 Corsaire Security Advisory - Multiple vendor MIME field quoting issue
MISC
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
XF
mime-quote-filtering-bypass(17336)
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients.
cpe:/a:macromedia:director:5.0
cpe:/a:macromedia:flash_player:4.0_r12
cpe:/a:macromedia:flash_player:5.0
cpe:/a:macromedia:flash_player:5.0_r50
cpe:/a:macromedia:flash_player:6.0
cpe:/a:macromedia:flash_player:6.0.29.0
cpe:/a:macromedia:flash_player:6.0.40.0
cpe:/a:macromedia:flash_player:6.0.47.0
cpe:/a:macromedia:flash_player:6.0.65.0
cpe:/a:macromedia:flash_player:6.0.79.0
CVE-2003-1017
2004-01-05T00:00:00.000-05:00
2017-07-10T21:29:40.120-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html
BID
8900
XF
flash-file-predictable-location(14013)
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
cpe:/o:ibm:aix:4.3.3
cpe:/o:ibm:aix:5.1
cpe:/o:ibm:aix:5.2
CVE-2003-1018
2004-03-29T00:00:00.000-05:00
2017-07-10T21:29:40.180-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BID
9254
IBM
MSS-OAR-E01-20
XF
aix-enq-format-string(14037)
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
cpe:/a:irssi:irssi:0.8.4
cpe:/a:irssi:irssi:0.8.5
cpe:/a:irssi:irssi:0.8.6
cpe:/a:irssi:irssi:0.8.7
cpe:/a:irssi:irssi:0.8.8
cpe:/o:mandrakesoft:mandrake_linux:9.1
cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc
cpe:/o:mandrakesoft:mandrake_linux:9.2
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
CVE-2003-1020
2004-01-05T00:00:00.000-05:00
2017-07-10T21:29:40.243-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
MANDRAKE
MDKSA-2003:117
BUGTRAQ
20031211 irssi - potential remote crash
XF
irssi-dos(13973)
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
CVE-2003-1021
2005-01-26T00:00:00.000-05:00
2017-07-10T21:29:40.290-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SCO
SCOSA-2005.5
CERT-VN
VU#972598
BID
12372
XF
openserver-scosession-gain-privilege(19479)
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
cpe:/a:debian:fsp:2.81.b18
CVE-2003-1022
2004-01-20T00:00:00.000-05:00
2017-10-09T21:30:15.580-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CIAC
O-048
DEBIAN
DSA-416
BID
9377
XF
fspsuite-dot-directory-traversal(14154)
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.
cpe:/a:midnight_commander:midnight_commander:4.5.52
cpe:/a:midnight_commander:midnight_commander:4.5.55
cpe:/a:midnight_commander:midnight_commander:4.6
CVE-2003-1023
2004-01-20T00:00:00.000-05:00
2017-10-10T21:29:17.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CALDERA
CSSA-2004-014.0
SGI
20040201-01-U
SGI
20040202-01-U
BUGTRAQ
20030919 uninitialized buffer in midnight commander
CONECTIVA
CLA-2004:833
FEDORA
FEDORA-2004-058
BUGTRAQ
20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc)
REDHAT
RHSA-2004:034
REDHAT
RHSA-2004:035
GENTOO
GLSA-200403-09
DEBIAN
DSA-424
MANDRAKE
MDKSA-2004:007
FEDORA
FLSA:1224
BID
8658
XF
midnight-commander-vfssresolvesymlink-bo(13247)
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
cpe:/o:sun:sunos:5.8
CVE-2003-1024
2004-01-20T00:00:00.000-05:00
2018-10-30T12:25:37.090-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
57455
CERT-VN
VU#281356
BID
9280
XF
solaris-lsf-gain-privileges(14065)
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.
cpe:/a:microsoft:ie:6.0
CVE-2003-1025
2004-01-20T00:00:00.000-05:00
2018-10-12T17:33:42.243-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CERT-VN
VU#652278
BUGTRAQ
20031209 Internet Explorer URL parsing vulnerability
CERT
TA04-033A
MISC
http://www.zapthedingbat.com/security/ex01/vun1.htm
MS
MS04-004
XF
ie-domain-url-spoofing(13935)
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
cpe:/a:microsoft:ie:5.0
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1026
2004-01-20T00:00:00.000-05:00
2018-10-12T17:33:43.947-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031125 BackToFramedJpu - a successor of BackToJpu attack
BUGTRAQ
20031201 Comments on 5 IE vulnerabilities
CERT-VN
VU#784102
MISC
http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu
CERT
TA04-033A
MS
MS04-004
XF
ie-subframe-xss(13846)
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
cpe:/a:microsoft:ie:5.0
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1027
2004-01-20T00:00:00.000-05:00
2018-10-12T17:33:45.977-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031125 HijackClickV2 - a successor of HijackClick attack
BUGTRAQ
20031201 Comments on 5 IE vulnerabilities
CERT-VN
VU#413886
MISC
http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
SECTRACK
1006036
CERT
TA04-033A
MS
MS04-004
XF
ie-method-perform-actions(13844)
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
cpe:/a:microsoft:ie:5.0
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1028
2004-01-20T00:00:00.000-05:00
2017-07-10T21:29:40.667-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20031125 Note for "Invalid ContentType may disclose cache directory"
BUGTRAQ
20031125 Invalid ContentType may disclose cache directory
BUGTRAQ
20031201 Comments on 5 IE vulnerabilities
MISC
http://www.safecenter.net/UMBRELLAWEBV4/threadid10008
XF
ie-download-directory-disclosure(13847)
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
cpe:/a:lbl:tcpdump:3.4
cpe:/a:lbl:tcpdump:3.5
cpe:/a:lbl:tcpdump:3.5.2
cpe:/a:lbl:tcpdump:3.6.2
cpe:/a:lbl:tcpdump:3.6.3
cpe:/a:lbl:tcpdump:3.7
CVE-2003-1029
2004-02-17T00:00:00.000-05:00
2018-10-19T11:29:44.357-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
ENGARDE
ESA-20040119-002
BUGTRAQ
20031220 Remote crash in tcpdump from OpenBSD
BUGTRAQ
20031221 Re: Remote crash in tcpdump from OpenBSD
MLIST
[tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets
DEBIAN
DSA-425
MANDRAKE
MDKSA-2004:008
BUGTRAQ
20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.
SECTRACK
1008748
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
cpe:/a:dameware_development:mini_remote_control_server:3.70_.0.0
cpe:/a:dameware_development:mini_remote_control_server:3.71_.0.0
cpe:/a:dameware_development:mini_remote_control_server:3.72_.0.0
CVE-2003-1030
2004-02-17T00:00:00.000-05:00
2017-07-10T21:29:40.727-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031214 DameWare Mini Remote Control Server <= 3.72 Buffer Overflow
BUGTRAQ
20031219 [Exploit]: DameWare Mini Remote Control Server Overflow Exploit
BUGTRAQ
20040110 DameWare Mini Remote Control < v3.73 remote exploit by kralor]
MISC
http://sh0dan.org/files/dwmrcs372.txt
CERT-VN
VU#909678
BID
9213
XF
dameware-spoof-packet-bo(14001)
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
CVE-2003-1031
2004-02-17T00:00:00.000-05:00
2008-09-05T16:35:51.527-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2004-01-01T00:00:00.000-05:00
VULNWATCH
20030808 VBulletin New Member XSS Vulnerability
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
cpe:/a:pi3:pi3web:2.0.2_beta_1
CVE-2003-1032
2004-02-17T00:00:00.000-05:00
2016-12-19T21:59:00.227-05:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030602 Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web
BUGTRAQ
20030605 Re: Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web
SECTRACK
1006913
BID
7787
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.
cpe:/a:sap:sap_db:7.3.00
cpe:/a:sap:sap_db:7.4
CVE-2003-1033
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:40.777-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
MLIST
[SAP DB Dev] 20030422 Security Alert: Development Tools
BUGTRAQ
20030422 SRT2003-04-22-1336 - SAP DB Development Tools install flaw
BID
7407
BID
7408
XF
sap-db-gain-privileges(11842)
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
CVE-2003-1034
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:40.837-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030331 SRT2003-03-31-1219 - SAP world writable server binaries
BID
7242
XF
sap-db-world-writable(11669)
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
cpe:/a:sap:sap_r_3
cpe:/a:sap:sapgui:4.6c::windows
cpe:/a:sap:sapgui:4.6d::windows
CVE-2003-1035
2004-04-15T00:00:00.000-04:00
2018-10-19T11:29:45.263-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20030304 SAP R/3, account locking and RFC SDK
BUGTRAQ
20061112 Old SAP exploits
BID
7007
XF
sap-sapinfo-lockout-bypass(11487)
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
cpe:/a:sap:internet_transaction_server:4.6_pl463
cpe:/a:sap:internet_transaction_server:6.10_pl30
cpe:/a:sap:internet_transaction_server:6.20_pl7
CVE-2003-1036
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:40.947-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MISC
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
XF
sap-multiple-bo(14186)
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
cpe:/a:sap:internet_transaction_server:4.6_pl463
cpe:/a:sap:internet_transaction_server:6.10_pl30
cpe:/a:sap:internet_transaction_server:6.20_pl7
CVE-2003-1037
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:40.993-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1009453
MISC
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
XF
sap-wgate-format-string(15514)
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
cpe:/a:sap:internet_transaction_server:4.6_pl463
cpe:/a:sap:internet_transaction_server:6.10_pl30
cpe:/a:sap:internet_transaction_server:6.20_pl7
CVE-2003-1038
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:41.040-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
MISC
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
XF
sap-agate-path-disclosure(15516)
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
cpe:/a:sap:mysap_business_suite
CVE-2003-1039
2004-04-15T00:00:00.000-04:00
2017-07-10T21:29:41.103-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MISC
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
XF
mysap-host-header-bo(15513)
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.
cpe:/o:linux:linux_kernel:2.4.0
CVE-2003-1040
2004-04-15T00:00:00.000-04:00
2018-08-13T17:47:19.540-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SGI
20040204-01-U
CONECTIVA
CLSA-2004:820
SUSE
SuSE-SA:2003:049
REDHAT
RHSA-2004:065
REDHAT
RHSA-2004:069
REDHAT
RHSA-2004:106
REDHAT
RHSA-2004:188
XF
linux-kmod-signals-dos(15577)
kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.
cpe:/a:microsoft:ie:5
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6:windows_server_2003_sp1
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1041
2004-06-14T00:00:00.000-04:00
2018-10-12T17:33:48.150-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT-VN
VU#187196
BUGTRAQ
20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()
BID
9320
CERT
TA04-196A
MS
MS04-023
XF
ie-showhelp-directory-traversal(14105)
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
cpe:/a:mozilla:bugzilla:2.4
cpe:/a:mozilla:bugzilla:2.6
cpe:/a:mozilla:bugzilla:2.8
cpe:/a:mozilla:bugzilla:2.10
cpe:/a:mozilla:bugzilla:2.12
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.14.5
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.16.2
cpe:/a:mozilla:bugzilla:2.16.3
cpe:/a:mozilla:bugzilla:2.17.1
cpe:/a:mozilla:bugzilla:2.17.3
cpe:/a:mozilla:bugzilla:2.17.4
CVE-2003-1042
2004-08-18T00:00:00.000-04:00
2017-07-10T21:29:41.290-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=214290
CONECTIVA
CLA-2003:774
BUGTRAQ
20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
BID
8953
XF
bugzilla-productname-sql-injection(13594)
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
cpe:/a:mozilla:bugzilla:2.4
cpe:/a:mozilla:bugzilla:2.6
cpe:/a:mozilla:bugzilla:2.8
cpe:/a:mozilla:bugzilla:2.10
cpe:/a:mozilla:bugzilla:2.12
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.14.5
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.16.2
cpe:/a:mozilla:bugzilla:2.16.3
cpe:/a:mozilla:bugzilla:2.17.1
cpe:/a:mozilla:bugzilla:2.17.3
cpe:/a:mozilla:bugzilla:2.17.4
CVE-2003-1043
2004-08-18T00:00:00.000-04:00
2017-07-10T21:29:41.383-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=219044
CONECTIVA
CLA-2003:774
BUGTRAQ
20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
BID
8953
XF
bugzilla-url-sql-injection(13596)
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
cpe:/a:mozilla:bugzilla:2.4
cpe:/a:mozilla:bugzilla:2.6
cpe:/a:mozilla:bugzilla:2.8
cpe:/a:mozilla:bugzilla:2.10
cpe:/a:mozilla:bugzilla:2.12
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.14.5
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.16.2
cpe:/a:mozilla:bugzilla:2.16.3
cpe:/a:mozilla:bugzilla:2.17.1
cpe:/a:mozilla:bugzilla:2.17.3
cpe:/a:mozilla:bugzilla:2.17.4
CVE-2003-1044
2004-08-18T00:00:00.000-04:00
2017-07-10T21:29:41.447-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=219690
CONECTIVA
CLA-2003:774
BUGTRAQ
20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
BID
8953
XF
bugzilla-groupid-gain-privileges(13597)
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
cpe:/a:mozilla:bugzilla:2.4
cpe:/a:mozilla:bugzilla:2.6
cpe:/a:mozilla:bugzilla:2.8
cpe:/a:mozilla:bugzilla:2.10
cpe:/a:mozilla:bugzilla:2.12
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.14.5
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.16.2
cpe:/a:mozilla:bugzilla:2.16.3
cpe:/a:mozilla:bugzilla:2.17.1
cpe:/a:mozilla:bugzilla:2.17.3
cpe:/a:mozilla:bugzilla:2.17.4
CVE-2003-1045
2004-08-18T00:00:00.000-04:00
2017-07-10T21:29:41.510-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=209376
CONECTIVA
CLA-2003:774
BUGTRAQ
20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
BID
8953
XF
bugzilla-obtain-information(13600)
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.
cpe:/a:mozilla:bugzilla:2.4
cpe:/a:mozilla:bugzilla:2.6
cpe:/a:mozilla:bugzilla:2.8
cpe:/a:mozilla:bugzilla:2.10
cpe:/a:mozilla:bugzilla:2.12
cpe:/a:mozilla:bugzilla:2.14
cpe:/a:mozilla:bugzilla:2.14.1
cpe:/a:mozilla:bugzilla:2.14.2
cpe:/a:mozilla:bugzilla:2.14.3
cpe:/a:mozilla:bugzilla:2.14.4
cpe:/a:mozilla:bugzilla:2.14.5
cpe:/a:mozilla:bugzilla:2.16
cpe:/a:mozilla:bugzilla:2.16.1
cpe:/a:mozilla:bugzilla:2.16.2
cpe:/a:mozilla:bugzilla:2.16.3
cpe:/a:mozilla:bugzilla:2.17.1
cpe:/a:mozilla:bugzilla:2.17.3
cpe:/a:mozilla:bugzilla:2.17.4
CVE-2003-1046
2004-08-18T00:00:00.000-04:00
2017-07-10T21:29:41.620-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://bugzilla.mozilla.org/show_bug.cgi?id=209742
BUGTRAQ
20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
BID
8953
XF
bugzilla-describecomponents-obtain-info(13602)
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
CVE-2003-1047
2004-08-06T00:00:00.000-04:00
2008-09-10T15:21:37.147-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0540. Reason: This candidate is a duplicate of CVE-2004-0540. Notes: All CVE users should reference CVE-2004-0540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
cpe:/a:microsoft:outlook:2000
cpe:/a:microsoft:outlook:2000:sp2
cpe:/a:microsoft:outlook:2000:sp3
cpe:/a:microsoft:outlook:2000:sr1
cpe:/a:microsoft:outlook:2002
cpe:/a:microsoft:outlook:2002:sp1
cpe:/a:microsoft:outlook:2002:sp2
CVE-2003-1048
2004-07-27T00:00:00.000-04:00
2018-10-12T17:33:49.400-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
FULLDISC
20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?
FULLDISC
20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
FULLDISC
20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
CIAC
O-191
CERT-VN
VU#685364
BID
8530
CERT
TA04-212A
MS
MS04-025
XF
ie-mshtml-gif-bo(16804)
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
cpe:/a:ibm:db2_universal_database:7.0::linux
cpe:/a:ibm:db2_universal_database:8.0::linux
CVE-2003-1049
2004-09-28T00:00:00.000-04:00
2017-07-10T21:29:41.727-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BID
9243
AIXAPAR
IY44841
AIXAPAR
IY44842
XF
db2-dms-insecure-permissions(14030)
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.
CVE-2003-1050
2004-09-28T00:00:00.000-04:00
2017-07-10T21:29:41.790-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
MISC
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
BUGTRAQ
20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues
BID
8990
XF
db2-multiple-binaries-bo(13633)
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
cpe:/a:ibm:db2:9.0
CVE-2003-1051
2004-09-28T00:00:00.000-04:00
2017-07-10T21:29:41.837-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
MISC
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
BUGTRAQ
20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues
BID
8989
XF
db2-multiple-binaries-bo(13633)
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
cpe:/a:ibm:db2:9.0
cpe:/a:ibm:db2_universal_database:6.0
cpe:/a:ibm:db2_universal_database:7.0::linux
cpe:/a:ibm:db2_universal_database:7.1::linux
cpe:/a:ibm:db2_universal_database:7.2::linux
cpe:/a:ibm:db2_universal_database:8.0::linux
cpe:/a:ibm:db2_universal_database:8.1::aix
cpe:/a:ibm:db2_universal_database:8.2::windows
CVE-2003-1052
2004-09-28T00:00:00.000-04:00
2017-07-10T21:29:41.883-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries
BID
8346
XF
ibm-db2-gain-privileges(12826)
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
cpe:/a:xshisen:xshisen:1.5.1
CVE-2003-1053
2003-10-03T00:00:00.000-04:00
2017-07-10T21:29:41.947-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957
BID
8770
BID
8776
CONFIRM
http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html
XF
xshisen-kconv-bo(13358)
XF
xshisen-xshisenlib-bo(13359)
Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable.
cpe:/a:mod_access_referer:mod_access_referer:1.0.2
CVE-2003-1054
2003-04-16T00:00:00.000-04:00
2008-09-05T16:35:55.200-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-24T13:59:00.000-04:00
FULLDISC
20030416 [VulnWatch] Apache mod_access_referer denial of service issue
MISC
http://sourceforge.net/project/shownotes.php?release_id=151905
BID
7375
CONFIRM
http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html
mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:5.8
CVE-2003-1055
2003-07-03T00:00:00.000-04:00
2018-10-30T12:25:37.090-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
52222
AUSCERT
ESB-2003.0461
CIAC
N-113
BID
7064
SECTRACK
1006401
XF
solaris-nssldapso1-bo(11641)
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1056
2003-12-11T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
57443
AUSCERT
ESB-2003.0851
BID
9199
XF
solaris-ed1-tmpfile-insecure(13952)
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1057
2003-12-08T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
57441
AUSCERT
ESB-2003.0844
CIAC
O-035
BID
9170
XF
cde-dtprintinfo-gain-privileges(13914)
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1058
2003-12-03T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
3.7
LOCAL
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SUNALERT
57419
CIAC
O-033
BID
9147
XF
solaris-xsun-gain-privileges(13890)
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1059
2003-11-20T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
57360
CIAC
O-029
BID
9076
XF
solaris-pgx32-gain-privileges(13792)
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1060
2003-10-27T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
57406
BID
8929
XF
solaris-nfs-ufs-dos(13547)
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1061
2003-10-14T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
1.2
LOCAL
HIGH
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
57080
BID
8836
XF
solaris-race-dos(13434)
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
CVE-2003-1062
2003-10-15T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SUNALERT
57340
BID
8831
XF
solaris-sysinfo-read-memory(13435)
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
CVE-2003-1063
2003-08-20T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SUNALERT
56300
CIAC
N-134
BID
8461
XF
solaris-cachefs-inetdconf-overwrite(12942)
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
CVE-2003-1064
2003-07-23T00:00:00.000-04:00
2018-10-30T12:25:37.090-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
55301
CERT-VN
VU#370060
BID
8250
XF
solaris-ipv6-packet-dos(12680)
Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
cpe:/o:sun:sunos:5.8
CVE-2003-1065
2003-07-23T00:00:00.000-04:00
2018-10-30T12:25:37.090-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
55340
BID
8253
XF
automountd-dos(19437)
XF
openssh-ldap-dos(19441)
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1066
2003-12-31T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
55440
BUGTRAQ
20030604 Solaris syslogd overflow
BID
7820
XF
sun-syslogd-bo(12194)
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1067
2003-06-19T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
55420
CIAC
N-108
CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
BID
64758
BID
7991
XF
sun-database-functions-bo(12379)
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1068
2003-06-06T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
55260
CIAC
N-105
BID
7835
XF
solaris-utmp-update-bo(11083)
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1069
2003-06-03T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
54181
BID
7794
XF
sun-intelnetd-dos(12140)
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1070
2003-04-28T00:00:00.000-04:00
2018-10-30T12:26:22.763-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
50922
BID
7455
XF
sun-rpcbind-dos(11906)
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1071
2003-01-03T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SUNALERT
51980
CERT-VN
VU#944241
BUGTRAQ
20030103 Solaris 2.x /usr/sbin/wall Advisory
BID
6509
SECTRACK
1005882
SECTRACK
1006682
XF
solaris-wall-message-spoofing(11608)
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:sunos:5.8
CVE-2003-1072
2003-04-28T00:00:00.000-04:00
2018-10-30T12:25:37.090-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
54100
BID
7454
XF
sun-lofiadm-dos(11895)
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1073
2003-12-31T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
1.2
LOCAL
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities
MISC
http://isec.pl/vulnerabilities/isec-0008-sun-at.txt
SUNALERT
50161
CIAC
N-070
BUGTRAQ
20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities
BID
6692
BID
6693
SECTRACK
1005994
XF
solaris-at-directory-traversal(11179)
XF
solaris-at-race-condition(11180)
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
CVE-2003-1074
2003-03-28T00:00:00.000-05:00
2017-07-10T21:29:43.103-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
52111
BID
7252
SECTRACK
1006411
XF
solaris-newtask-root-access(11657)
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1075
2003-01-27T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
50240
BID
6709
SECTRACK
1005996
XF
solaris-ftpd-dos(11186)
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1076
2003-12-31T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
50904
CIAC
N-050
BID
7033
SECTRACK
1006234
XF
solaris-sendmail-forward-privileges(11496)
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
cpe:/o:sun:solaris:9.0::sparc
CVE-2003-1077
2003-03-05T00:00:00.000-05:00
2017-07-10T21:29:43.290-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
51300
BID
7032
SECTRACK
1006233
XF
solaris-ufs-logging-dos(11481)
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1078
2003-02-28T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SUNALERT
51081
BID
6989
SECTRACK
1006195
XF
solaris-ftp-plaintext-password(11436)
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.5.1
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1079
2003-02-18T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
50626
BID
6883
SECTRACK
1006131
XF
solaris-udp-rpc-dos(11368)
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.
CVE-2003-1080
2003-02-11T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
1.2
LOCAL
HIGH
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SUNALERT
50751
BID
6838
SECTRACK
1006084
XF
solaris-mail-unauthorized-access(11303)
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:sunos:5.8
CVE-2003-1081
2003-09-09T00:00:00.000-04:00
2018-10-30T12:25:37.090-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
46903
AUSCERT
ESB-2003.0621
CIAC
O-001
CERT-VN
VU#464817
BID
5698
XF
solaris-aspppls-tmpfile-symlink(10105)
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sun:sunos:-
cpe:/o:sun:sunos:5.7
cpe:/o:sun:sunos:5.8
CVE-2003-1082
2003-12-31T00:00:00.000-05:00
2018-10-30T12:26:22.763-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SUNALERT
50008
CIAC
N-105
CERT-VN
VU#596748
BID
6639
SECTRACK
1005935
XF
solaris-utmp-update-bo(11083)
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.
cpe:/a:tildeslash:monit:1.4
cpe:/a:tildeslash:monit:1.4.1
cpe:/a:tildeslash:monit:2.0
cpe:/a:tildeslash:monit:2.1
cpe:/a:tildeslash:monit:2.1.1
cpe:/a:tildeslash:monit:2.2
cpe:/a:tildeslash:monit:2.2.1
cpe:/a:tildeslash:monit:2.3
cpe:/a:tildeslash:monit:2.4
cpe:/a:tildeslash:monit:2.4.1
cpe:/a:tildeslash:monit:2.4.2
cpe:/a:tildeslash:monit:2.4.3
cpe:/a:tildeslash:monit:3.0
cpe:/a:tildeslash:monit:3.1
cpe:/a:tildeslash:monit:3.2
cpe:/a:tildeslash:monit:4.0
cpe:/a:tildeslash:monit:4.1
CVE-2003-1083
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:43.620-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
GENTOO
GLSA-200403-14
CERT-VN
VU#623854
BUGTRAQ
20031124 Monit 4.1 HTTP interface multiple security vulnerabilities
BID
9099
CONFIRM
http://www.tildeslash.com/monit/dist/CHANGES.txt
XF
monit-http-bo(13817)
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
cpe:/a:tildeslash:monit:1.4
cpe:/a:tildeslash:monit:1.4.1
cpe:/a:tildeslash:monit:2.0
cpe:/a:tildeslash:monit:2.1
cpe:/a:tildeslash:monit:2.1.1
cpe:/a:tildeslash:monit:2.2
cpe:/a:tildeslash:monit:2.2.1
cpe:/a:tildeslash:monit:2.3
cpe:/a:tildeslash:monit:2.4
cpe:/a:tildeslash:monit:2.4.1
cpe:/a:tildeslash:monit:2.4.2
cpe:/a:tildeslash:monit:2.4.3
cpe:/a:tildeslash:monit:3.0
cpe:/a:tildeslash:monit:3.1
cpe:/a:tildeslash:monit:3.2
cpe:/a:tildeslash:monit:4.0
cpe:/a:tildeslash:monit:4.1
CVE-2003-1084
2003-11-24T00:00:00.000-05:00
2017-07-10T21:29:43.680-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
GENTOO
GLSA-200403-14
CERT-VN
VU#206382
BUGTRAQ
20031124 Monit 4.1 HTTP interface multiple security vulnerabilities
BID
9098
CONFIRM
http://www.tildeslash.com/monit/dist/CHANGES.txt
XF
monit-negative-content-dos(13818)
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
CVE-2003-1085
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:43.760-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
FULLDISC
20031123 Thomnson TCM315 Denial of service
FULLDISC
20031124 Thomnson TCM315 Denial of service
BUGTRAQ
20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability
FULLDISC
20050219 Thomson TCW690 Denial Of Service Vulnerability
BUGTRAQ
20031123 Thomnson TCM315 Denial of service
BID
9091
MISC
http://www.shellsec.net/leer_advisory.php?id=2
XF
thomson-http-get-dos(13815)
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.
cpe:/a:pmachine:pmachine_free
cpe:/a:pmachine:pmachine_pro:2.2
cpe:/a:pmachine:pmachine_pro:2.2.1
CVE-2003-1086
2003-06-17T00:00:00.000-04:00
2016-10-17T22:39:16.527-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030623 pMachine (PHP) : Include() Security Hole
CONFIRM
http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code.
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.22
CVE-2003-1087
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:43.807-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
HP
SSRT3460
BID
7827
XF
hp-diagmond-dos(12199)
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.
cpe:/a:phpoutsourcing:zorum:3.0
cpe:/a:phpoutsourcing:zorum:3.1
cpe:/a:phpoutsourcing:zorum:3.2
cpe:/a:phpoutsourcing:zorum:3.3
cpe:/a:phpoutsourcing:zorum:3.4
cpe:/a:phpoutsourcing:zorum:3.5
CVE-2003-1088
2003-08-11T00:00:00.000-04:00
2017-07-10T21:29:43.870-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure
SECTRACK
1013365
BID
8388
XF
zorum-index-xss(12867)
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
cpe:/a:phpoutsourcing:zorum:3.4
CVE-2003-1089
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:43.917-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure
SECTRACK
1013365
BID
8396
XF
zorum-index-path-disclosure(12868)
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message.
cpe:/a:celestial_software:absolutetelnet:2.0
cpe:/a:celestial_software:absolutetelnet:2.11
CVE-2003-1090
2003-02-06T00:00:00.000-05:00
2017-07-10T21:29:43.963-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030206 AbsoluteTelnet 2.00 buffer overflow.
CERT-VN
VU#666073
BID
6785
XF
absolutetelnet-title-bar-bo(11265)
Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.
CVE-2003-1091
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.010-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030522 QuickTime/Darwin Streaming Server security issues
SECTRACK
1006822
CERT-VN
VU#148564
BID
7660
XF
darwin-mp3broadcaster-code-execution(12054)
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.
cpe:/a:christos_zoulas:file_1:3.28
cpe:/a:christos_zoulas:file_1:3.30
cpe:/a:christos_zoulas:file_1:3.32
cpe:/a:christos_zoulas:file_1:3.33
cpe:/a:christos_zoulas:file_1:3.34
cpe:/a:christos_zoulas:file_1:3.35
cpe:/a:christos_zoulas:file_1:3.36
cpe:/a:christos_zoulas:file_1:3.37
cpe:/a:christos_zoulas:file_1:3.39
cpe:/a:christos_zoulas:file_1:3.40
CVE-2003-1092
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.073-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
CERT-VN
VU#100937
OPENPKG
OpenPKG-SA-2003.017
BID
7009
XF
file-afctr-memory-allocation(11488)
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
cpe:/a:bea:weblogic_server:6.1
cpe:/a:bea:weblogic_server:6.1:sp1
cpe:/a:bea:weblogic_server:6.1:sp2
cpe:/a:bea:weblogic_server:6.1:sp3
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0.0.1
CVE-2003-1093
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.133-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp
CERT-VN
VU#331937
BID
6586
XF
weblogic-error-password-disclosure(11057)
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp3:win32
CVE-2003-1094
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.180-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp
CERT-VN
VU#999788
BID
8320
XF
weblogic-gain-privileges(12799)
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
CVE-2003-1095
2003-03-18T00:00:00.000-05:00
2017-07-10T21:29:44.243-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT-VN
VU#691153
BID
7130
XF
weblogic-app-reauthentication-bypass(11555)
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
cpe:/a:cisco:leap
CVE-2003-1096
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.290-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20040407 Release of Cisco Attack tool Asleap
CISCO
20030803 Dictionary Attack on Cisco LEAP Vulnerability
CERT-VN
VU#473108
BUGTRAQ
20031003 Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable
BUGTRAQ
20031006 Weaknesses in LEAP Challenge/Response
BID
8755
XF
cisco-leap-dictionary(12804)
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
cpe:/o:hp:hp-ux:10.10
cpe:/o:hp:hp-ux:10.16
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:10.26
cpe:/o:hp:hp-ux:10.30
cpe:/o:hp:hp-ux:10.34
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
CVE-2003-1097
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:18.653-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030429 HPUX rexec buffer overflow vulnerability
CIAC
N-088
CERT-VN
VU#322540
HP
HPSBUX0304-257
BID
7459
XF
hp-rexec-command-bo(11890)
Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.
cpe:/o:hp:hp-ux:11.22
CVE-2003-1098
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:18.717-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CERT-VN
VU#862401
HP
HPSBUX0301-238
BID
6638
SECTRACK
1005936
XF
hp-xserver-gain-privileges(11094)
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
CVE-2003-1099
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:18.763-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CIAC
O-032
CERT-VN
VU#509454
HP
HPSBUX0312-304
BID
9141
XF
hp-shar-tmpfile-symlink(13882)
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
cpe:/a:hummingbird:cyberdocs:3.5.1
cpe:/a:hummingbird:cyberdocs:3.9
cpe:/a:hummingbird:cyberdocs:4.0
CVE-2003-1100
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.510-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CERT-VN
VU#488684
MISC
http://www.procheckup.com/security_info/vuln_pr0305.html
BID
8815
XF
hummingbird-docsfusionserver-multiple-xss(13399)
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.
cpe:/a:hummingbird:cyberdocs:3.5.1
cpe:/a:hummingbird:cyberdocs:3.9
cpe:/a:hummingbird:cyberdocs:4.0
CVE-2003-1101
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.557-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CERT-VN
VU#715548
MISC
http://www.procheckup.com/security_info/vuln_pr0303.html
BID
8816
XF
Hummingbird-docsfusionserver-disclose-path(13398)
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.
CVE-2003-1102
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.620-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CERT-VN
VU#989580
MISC
http://www.procheckup.com/security_info/vuln_pr0302.html
XF
Hummingbird-docsfusionserver-file-access(13397)
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.
cpe:/a:hummingbird:cyberdocs:3.1
cpe:/a:hummingbird:cyberdocs:3.5.1
CVE-2003-1103
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.667-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CERT-VN
VU#368300
MISC
http://www.procheckup.com/security_info/vuln_pr0304.html
BID
8800
XF
hummingbird-docsfusionserver-sql-injection(13401)
SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.
cpe:/a:ibm:tivoli_firewall_toolbox:1.2
CVE-2003-1104
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.727-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030320 IBM Tivoli Firewall Security Toolbox buffer overflow vulnerability
CERT-VN
VU#210937
BID
7154
XF
tivoli-tfst-relay-bo(11584)
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
cpe:/a:microsoft:ie:5.01:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1105
2003-12-31T00:00:00.000-05:00
2018-10-12T17:33:51.557-04:00
2.6
NETWORK
HIGH
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CERT-VN
VU#813208
MS
MS03-032
XF
ie-input-type-dos(13029)
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
CVE-2003-1106
2003-12-31T00:00:00.000-05:00
2019-04-30T10:27:13.710-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-24T09:30:00.000-04:00
MSKB
330716
CERT-VN
VU#155252
BID
8195
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
cpe:/a:microsoft:windows_media_player:6.4
cpe:/a:microsoft:windows_media_player:7
cpe:/a:microsoft:windows_media_player:7.1
cpe:/a:microsoft:windows_media_player:9
CVE-2003-1107
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:44.837-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
MSKB
828026
CERT-VN
VU#222044
XF
mediaplayer-dhtml-code-execution(13375)
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
cpe:/a:alcatel-lucent:omnipcx:5.0::linux
CVE-2003-1108
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:18.823-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CERT
CA-2003-06
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CERT-VN
VU#528719
BID
6904
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/h:cisco:ip_phone_7940
cpe:/h:cisco:ip_phone_7960
cpe:/o:cisco:ios:12.2%281%29xa
cpe:/o:cisco:ios:12.2%281%29xd
cpe:/o:cisco:ios:12.2%281%29xd1
cpe:/o:cisco:ios:12.2%281%29xd3
cpe:/o:cisco:ios:12.2%281%29xd4
cpe:/o:cisco:ios:12.2%281%29xe
cpe:/o:cisco:ios:12.2%281%29xe2
cpe:/o:cisco:ios:12.2%281%29xe3
cpe:/o:cisco:ios:12.2%281%29xh
cpe:/o:cisco:ios:12.2%281%29xq
cpe:/o:cisco:ios:12.2%281%29xs
cpe:/o:cisco:ios:12.2%281%29xs1
cpe:/o:cisco:ios:12.2%282%29t4
cpe:/o:cisco:ios:12.2%282%29xa
cpe:/o:cisco:ios:12.2%282%29xa1
cpe:/o:cisco:ios:12.2%282%29xa5
cpe:/o:cisco:ios:12.2%282%29xb
cpe:/o:cisco:ios:12.2%282%29xb3
cpe:/o:cisco:ios:12.2%282%29xb4
cpe:/o:cisco:ios:12.2%282%29xf
cpe:/o:cisco:ios:12.2%282%29xg
cpe:/o:cisco:ios:12.2%282%29xh
cpe:/o:cisco:ios:12.2%282%29xh2
cpe:/o:cisco:ios:12.2%282%29xh3
cpe:/o:cisco:ios:12.2%282%29xi
cpe:/o:cisco:ios:12.2%282%29xi1
cpe:/o:cisco:ios:12.2%282%29xi2
cpe:/o:cisco:ios:12.2%282%29xj
cpe:/o:cisco:ios:12.2%282%29xj1
cpe:/o:cisco:ios:12.2%282%29xk
cpe:/o:cisco:ios:12.2%282%29xk2
cpe:/o:cisco:ios:12.2%282%29xn
cpe:/o:cisco:ios:12.2%282%29xt
cpe:/o:cisco:ios:12.2%282%29xt3
cpe:/o:cisco:ios:12.2%282%29xu
cpe:/o:cisco:ios:12.2%282%29xu2
cpe:/o:cisco:ios:12.2%2811%29t
cpe:/o:cisco:ios:12.2t
cpe:/o:cisco:ios:12.2xa
cpe:/o:cisco:ios:12.2xb
cpe:/o:cisco:ios:12.2xc
cpe:/o:cisco:ios:12.2xd
cpe:/o:cisco:ios:12.2xe
cpe:/o:cisco:ios:12.2xf
cpe:/o:cisco:ios:12.2xg
cpe:/o:cisco:ios:12.2xh
cpe:/o:cisco:ios:12.2xi
cpe:/o:cisco:ios:12.2xj
cpe:/o:cisco:ios:12.2xk
cpe:/o:cisco:ios:12.2xl
cpe:/o:cisco:ios:12.2xm
cpe:/o:cisco:ios:12.2xn
cpe:/o:cisco:ios:12.2xq
cpe:/o:cisco:ios:12.2xr
cpe:/o:cisco:ios:12.2xs
cpe:/o:cisco:ios:12.2xt
cpe:/o:cisco:ios:12.2xw
cpe:/o:cisco:pix_firewall_software:5.2%281%29
cpe:/o:cisco:pix_firewall_software:5.2%282%29
cpe:/o:cisco:pix_firewall_software:5.2%283.210%29
cpe:/o:cisco:pix_firewall_software:5.2%285%29
cpe:/o:cisco:pix_firewall_software:5.2%286%29
cpe:/o:cisco:pix_firewall_software:5.2%287%29
cpe:/o:cisco:pix_firewall_software:5.3
cpe:/o:cisco:pix_firewall_software:5.3%281%29
cpe:/o:cisco:pix_firewall_software:5.3%281.200%29
cpe:/o:cisco:pix_firewall_software:5.3%282%29
cpe:/o:cisco:pix_firewall_software:5.3%283%29
cpe:/o:cisco:pix_firewall_software:6.0
cpe:/o:cisco:pix_firewall_software:6.0%281%29
cpe:/o:cisco:pix_firewall_software:6.0%282%29
cpe:/o:cisco:pix_firewall_software:6.1%282%29
cpe:/o:cisco:pix_firewall_software:6.2%281%29
CVE-2003-1109
2003-12-31T00:00:00.000-05:00
2018-10-30T12:26:18.060-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CERT
CA-2003-06
CISCO
20030221 Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CERT-VN
VU#528719
BID
6904
SECTRACK
1006143
SECTRACK
1006144
SECTRACK
1006145
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/a:columbia_university:sipc:1.74
CVE-2003-1110
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.040-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SECTRACK
1006167
CERT
CA-2003-06
CONFIRM
http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CERT-VN
VU#528719
BID
6904
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/a:dynamicsoft:appengine
CVE-2003-1111
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.087-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CERT
CA-2003-06
CONFIRM
http://www.dynamicsoft.com/support/advisory/ca-2003-06.php
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CERT-VN
VU#528719
BID
6904
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/h:ingate:ingate_firewall
cpe:/h:ingate:ingate_siparator
CVE-2003-1112
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.150-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CERT
CA-2003-06
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CERT-VN
VU#528719
BID
6904
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/h:iptel:sip_express_router:0.8.8
cpe:/h:iptel:sip_express_router:0.8.9
CVE-2003-1113
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.213-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CERT
CA-2003-06
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CONFIRM
http://www.iptel.org/ser/security/
CERT-VN
VU#528719
BID
6904
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.3
cpe:/h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.4
CVE-2003-1114
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.260-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
CERT
CA-2003-06
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CERT-VN
VU#528719
BID
6904
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/h:nortel:succession_communication_server_2000
cpe:/h:nortel:succession_communication_server_2000:::compact
CVE-2003-1115
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.307-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
CERT
CA-2003-06
MISC
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
CERT-VN
VU#528719
BID
6904
XF
sip-invite(11379)
The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
cpe:/a:oracle:e-business_suite:10.7
cpe:/a:oracle:e-business_suite:11.0
cpe:/a:oracle:e-business_suite:11.1
cpe:/a:oracle:e-business_suite:11.2
cpe:/a:oracle:e-business_suite:11.3
cpe:/a:oracle:e-business_suite:11.4
cpe:/a:oracle:e-business_suite:11.5
cpe:/a:oracle:e-business_suite:11.6
cpe:/a:oracle:e-business_suite:11.7
cpe:/a:oracle:e-business_suite:11.8
CVE-2003-1116
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.370-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030411 Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf
SECTRACK
1006550
MISC
http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm
CERT-VN
VU#168873
BID
7325
XF
oracle-rra-authentication-bypass(11768)
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.
cpe:/a:realnetworks:realsystem_proxy:8
cpe:/a:realnetworks:realsystem_server:6
cpe:/a:realnetworks:realsystem_server:7
cpe:/a:realnetworks:realsystem_server:8
CVE-2003-1117
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.447-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SECTRACK
1003604
CONFIRM
http://service.real.com/help/faq/security/bufferoverflow.html
CERT-VN
VU#143627
CERT-VN
VU#912219
XF
realsystem-malformed-url-bo(11362)
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
cpe:/a:university_of_california:seti_at_home:3.3
cpe:/a:university_of_california:seti_at_home:3.4
cpe:/a:university_of_california:seti_at_home:3.5
cpe:/a:university_of_california:seti_at_home:3.6
cpe:/a:university_of_california:seti_at_home:3.7
CVE-2003-1118
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.493-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
FULLDISC
20030406 Seti@home information leakage and remote compromise
CERT-VN
VU#146785
BID
7292
XF
seti@home-newline-bo(11731)
Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.
cpe:/a:ssh:secure_shell:3.1
cpe:/a:ssh:secure_shell:3.2
CVE-2003-1119
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:05.653-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-23T14:14:00.000-04:00
CERT-VN
VU#333980
CONFIRM
http://www.ssh.com/company/newsroom/article/476/
SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.
cpe:/a:ssh:tectia_server:4.0.3
cpe:/a:ssh:tectia_server:4.0.4
CVE-2003-1120
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.557-04:00
3.7
LOCAL
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SECTRACK
1009532
CERT-VN
VU#814198
BID
9956
CONFIRM
http://www.ssh.com/company/newsroom/article/520/
XF
sshtectiaserver-passwdplugin-race-condition(15585)
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
CVE-2003-1121
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.633-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CERT-VN
VU#231705
CERT-VN
VU#609137
CONFIRM
http://www.kb.cert.org/vuls/id/CRDY-5EXQRP
CONFIRM
http://www.kb.cert.org/vuls/id/CRDY-5EXQSV
BID
7475
BID
7477
XF
scriptlogic-rpc-modify-registry(11920)
XF
scriptlogic-runadmin-admin-access(11921)
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
cpe:/a:scriptlogic:scriptlogic:4.01
CVE-2003-1122
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.680-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CERT-VN
VU#813737
MISC
http://www.kb.cert.org/vuls/id/CRDY-5EXQT9
BID
7476
XF
scriptlogic-logs$-insecure-permissions(11922)
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.
cpe:/a:sun:jdk:1.2.2::solaris
cpe:/a:sun:jdk:1.2.2_10::linux
cpe:/a:sun:jdk:1.2.2_10::solaris
cpe:/a:sun:jdk:1.2.2_10::windows
cpe:/a:sun:jdk:1.2.2_11::linux
cpe:/a:sun:jdk:1.2.2_11::solaris
cpe:/a:sun:jdk:1.2.2_11::windows
cpe:/a:sun:jdk:1.2.2_12::windows
cpe:/a:sun:jdk:1.3::solaris
cpe:/a:sun:jdk:1.3.0_02::linux
cpe:/a:sun:jdk:1.3.0_02::solaris
cpe:/a:sun:jdk:1.3.0_02::windows
cpe:/a:sun:jdk:1.3.0_05::linux
cpe:/a:sun:jdk:1.3.0_05::solaris
cpe:/a:sun:jdk:1.3.0_05::windows
cpe:/a:sun:jdk:1.3.1_01::linux
cpe:/a:sun:jdk:1.3.1_01::solaris
cpe:/a:sun:jdk:1.3.1_01a::windows
cpe:/a:sun:jdk:1.3.1_03::linux
cpe:/a:sun:jdk:1.3.1_03::solaris
cpe:/a:sun:jdk:1.3.1_03::windows
cpe:/a:sun:jdk:1.3.1_04::windows
cpe:/a:sun:jdk:1.4::linux
cpe:/a:sun:jdk:1.4::solaris
cpe:/a:sun:jdk:1.4::windows
cpe:/a:sun:jdk:1.4.0_01::windows
cpe:/a:sun:jre:1.2.2::solaris
cpe:/a:sun:jre:1.2.2::windows
cpe:/a:sun:jre:1.2.2:update10:linux
cpe:/a:sun:jre:1.2.2:update10:solaris
cpe:/a:sun:jre:1.2.2:update10:windows
cpe:/a:sun:jre:1.2.2_003::linux
cpe:/a:sun:jre:1.2.2_011::linux
cpe:/a:sun:jre:1.2.2_011::solaris
cpe:/a:sun:jre:1.2.2_011::windows
cpe:/a:sun:jre:1.2.2_012::solaris
cpe:/a:sun:jre:1.3.0::linux
cpe:/a:sun:jre:1.3.0::solaris
cpe:/a:sun:jre:1.3.0::windows
cpe:/a:sun:jre:1.3.0:update2:linux
cpe:/a:sun:jre:1.3.0:update2:solaris
cpe:/a:sun:jre:1.3.0:update2:windows
cpe:/a:sun:jre:1.3.0:update4:windows
cpe:/a:sun:jre:1.3.0:update5:linux
cpe:/a:sun:jre:1.3.0:update5:solaris
cpe:/a:sun:jre:1.3.0:update5:windows
cpe:/a:sun:jre:1.3.1::linux
cpe:/a:sun:jre:1.3.1:update1:linux
cpe:/a:sun:jre:1.3.1:update1:solaris
cpe:/a:sun:jre:1.3.1:update1:windows
cpe:/a:sun:jre:1.3.1:update4:solaris
cpe:/a:sun:jre:1.3.1:update4:windows
cpe:/a:sun:jre:1.3.1_03::linux
cpe:/a:sun:jre:1.3.1_03::solaris
cpe:/a:sun:jre:1.3.1_03::windows
cpe:/a:sun:jre:1.4::linux
cpe:/a:sun:jre:1.4::solaris
cpe:/a:sun:jre:1.4::windows
cpe:/a:sun:jre:1.4.0_01::solaris
cpe:/a:sun:jre:1.4.0_01::windows
CVE-2003-1123
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.760-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1006935
SUNALERT
55100
CERT-VN
VU#393292
BID
7824
XF
sun-applet-access-information(12189)
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.
cpe:/a:sun:management%2bcenter:2.1.1
cpe:/a:sun:management%2bcenter:3.0
cpe:/a:sun:management%2bcenter:3.0_revenue_release
CVE-2003-1124
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.823-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SUNALERT
55141
CERT-VN
VU#758932
BID
7960
XF
sunmc-files-writable-permissions(12343)
Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.
cpe:/a:sun:one_directory_server:4.16
cpe:/a:sun:one_directory_server:5.0
cpe:/a:sun:one_directory_server:5.1
CVE-2003-1125
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:06.700-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-23T13:14:00.000-04:00
SUNALERT
52102
CERT-VN
VU#195644
Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).
cpe:/a:sun:one_web_server:6.0:sp3
cpe:/a:sun:one_web_server:6.0:sp4
cpe:/a:sun:one_web_server:6.0:sp5
CVE-2003-1126
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:06.857-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-23T13:04:00.000-04:00
SUNALERT
56180
CERT-VN
VU#636964
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
cpe:/a:whale_communications:e-gap:2.5
CVE-2003-1127
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.870-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CERT-VN
VU#371470
MISC
http://www.procheckup.com/security_info/vuln_pr0307.html
BID
9431
XF
egap-url-information-disclosure(14869)
Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor.
cpe:/a:x2_studios:xmms_remote:0.1
CVE-2003-1128
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.917-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CERT-VN
VU#583020
BID
7534
CONFIRM
http://www.x2studios.com/index.php?page=kb&id=16
XF
xmms-remote-command-execution(12139)
XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086.
cpe:/a:yahoo:audio_conferencing_activex_control:1.0.0.43
CVE-2003-1129
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:45.977-04:00
2.6
NETWORK
HIGH
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://help.yahoo.com/help/us/mesg/use/use-45.html
CERT-VN
VU#272644
BUGTRAQ
20030530 Yahoo! Security Advisory: Yahoo! Voice Chat
BID
7561
XF
yahoo-audio-bo(12130)
Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
CVE-2003-1130
2003-12-31T00:00:00.000-05:00
2008-09-10T15:21:53.977-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:activecampaign:knowledgebuilder:2.0.1
cpe:/a:activecampaign:knowledgebuilder:2.1.0
cpe:/a:activecampaign:knowledgebuilder:2.1.4
cpe:/a:activecampaign:knowledgebuilder:3.0.1
CVE-2003-1131
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:46.027-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20050312 KnowledgeBase
BUGTRAQ
20031224 Remote Code Execution in Knowledge Builder.
BID
9292
XF
knowledgebuilder-indexphp-file-include(14078)
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code.
cpe:/h:cisco:content_services_switch_11000
cpe:/h:cisco:content_services_switch_11500
CVE-2003-1132
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:07.747-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-23T12:35:00.000-04:00
CISCO
20041008 Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability
CERT-VN
VU#714121
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
cpe:/a:ritlabs:the_bat:1.1
cpe:/a:ritlabs:the_bat:1.5
cpe:/a:ritlabs:the_bat:1.011
cpe:/a:ritlabs:the_bat:1.14
cpe:/a:ritlabs:the_bat:1.015
cpe:/a:ritlabs:the_bat:1.17
cpe:/a:ritlabs:the_bat:1.18
cpe:/a:ritlabs:the_bat:1.19
cpe:/a:ritlabs:the_bat:1.21
cpe:/a:ritlabs:the_bat:1.22
cpe:/a:ritlabs:the_bat:1.028
cpe:/a:ritlabs:the_bat:1.029
cpe:/a:ritlabs:the_bat:1.031
cpe:/a:ritlabs:the_bat:1.032
cpe:/a:ritlabs:the_bat:1.33
cpe:/a:ritlabs:the_bat:1.34
cpe:/a:ritlabs:the_bat:1.035
cpe:/a:ritlabs:the_bat:1.036
cpe:/a:ritlabs:the_bat:1.037
cpe:/a:ritlabs:the_bat:1.039
cpe:/a:ritlabs:the_bat:1.041
cpe:/a:ritlabs:the_bat:1.42
cpe:/a:ritlabs:the_bat:1.42f
cpe:/a:ritlabs:the_bat:1.043
cpe:/a:ritlabs:the_bat:1.44
cpe:/a:ritlabs:the_bat:1.45
cpe:/a:ritlabs:the_bat:1.46
cpe:/a:ritlabs:the_bat:1.47
cpe:/a:ritlabs:the_bat:1.48
cpe:/a:ritlabs:the_bat:1.49
cpe:/a:ritlabs:the_bat:1.51
cpe:/a:ritlabs:the_bat:1.52
cpe:/a:ritlabs:the_bat:1.53d
cpe:/a:ritlabs:the_bat:1.101
cpe:/a:ritlabs:the_bat:2.0
cpe:/a:ritlabs:the_bat:2.0.1
CVE-2003-1133
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:46.087-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SECTRACK
1008004
BUGTRAQ
20031025 Some serious security holes in 'The Bat!'
BID
8891
XF
thebat-access-email(13527)
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
cpe:/a:sun:java:1.3.1
cpe:/a:sun:java:1.4.1
cpe:/a:sun:java:1.4.2
CVE-2003-1134
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:08.137-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-23T12:20:00.000-04:00
FULLDISC
20031026 Java 1.4.2_02 InsecurityManager JVM crash
BID
8892
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
cpe:/a:yahoo:messenger:5.6
CVE-2003-1135
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:08.293-04:00
2.6
NETWORK
HIGH
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-05-23T12:16:00.000-04:00
BUGTRAQ
20031026 Buffer Overflow in Yahoo messenger Client
BID
8894
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
cpe:/a:chi_kien_uong:chi_kien_uong_guestbook:1.51
CVE-2003-1136
2003-10-23T00:00:00.000-04:00
2017-07-10T21:29:46.150-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1008006
BUGTRAQ
20031026 New Vulnerability
BID
8895
BID
8896
XF
guestbook-html-xss(13522)
XF
guestbook-doublequotation-xss(13523)
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
cpe:/a:charles_steinkuehler:sh-httpd:0.3
cpe:/a:charles_steinkuehler:sh-httpd:0.4
CVE-2003-1137
2003-10-27T00:00:00.000-05:00
2017-07-10T21:29:46.197-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20031027 sh-httpd `wildcard character' vulnerability
BUGTRAQ
20031028 Re: sh-httpd `wildcard character' vulnerability
BID
8897
XF
shtttpd-get-information-disclosure(13519)
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.
cpe:/a:redhat:interchange:2.0.40_21.5::i386
CVE-2003-1138
2003-10-27T00:00:00.000-05:00
2008-09-05T16:36:08.747-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2005-05-23T11:33:00.000-04:00
BUGTRAQ
20031027 Root Directory Listing on RH default apache
BID
8898
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
cpe:/a:musicqueue:musicqueue:1.2
CVE-2003-1139
2003-10-27T00:00:00.000-05:00
2017-07-10T21:29:46.243-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1008014
BUGTRAQ
20031027 Musicqueue multiple local vulnerabilities
BID
8899
XF
musicqueue-tmpfile-symlink(13520)
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.
cpe:/a:musicqueue:musicqueue:0.9
cpe:/a:musicqueue:musicqueue:0.9.1
cpe:/a:musicqueue:musicqueue:0.9.2
cpe:/a:musicqueue:musicqueue:1.0
cpe:/a:musicqueue:musicqueue:1.1
cpe:/a:musicqueue:musicqueue:1.1.1
CVE-2003-1140
2003-10-27T00:00:00.000-05:00
2017-07-10T21:29:46.307-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20031027 Musicqueue multiple local vulnerabilities
SECTRACK
1008014
BUGTRAQ
20031027 Musicqueue multiple local vulnerabilities
BID
8903
XF
musicqueue-getconf-bo(13521)
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
cpe:/h:network_instruments:niprint_lpd-lpr_print_server:4.10
CVE-2003-1141
2003-11-04T00:00:00.000-05:00
2017-07-10T21:29:46.353-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031104 SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
BUGTRAQ
20031104 NIPrint remote exploit
BID
8968
XF
niprint-bo(13591)
Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515.
CVE-2003-1142
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:46.417-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031104 SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit
BID
8969
XF
niprint-helpapi-gain-privileges(13592)
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
cpe:/a:croteam:serioussam:test_2_2.1_a
cpe:/a:croteam:serioussam:the_first_encounter_1.0.5
cpe:/a:croteam:serioussam:the_second_encounter_1.0.5
cpe:/a:croteam:serioussam:the_second_encounter_demo
CVE-2003-1143
2003-10-30T00:00:00.000-05:00
2017-07-10T21:29:46.493-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031030 Serious Sam is not so serious
BID
8936
XF
serioussam-games-packet-dos(13618)
Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter.
cpe:/a:perception:liteserve:1.25
cpe:/a:perception:liteserve:1.28
cpe:/a:perception:liteserve:2.0
cpe:/a:perception:liteserve:2.0.1
cpe:/a:perception:liteserve:2.0.2
cpe:/a:perception:liteserve:2.2
CVE-2003-1144
2003-11-04T00:00:00.000-05:00
2017-07-10T21:29:46.557-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
SECTRACK
1008093
BUGTRAQ
20031104 Liteserve Buffer Overflow in Handling Server's Log.
BID
8971
XF
liteserve-log-entry-bo(13599)
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
CVE-2003-1145
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:46.620-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031107 OpenAutoClassifieds XSS attack
BID
8972
XF
openautoclassifieds-friendmail-xss(13604)
Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
cpe:/a:john_beatty:easy_php_photo_album:1.0
CVE-2003-1146
2003-05-11T00:00:00.000-04:00
2008-09-05T16:36:09.997-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2005-05-23T10:43:00.000-04:00
MISC
http://security.nnov.ru/docs5347.html
BID
8977
Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
CVE-2003-1147
2003-12-31T00:00:00.000-05:00
2008-09-10T15:21:55.337-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0955. Reason: This candidate is a duplicate of CVE-2003-0955. Notes: All CVE users should reference CVE-2003-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:les_visiteurs:les_visiteurs:2.0.1
CVE-2003-1148
2003-10-25T00:00:00.000-04:00
2017-07-10T21:29:46.697-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031026 Les Visiteurs v2.0.1 code injection vulnerability
SECTRACK
1008011
SECTRACK
1017065
BID
8902
XF
les-visiteurs-file-include(13529)
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
cpe:/a:symantec:norton_internet_security:2003_6.0.4.34
CVE-2003-1149
2003-10-27T00:00:00.000-05:00
2017-07-10T21:29:46.743-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html
BUGTRAQ
20031027 Norton Internet Security 2003 XSS
BID
8904
XF
norton-is-blocked-xss(13528)
Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.
cpe:/a:novell:zenworks_desktops:3.2:sp2
cpe:/a:novell:zenworks_desktops:4.0
cpe:/a:novell:zenworks_desktops:4.0.1
cpe:/o:novell:netware:6.0:sp3
CVE-2003-1150
2003-10-27T00:00:00.000-05:00
2017-07-10T21:29:46.807-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BID
8907
XF
novell-portmapper-bo(13564)
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
CVE-2003-1151
2003-10-28T00:00:00.000-05:00
2017-07-10T21:29:46.887-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1008020
BUGTRAQ
20031028 Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability
BID
8908
XF
fastream-nonexistent-url-xss(13535)
Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.
cpe:/a:infrontech:webtide:7.0.4
CVE-2003-1152
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:46.947-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
FULLDISC
20031028 STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability
SECTRACK
1008016
BID
8909
XF
webtide-file-disclosure(13533)
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
cpe:/a:bytehoard:bytehoard:0.7
cpe:/a:bytehoard:bytehoard:0.71
CVE-2003-1153
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.010-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
FULLDISC
20031027 Bytehoard File Disclosure VUlnerability Sequel
BID
8910
XF
bytehoard-view-file(13531)
byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php.
cpe:/a:clearswift:mailsweeper:4.0
cpe:/a:clearswift:mailsweeper:4.1
cpe:/a:clearswift:mailsweeper:4.2
cpe:/a:clearswift:mailsweeper:4.3
cpe:/a:clearswift:mailsweeper:4.3.3
cpe:/a:clearswift:mailsweeper:4.3.4
cpe:/a:clearswift:mailsweeper:4.3.5
cpe:/a:clearswift:mailsweeper:4.3.6
cpe:/a:clearswift:mailsweeper:4.3.6_sp1
cpe:/a:clearswift:mailsweeper:4.3.7
cpe:/a:clearswift:mailsweeper:4.3.8
cpe:/a:clearswift:mailsweeper:4.3.10
CVE-2003-1154
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.073-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
MISC
http://www.computerworld.co.nz/cw.nsf/0/BF9E8E6E2D313E5FCC256DD70016473F?OpenDocument&More=
BID
8982
XF
mailsweeper-zip-virus-bypass(13611)
MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.
cpe:/a:x-cd-roast:x-cd-roast:0.98_alpha10
cpe:/a:x-cd-roast:x-cd-roast:0.98_alpha11
cpe:/a:x-cd-roast:x-cd-roast:0.98_alpha12
cpe:/a:x-cd-roast:x-cd-roast:0.98_alpha13
cpe:/a:x-cd-roast:x-cd-roast:0.98_alpha14
CVE-2003-1155
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.150-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SECTRACK
1008094
BID
8983
CONFIRM
http://www.xcdroast.org/xcdr098/changelog-a15.html
XF
xcdroast-symlink(13612)
X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file.
cpe:/a:sun:jdk:1.4.2::linux
cpe:/a:sun:jdk:1.4.2_02::linux
cpe:/a:sun:jre:1.4.2::linux
cpe:/a:sun:jre:1.4.2:update2:linux
CVE-2003-1156
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.213-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031031 Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers
BID
8937
XF
sun-jre-java-symlink(13570)
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
cpe:/a:citrix:metaframe:1.0::xp
CVE-2003-1157
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.260-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting
BID
27948
BID
8939
XF
metaframe-error-message-xss(13569)
XF
citrix-webmanager-login-xss(40782)
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
cpe:/a:plug_and_play_software:plug_and_play_web_server:1.0.002c
CVE-2003-1158
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.307-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030917 Denial Of Service in Plug & Play Web (FTP) Server
BID
8667
XF
plugandplaywebserver-multiple-commands-dos(13219)
Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands.
cpe:/a:plug_and_play:plug_and_play_web_server_proxy:1.0002c
CVE-2003-1159
2003-10-31T00:00:00.000-05:00
2017-07-10T21:29:47.370-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031031 DoS in Plug and Play Web Server Proxy Server
BID
8941
XF
plugandplaywebserver-get-dos(13572)
Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080.
cpe:/a:seyeon:flexwatch_network_video_server:2.2
cpe:/a:seyeon:flexwatch_network_video_server:model_132
CVE-2003-1160
2003-10-30T00:00:00.000-05:00
2017-07-10T21:29:47.417-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
MISC
http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt
SECTRACK
1008049
BID
8942
XF
flexwatch-slash-admin-access(13567)
FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
cpe:/o:linux:linux_kernel:2.6_test9_cvs
CVE-2003-1161
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:12.230-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2005-05-23T09:29:00.000-04:00
ALLOWS_ADMIN_ACCESS
BID
8987
MLIST
[linux-kernel] 20031105 BK2CVS problem
MLIST
[linux-kernel] 20031105 Re: BK2CVS problem
MLIST
[linux-kernel] 20031105 Re: BK2CVS problem
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
cpe:/a:tritanium_scripts:tritanium_bulletin_board:0.993_beta
cpe:/a:tritanium_scripts:tritanium_bulletin_board:0.994_beta
cpe:/a:tritanium_scripts:tritanium_bulletin_board:0.999_beta
cpe:/a:tritanium_scripts:tritanium_bulletin_board:1.0_beta
cpe:/a:tritanium_scripts:tritanium_bulletin_board:1.1_final
cpe:/a:tritanium_scripts:tritanium_bulletin_board:1.2
cpe:/a:tritanium_scripts:tritanium_bulletin_board:1.2.1
cpe:/a:tritanium_scripts:tritanium_bulletin_board:1.2.2
cpe:/a:tritanium_scripts:tritanium_bulletin_board:1.2.3
CVE-2003-1162
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.463-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20031031 Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads
BID
8944
XF
tritanium-threadid-view-messages(13587)
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.
cpe:/a:ganglia:gmond:2.5.0
cpe:/a:ganglia:gmond:2.5.1
cpe:/a:ganglia:gmond:2.5.2
cpe:/a:ganglia:gmond:2.5.3
cpe:/a:ganglia:gmond:2.5.4
CVE-2003-1163
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.510-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://ganglia.sourceforge.net/
BUGTRAQ
20031106 DoS for Ganglia
BID
8988
XF
ganglia-gmond-dos(13631)
hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.
cpe:/a:mldonkey:mldonkey:2.5.4
CVE-2003-1164
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.573-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
FULLDISC
20031031 XSS In mldonkey - But....
BID
8946
XF
mldonkey-xss(13615)
Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.
cpe:/a:brs:webweaver:0.49_beta
cpe:/a:brs:webweaver:0.50_beta
cpe:/a:brs:webweaver:0.51_beta
cpe:/a:brs:webweaver:0.52_beta
cpe:/a:brs:webweaver:0.60_beta
cpe:/a:brs:webweaver:0.61_beta
cpe:/a:brs:webweaver:0.62_beta
cpe:/a:brs:webweaver:0.63_beta
cpe:/a:brs:webweaver:1.0.1
cpe:/a:brs:webweaver:1.0.2
cpe:/a:brs:webweaver:1.0.3
cpe:/a:brs:webweaver:1.0.4
cpe:/a:brs:webweaver:1.0.5
cpe:/a:brs:webweaver:1.0.6
CVE-2003-1165
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.637-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031101 BRS WebWeaver 1.06 remote DoS vulnerability
BID
8947
XF
brswebweaver-useragent-bo(13571)
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
cpe:/a:http_commander:http_commander:4.0
CVE-2003-1166
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.680-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://www.http-com.com/Default.asp?section=Features
BID
8948
XF
http-commander-directory-traversal(13622)
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
cpe:/a:gernot_stocker:kpopup:0.9.1
cpe:/a:gernot_stocker:kpopup:0.9.5_pre2
CVE-2003-1167
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.760-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031028 Local root vuln in kpopup
BID
8915
XF
kpopup-systemcall-execute-code(13540)
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
CVE-2003-1168
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:13.357-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2005-05-22T23:19:00.000-04:00
BID
8949
HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.
cpe:/a:datev:nutzungskontrolle:2.1
cpe:/a:datev:nutzungskontrolle:2.2
CVE-2003-1169
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.823-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
FULLDISC
20031101 DATEV Nutzungskontrolle Bypassing (REG)
BID
8950
XF
nutzungskontrolle-registry-security-bypass(13589)
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
cpe:/a:gernot_stocker:kpopup:0.9.1
cpe:/a:gernot_stocker:kpopup:0.9.5_pre2
CVE-2003-1170
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:13.653-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2005-05-22T23:05:00.000-04:00
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20031028 Local root vuln in kpopup
BID
8918
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.
cpe:/a:mod_security:mod_security:1.7
cpe:/a:mod_security:mod_security:1.7.1
CVE-2003-1171
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.900-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
MISC
http://adsystems.com.pl/adg-mod_security171.txt
SECTRACK
1008025
CONFIRM
http://www.modsecurity.org/download/CHANGES
BUGTRAQ
20031028 mod_security 1.7RC1 to 1.7.1 vulnerability
BID
8919
XF
mod-security-secfilterout-bo(13543)
Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
cpe:/a:apache:cocoon:2.1
cpe:/a:apache:cocoon:2.1.2
cpe:/a:apache:cocoon:2.2
CVE-2003-1172
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:47.963-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://issues.apache.org/bugzilla/show_bug.cgi?id=23949
SECTRACK
1007993
MISC
http://www.securiteam.com/securitynews/6W00L0U8KC.html
BID
8883
XF
apachecocoon-directory-traversal-bootini(13499)
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2003-1173
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:48.027-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20031028 FirstClass 7.1 HTTP Server: Remote Directory Listing
BUGTRAQ
20031030 Re: FirstClass 7.1 HTTP Server: Remote Directory Listing
BID
8920
XF
firstclass-view-unauthorized-files(13546)
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
cpe:/a:nullsoft:shoutcast_server:1.9.2
CVE-2003-1174
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:48.073-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SECTRACK
1008080
BUGTRAQ
20031102 ShoutCast server 1.9.2/win32
BID
8954
XF
shoutcast-long-icy-dos(13586)
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
cpe:/a:synthetic_reality:sympoll:1.5
CVE-2003-1175
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:48.137-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
CONFIRM
http://sourceforge.net/tracker/index.php?func=detail&aid=834374&group_id=64442&atid=507493
BID
8956
XF
sympoll-indexphp-xss(13630)
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
cpe:/a:bdc_enterprises:web_wiz_forums:6.34
cpe:/a:bdc_enterprises:web_wiz_forums:7.01
cpe:/a:bdc_enterprises:web_wiz_forums:7.5
CVE-2003-1176
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:48.197-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1008100
BUGTRAQ
20031102 Unauthorized access in Web Wiz Forum
BUGTRAQ
20031104 Re: Unauthorized access in Web Wiz Forum
BID
8957
XF
webwizforums-quotemode-message-access(13581)
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
cpe:/a:atrium_software:mercur_mailserver:3.3
cpe:/a:atrium_software:mercur_mailserver:3.3_sp1
cpe:/a:atrium_software:mercur_mailserver:3.3_sp2
cpe:/a:atrium_software:mercur_mailserver:4.1
cpe:/a:atrium_software:mercur_mailserver:4.1_sp1
cpe:/a:atrium_software:mercur_mailserver:4.2
cpe:/a:atrium_software:mercur_mailserver:4.2_sp1
cpe:/a:atrium_software:mercur_mailserver:4.2_sp2
CVE-2003-1177
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:48.260-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
FULLDISC
20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below
CONFIRM
http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html
MISC
http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html
BID
8861
BID
8889
XF
mercur-auth-command-dos(13468)
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.
cpe:/a:advanced_poll:advanced_poll:2.0.0
cpe:/a:advanced_poll:advanced_poll:2.0.1
cpe:/a:advanced_poll:advanced_poll:2.0.2
CVE-2003-1178
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:45.560-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VIM
Advanced Poll v2.02 :) <= Remote File Inclusion
BUGTRAQ
20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
BUGTRAQ
20061008 Advanced Poll v2.02 :) <= Remote File Inclusion
BID
8890
XF
advancedpoll-php-injection(13513)
XF
advanced-poll-comments-file-include(29396)
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.
cpe:/a:advanced_poll:advanced_poll:2.0.0
cpe:/a:advanced_poll:advanced_poll:2.0.1
cpe:/a:advanced_poll:advanced_poll:2.0.2
CVE-2003-1179
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:46.217-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MISC
http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt
BUGTRAQ
20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
BUGTRAQ
20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion
BID
19105
BID
8890
MISC
http://www.solpotcrew.org/adv/solpot-adv-02.txt
XF
advancedpoll-php-file-include(13514)
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
cpe:/a:advanced_poll:advanced_poll:2.0.0
cpe:/a:advanced_poll:advanced_poll:2.0.1
cpe:/a:advanced_poll:advanced_poll:2.0.2
CVE-2003-1180
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:48.430-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
BID
8890
XF
advancedpoll-php-file-include(13514)
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
cpe:/a:advanced_poll:advanced_poll:2.0.2
CVE-2003-1181
2003-10-25T00:00:00.000-04:00
2017-07-10T21:29:48.477-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
BID
8890
XF
advancedpoll-phpinfo-obtain-information(13515)
Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.
cpe:/a:mpm:mpm_guestbook:1.2
CVE-2003-1182
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:48.540-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BID
8958
XF
mpmguestbook-ing-xss(13575)
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
cpe:/a:oracle:oracle_files:9.0.3.1.0
cpe:/a:oracle:oracle_files:9.0.3.2.0
cpe:/a:oracle:oracle_files:9.0.3.3.0
CVE-2003-1183
2003-10-28T00:00:00.000-05:00
2017-07-10T21:29:48.603-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://www.oracle.com/technology/deploy/security/pdf/2003alert60.pdf
BID
8923
XF
oraclecollaborationsuite-file-access(13545)
The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.
CVE-2003-1184
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:48.667-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=195009
BID
8959
XF
thwboard-multiple-fields-xss(13582)
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."
cpe:/a:thwboard:thwboard:2.8_beta
cpe:/a:thwboard:thwboard:2.81_beta
CVE-2003-1185
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:48.727-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=195009
BID
8961
XF
thwboard-multiple-sql-injection(13583)
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
cpe:/a:telcondex:simplewebserver:2.12.30210_build3285
CVE-2003-1186
2003-10-29T00:00:00.000-05:00
2017-07-10T21:29:48.777-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031029 TelCondex SimpleWebserver Buffer Overflow
BID
8925
XF
simplewebserver-referer-bo(13549)
Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.
cpe:/a:phpkit:phpkit:1.6.02
cpe:/a:phpkit:phpkit:1.6.03
CVE-2003-1187
2003-11-02T00:00:00.000-05:00
2017-07-10T21:29:48.837-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
MISC
http://badwebmasters.net/advisory/017/
FULLDISC
20031102 [bWM#017] Cross-Site-Scripting @ PHPKIT
BID
8960
XF
phpkit-include-xss(13590)
Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.
cpe:/a:unichat:unichat:2.0
CVE-2003-1188
2003-11-02T00:00:00.000-05:00
2017-07-10T21:29:48.887-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031102 Unichat Vulnerabilities
BID
8962
XF
unichat-nonalphanumeric-character-dos(13610)
Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit.
cpe:/o:nokia:ipso:3.7
CVE-2003-1189
2003-10-29T00:00:00.000-05:00
2017-07-10T21:29:48.947-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SECTRACK
1007992
BID
8928
XF
nokia-ipso-ipcluster-dos(13539)
Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.
cpe:/a:phprecipebook:phprecipebook:1.24
cpe:/a:phprecipebook:phprecipebook:1.25
cpe:/a:phprecipebook:phprecipebook:1.26
cpe:/a:phprecipebook:phprecipebook:1.26a
cpe:/a:phprecipebook:phprecipebook:1.27
cpe:/a:phprecipebook:phprecipebook:1.27a
cpe:/a:phprecipebook:phprecipebook:1.30
cpe:/a:phprecipebook:phprecipebook:1.30a
cpe:/a:phprecipebook:phprecipebook:1.31
cpe:/a:phprecipebook:phprecipebook:2.04
cpe:/a:phprecipebook:phprecipebook:2.05
cpe:/a:phprecipebook:phprecipebook:2.06
cpe:/a:phprecipebook:phprecipebook:2.10
cpe:/a:phprecipebook:phprecipebook:2.11
cpe:/a:phprecipebook:phprecipebook:2.12
cpe:/a:phprecipebook:phprecipebook:2.13
cpe:/a:phprecipebook:phprecipebook:2.14
cpe:/a:phprecipebook:phprecipebook:2.15
cpe:/a:phprecipebook:phprecipebook:2.16
cpe:/a:phprecipebook:phprecipebook:2.17
CVE-2003-1190
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:49.010-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=193940
BID
8963
XF
phprecipebook-recipe-xss(13574)
Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe.
cpe:/a:e107:e107:0.545
cpe:/a:e107:e107:0.603
CVE-2003-1191
2003-10-29T00:00:00.000-05:00
2017-07-10T21:29:49.073-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031029 E107 DoS vulnerability
BID
8930
XF
e107chatboxdos(13553)
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
cpe:/a:truenorth_software:ia_webmail_server:3.0
cpe:/a:truenorth_software:ia_webmail_server:3.1
CVE-2003-1192
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:49.137-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SECTRACK
1008075
VULNWATCH
20031103 IA WebMail Server 3.x Buffer Overflow Vulnerability
MISC
http://www.securiteam.com/windowsntfocus/6B002158UQ.html
BID
8965
XF
iawebmailserver-get-bo(13580)
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
cpe:/a:oracle:application_server_portal:3.0.9.8.5
cpe:/a:oracle:application_server_portal:9.0.2.3
cpe:/a:oracle:application_server_portal:9.0.2.3a
cpe:/a:oracle:application_server_portal:9.0.2.3b
cpe:/a:oracle:oracle9i:9.0.2
cpe:/a:oracle:oracle9i:9.0.2.0.0
cpe:/a:oracle:oracle9i:9.0.2.0.1
cpe:/a:oracle:oracle9i:9.0.2.1
cpe:/a:oracle:oracle9i:9.0.2.2
cpe:/a:oracle:oracle9i:9.0.2.3
CVE-2003-1193
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:49.197-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf
BUGTRAQ
20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)
BID
8966
XF
oracle-portal-sql-injection(13593)
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
cpe:/a:booby:booby:0.1
cpe:/a:booby:booby:0.1.1
cpe:/a:booby:booby:0.1.2
cpe:/a:booby:booby:0.1.3
cpe:/a:booby:booby:0.2
cpe:/a:booby:booby:0.2.1
cpe:/a:booby:booby:0.2.2
cpe:/a:booby:booby:0.2.3
cpe:/a:booby:booby:0.3
CVE-2003-1194
2003-10-30T00:00:00.000-05:00
2017-07-10T21:29:49.260-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1008056
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=193878
BID
8932
XF
booby-error-message-xss(13557)
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
CVE-2003-1195
2003-11-23T00:00:00.000-05:00
2017-07-10T21:29:49.323-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
FULLDISC
20031123 VieNuke VieBoard SQL Injection Vulnerability... again
XF
vieboard-getmember-sql-injection(13819)
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable.
cpe:/a:vienuke:vieboard:2.6
cpe:/a:vienuke:vieboard:2.6_beta_1
CVE-2003-1196
2003-11-03T00:00:00.000-05:00
2017-07-10T21:29:49.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BID
8967
XF
vieboard-viewtopic-sql-injection(13629)
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2003-1197
2003-10-30T00:00:00.000-05:00
2017-07-10T21:29:49.447-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031030 Multiple Vulnerabilities in Led-Forums
BID
8934
XF
ledforums-indexphp-xss(13562)
XF
ledforums-topicfield-redirect(13563)
Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
cpe:/a:cherokee:cherokee_httpd:0.1
cpe:/a:cherokee:cherokee_httpd:0.1.5
cpe:/a:cherokee:cherokee_httpd:0.1.6
cpe:/a:cherokee:cherokee_httpd:0.2
cpe:/a:cherokee:cherokee_httpd:0.2.5
cpe:/a:cherokee:cherokee_httpd:0.2.6
cpe:/a:cherokee:cherokee_httpd:0.2.7
cpe:/a:cherokee:cherokee_httpd:0.4.6
CVE-2003-1198
2003-12-26T00:00:00.000-05:00
2017-07-10T21:29:49.493-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://freshmeat.net/redir/cherokee/20646/url_changelog/ChangeLog
BID
9345
XF
cherokee-post-request-dos(14119)
connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field.
cpe:/a:myproxy:myproxy:2003-06-29
CVE-2003-1199
2004-03-11T00:00:00.000-05:00
2017-07-10T21:29:49.540-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030311 XSS in MyProxy 20030629
BID
9846
XF
myproxy-xss(15438)
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
cpe:/a:alt-n:mdaemon:6.5.2
cpe:/a:alt-n:mdaemon:6.7.5
cpe:/a:alt-n:mdaemon:6.7.9
cpe:/a:alt-n:mdaemon:6.8.0
cpe:/a:alt-n:mdaemon:6.8.1
cpe:/a:alt-n:mdaemon:6.8.2
cpe:/a:alt-n:mdaemon:6.8.3
cpe:/a:alt-n:mdaemon:6.8.4
cpe:/a:alt-n:mdaemon:6.8.5
CVE-2003-1200
2003-12-29T00:00:00.000-05:00
2017-07-10T21:29:49.603-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20040314 Rosiello Security's exploit for MDaemon
BUGTRAQ
20031229 [Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler
BID
9317
XF
mdaemon-form2raw-from-bo(14097)
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
cpe:/a:openldap:openldap:2.0
cpe:/a:openldap:openldap:2.0.1
cpe:/a:openldap:openldap:2.0.2
cpe:/a:openldap:openldap:2.0.3
cpe:/a:openldap:openldap:2.0.4
cpe:/a:openldap:openldap:2.0.5
cpe:/a:openldap:openldap:2.0.6
cpe:/a:openldap:openldap:2.0.7
cpe:/a:openldap:openldap:2.0.8
cpe:/a:openldap:openldap:2.0.9
cpe:/a:openldap:openldap:2.0.10
cpe:/a:openldap:openldap:2.0.11
cpe:/a:openldap:openldap:2.0.11_9
cpe:/a:openldap:openldap:2.0.11_11
cpe:/a:openldap:openldap:2.0.11_11s
cpe:/a:openldap:openldap:2.0.12
cpe:/a:openldap:openldap:2.0.13
cpe:/a:openldap:openldap:2.0.14
cpe:/a:openldap:openldap:2.0.15
cpe:/a:openldap:openldap:2.0.16
cpe:/a:openldap:openldap:2.0.17
cpe:/a:openldap:openldap:2.0.18
cpe:/a:openldap:openldap:2.0.19
cpe:/a:openldap:openldap:2.0.20
cpe:/a:openldap:openldap:2.0.21
cpe:/a:openldap:openldap:2.0.22
cpe:/a:openldap:openldap:2.0.23
cpe:/a:openldap:openldap:2.0.25
cpe:/a:openldap:openldap:2.0.27
cpe:/a:openldap:openldap:2.1.4
cpe:/a:openldap:openldap:2.1.10
cpe:/a:openldap:openldap:2.1.11
cpe:/a:openldap:openldap:2.1.12
cpe:/a:openldap:openldap:2.1.13
cpe:/a:openldap:openldap:2.1.14
cpe:/a:openldap:openldap:2.1.15
cpe:/a:openldap:openldap:2.1.16
CVE-2003-1201
2003-03-20T00:00:00.000-05:00
2017-07-10T21:29:49.667-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONECTIVA
CLSA-2003:685
GENTOO
GLSA-200403-12
CONFIRM
http://www.openldap.org/its/index.cgi?findid=2390
BID
7656
XF
openldap-back-ldbm-dos(12520)
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
cpe:/a:omail:omail_webmail:0.97.3
cpe:/a:omail:omail_webmail:0.98.4
CVE-2003-1202
2003-08-19T00:00:00.000-04:00
2017-07-10T21:29:49.727-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030821 Remote Execution of Commands in Omail Webmail 0.98.4 and earlier
BUGTRAQ
20030821 Re: Remote Execution of Commands in Omail Webmail 0.98.4 and earlier
BID
8451
XF
omailwebmail-checklogin-code-execution(12948)
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
cpe:/a:mambo:mambo_site_server:4.0.10
CVE-2003-1203
2003-03-18T00:00:00.000-05:00
2017-07-10T21:29:49.777-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030318 Some XSS vulns
BID
7135
XF
mambo-option-index-xss(11601)
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
CVE-2003-1204
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:49.837-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030110 Mambo Site Server Remote Code Execution
BID
6571
XF
mambo-multiple-scripts-xss(11050)
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
cpe:/a:crob:crob_ftp_server:2.60.1
CVE-2003-1205
2003-08-06T00:00:00.000-04:00
2017-07-10T21:29:49.917-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1
MISC
http://www.crob.net/studio/ftpserver/
XF
crob-rename-file-dos(12838)
Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name.
cpe:/a:crob:crob_ftp_server:2.60.1
CVE-2003-1206
2003-06-03T00:00:00.000-04:00
2017-07-10T21:29:49.963-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1
MISC
http://www.crob.net/studio/ftpserver/
BUGTRAQ
20030807 Re: DoS Vulnerabilities in Crob FTP Server 2.60.1
XF
crob-login-dos(12834)
Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir.
cpe:/a:crob:crob_ftp_server:3.5.1
CVE-2003-1207
2004-02-01T00:00:00.000-05:00
2017-07-10T21:29:50.027-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SECTRACK
1008908
BUGTRAQ
20040201 Vulnerabilities in Crob FTP Server V3.5.1
BID
9549
XF
crob-dir-dos(15105)
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.
cpe:/a:oracle:oracle9i:enterprise_9.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0
cpe:/a:oracle:oracle9i:enterprise_9.2.0.1
cpe:/a:oracle:oracle9i:enterprise_9.2.0.2
cpe:/a:oracle:oracle9i:personal_9.0.1
cpe:/a:oracle:oracle9i:personal_9.2
cpe:/a:oracle:oracle9i:personal_9.2.0.1
cpe:/a:oracle:oracle9i:personal_9.2.0.2
cpe:/a:oracle:oracle9i:standard_9.0
cpe:/a:oracle:oracle9i:standard_9.0.1
cpe:/a:oracle:oracle9i:standard_9.0.1.2
cpe:/a:oracle:oracle9i:standard_9.0.1.3
cpe:/a:oracle:oracle9i:standard_9.0.1.4
cpe:/a:oracle:oracle9i:standard_9.0.2
cpe:/a:oracle:oracle9i:standard_9.2
cpe:/a:oracle:oracle9i:standard_9.2.0.1
cpe:/a:oracle:oracle9i:standard_9.2.0.2
CVE-2003-1208
2004-12-03T00:00:00.000-05:00
2017-07-10T21:29:50.087-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow
CIAC
O-093
CERT-VN
VU#240174
CERT-VN
VU#399806
CERT-VN
VU#819126
CERT-VN
VU#846582
MISC
http://www.nextgenss.com/advisories/ora_from_tz.txt
MISC
http://www.nextgenss.com/advisories/ora_numtodsinterval.txt
MISC
http://www.nextgenss.com/advisories/ora_numtoyminterval.txt
MISC
http://www.nextgenss.com/advisories/ora_time_zone.txt
BID
9587
XF
oracle-multiple-function-bo(15060)
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
cpe:/a:monkey-project:monkey_http_daemon:0.1.1
cpe:/a:monkey-project:monkey_http_daemon:0.5.2
cpe:/a:monkey-project:monkey_http_daemon:0.6.0
cpe:/a:monkey-project:monkey_http_daemon:0.6.1
CVE-2003-1209
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.137-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://monkeyd.sourceforge.net/Changelog.txt
BID
7201
XF
monkey-content-type-dos(11650)
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.
cpe:/a:francisco_burzi:php-nuke:6.5
cpe:/a:francisco_burzi:php-nuke:6.5_beta1
cpe:/a:francisco_burzi:php-nuke:6.5_final
cpe:/a:francisco_burzi:php-nuke:6.5_rc1
cpe:/a:francisco_burzi:php-nuke:6.5_rc2
cpe:/a:francisco_burzi:php-nuke:6.5_rc3
CVE-2003-1210
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.197-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030513 More and More SQL injection on PHP-Nuke 6.5.
BID
7588
XF
phpnuke-multiple-sql-injection(11984)
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
CVE-2003-1211
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.243-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030606 Critical Vulnerabilities In Max Web Portal
BID
7837
XF
maxwebportal-search-xss(12277)
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
CVE-2003-1212
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.323-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030606 Critical Vulnerabilities In Max Web Portal
BID
7837
XF
maxwebportal-form-field-modify(12278)
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
cpe:/a:maxwebportal:maxwebportal:1.30
CVE-2003-1213
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.370-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030606 Critical Vulnerabilities In Max Web Portal
BID
7837
XF
maxwebportal-database-access(12279)
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
cpe:/a:visualshapers:ezcontents:1.40
cpe:/a:visualshapers:ezcontents:1.41
cpe:/a:visualshapers:ezcontents:1.42
cpe:/a:visualshapers:ezcontents:1.43
cpe:/a:visualshapers:ezcontents:1.44
cpe:/a:visualshapers:ezcontents:1.45
cpe:/a:visualshapers:ezcontents:1.45b
cpe:/a:visualshapers:ezcontents:2.0.1
cpe:/a:visualshapers:ezcontents:2.0.2
cpe:/a:visualshapers:ezcontents:2.0_rc1
cpe:/a:visualshapers:ezcontents:2.0_rc2
cpe:/a:visualshapers:ezcontents:2.0_rc3
CVE-2003-1214
2004-02-11T00:00:00.000-05:00
2017-07-10T21:29:50.417-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://www.ezcontents.org/forum/viewtopic.php?t=361
XF
ezcontents-login-bypass(15136)
Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions.
cpe:/a:phpbb_group:phpbb:1.0.0
cpe:/a:phpbb_group:phpbb:1.2.0
cpe:/a:phpbb_group:phpbb:1.2.1
cpe:/a:phpbb_group:phpbb:1.4.0
cpe:/a:phpbb_group:phpbb:1.4.1
cpe:/a:phpbb_group:phpbb:1.4.2
cpe:/a:phpbb_group:phpbb:1.4.4
cpe:/a:phpbb_group:phpbb:2.0.0
cpe:/a:phpbb_group:phpbb:2.0.1
cpe:/a:phpbb_group:phpbb:2.0.2
cpe:/a:phpbb_group:phpbb:2.0.3
cpe:/a:phpbb_group:phpbb:2.0.4
cpe:/a:phpbb_group:phpbb:2.0.5
cpe:/a:phpbb_group:phpbb:2.0.6
cpe:/a:phpbb_group:phpbb:2.0_beta1
cpe:/a:phpbb_group:phpbb:2.0_rc1
cpe:/a:phpbb_group:phpbb:2.0_rc2
cpe:/a:phpbb_group:phpbb:2.0_rc3
cpe:/a:phpbb_group:phpbb:2.0_rc4
CVE-2003-1215
2003-12-29T00:00:00.000-05:00
2017-07-10T21:29:50.477-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031229 SQL Injection in phpBB's groupcp.php
CONFIRM
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943
BID
9314
XF
phpbb-groupcp-sql-injection(14096)
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
cpe:/a:phpbb_group:phpbb:1.0.0
cpe:/a:phpbb_group:phpbb:1.2.0
cpe:/a:phpbb_group:phpbb:1.2.1
cpe:/a:phpbb_group:phpbb:1.4.0
cpe:/a:phpbb_group:phpbb:1.4.1
cpe:/a:phpbb_group:phpbb:1.4.2
cpe:/a:phpbb_group:phpbb:1.4.4
cpe:/a:phpbb_group:phpbb:2.0.0
cpe:/a:phpbb_group:phpbb:2.0.1
cpe:/a:phpbb_group:phpbb:2.0.2
cpe:/a:phpbb_group:phpbb:2.0.3
cpe:/a:phpbb_group:phpbb:2.0.4
cpe:/a:phpbb_group:phpbb:2.0.5
cpe:/a:phpbb_group:phpbb:2.0.6
cpe:/a:phpbb_group:phpbb:2.0_beta1
cpe:/a:phpbb_group:phpbb:2.0_rc1
cpe:/a:phpbb_group:phpbb:2.0_rc2
cpe:/a:phpbb_group:phpbb:2.0_rc3
cpe:/a:phpbb_group:phpbb:2.0_rc4
CVE-2003-1216
2003-11-27T00:00:00.000-05:00
2017-07-10T21:29:50.540-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031127 phpBB 2.06 search.php SQL injection
BUGTRAQ
20031128 [Hat-Squad] phpBB search_id injection exploit
BUGTRAQ
20031220 phpBB v2.06 search_id sql injection exploit
CONFIRM
http://www.phpbb.com/phpBB/viewtopic.php?t=153818
BID
9122
XF
phpbb-searchphp-sql-injection(13867)
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
CVE-2003-1217
2017-05-11T10:29:01.387-04:00
2017-05-11T10:29:01.387-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
CVE-2003-1218
2017-05-11T10:29:01.400-04:00
2017-05-11T10:29:01.400-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
cpe:/a:oscommerce:oscommerce:2.2_ms2
CVE-2003-1219
2003-12-31T00:00:00.000-05:00
2012-12-12T21:24:28.620-05:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
MLIST
[tep-commits] 20031217 [TEP-COMMIT] CVS: catalog/catalog/includes/functions html_output.php,1.58,1.59
CONFIRM
http://www.oscommerce.com/community/bugs,1546
BUGTRAQ
20031217 osCommerce Malformed Session ID XSS Vuln
BID
9238
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.
cpe:/a:bea:weblogic_server:6.1
cpe:/a:bea:weblogic_server:6.1::express
cpe:/a:bea:weblogic_server:6.1::win32
cpe:/a:bea:weblogic_server:6.1:sp1
cpe:/a:bea:weblogic_server:6.1:sp1:express
cpe:/a:bea:weblogic_server:6.1:sp1:win32
cpe:/a:bea:weblogic_server:6.1:sp2
cpe:/a:bea:weblogic_server:6.1:sp2:express
cpe:/a:bea:weblogic_server:6.1:sp2:win32
cpe:/a:bea:weblogic_server:6.1:sp3
cpe:/a:bea:weblogic_server:6.1:sp3:express
cpe:/a:bea:weblogic_server:6.1:sp4
cpe:/a:bea:weblogic_server:6.1:sp4:express
cpe:/a:bea:weblogic_server:6.1:sp4:win32
cpe:/a:bea:weblogic_server:6.1:sp5
cpe:/a:bea:weblogic_server:6.1:sp5:express
cpe:/a:bea:weblogic_server:6.1:sp5:win32
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp2
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32
cpe:/a:bea:weblogic_server:8.1
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:8.1:sp1
cpe:/a:bea:weblogic_server:8.1:sp1:express
CVE-2003-1220
2003-12-31T00:00:00.000-05:00
2008-09-10T15:22:38.913-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-09-01T17:00:00.000-04:00
BEA
BEA03-39.00
BID
9034
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp2
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32
cpe:/a:bea:weblogic_server:8.1
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:8.1:sp1
cpe:/a:bea:weblogic_server:8.1:sp1:express
CVE-2003-1221
2003-12-31T00:00:00.000-05:00
2008-09-10T15:22:38.993-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2005-09-02T09:45:00.000-04:00
BEA
BEA03-40.00
BID
9034
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
cpe:/a:bea:weblogic_server:8.1
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:8.1:sp1
cpe:/a:bea:weblogic_server:8.1:sp1:express
CVE-2003-1222
2003-12-31T00:00:00.000-05:00
2008-09-10T15:22:39.290-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2005-09-02T09:45:00.000-04:00
BEA
BEA03-41.00
BID
9034
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
cpe:/a:bea:weblogic_server:6.1
cpe:/a:bea:weblogic_server:6.1::express
cpe:/a:bea:weblogic_server:6.1::win32
cpe:/a:bea:weblogic_server:6.1:sp1
cpe:/a:bea:weblogic_server:6.1:sp1:express
cpe:/a:bea:weblogic_server:6.1:sp1:win32
cpe:/a:bea:weblogic_server:6.1:sp2
cpe:/a:bea:weblogic_server:6.1:sp2:express
cpe:/a:bea:weblogic_server:6.1:sp2:win32
cpe:/a:bea:weblogic_server:6.1:sp3
cpe:/a:bea:weblogic_server:6.1:sp3:express
cpe:/a:bea:weblogic_server:6.1:sp3:win32
cpe:/a:bea:weblogic_server:6.1:sp4
cpe:/a:bea:weblogic_server:6.1:sp4:express
cpe:/a:bea:weblogic_server:6.1:sp4:win32
cpe:/a:bea:weblogic_server:6.1:sp5
cpe:/a:bea:weblogic_server:6.1:sp5:express
cpe:/a:bea:weblogic_server:6.1:sp5:win32
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp2
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32
cpe:/a:bea:weblogic_server:8.1
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:8.1:sp1
cpe:/a:bea:weblogic_server:8.1:sp1:express
CVE-2003-1223
2003-12-31T00:00:00.000-05:00
2008-09-10T15:22:43.447-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2005-09-02T09:47:00.000-04:00
BEA
BEA03-42.00
BID
9034
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp2
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32
CVE-2003-1224
2003-12-31T00:00:00.000-05:00
2008-09-10T15:22:43.557-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2005-09-02T09:59:00.000-04:00
BEA
BEA03-30.00
BID
7563
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp2
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32
CVE-2003-1225
2003-12-31T00:00:00.000-05:00
2008-09-10T15:22:43.663-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2005-09-06T13:59:00.000-04:00
BEA
BEA03-30.00
BID
7563
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp2
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32
CVE-2003-1226
2003-12-31T00:00:00.000-05:00
2008-09-10T15:22:43.757-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2005-09-02T13:28:00.000-04:00
BEA
BEA03-30.00
BID
7563
BID
7587
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
cpe:/a:gallery_project:gallery:1.4
cpe:/a:gallery_project:gallery:1.4_pl1
CVE-2003-1227
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.587-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20031011 Gallery 1.4 including file vulnerability
BUGTRAQ
20031011 RE: Gallery 1.4 including file vulnerability
BUGTRAQ
20031012 Re: Gallery 1.4 including file vulnerability
BID
8814
XF
gallery-indexphp-file-include(13419)
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
cpe:/a:mathopd:mathopd:1.2
cpe:/a:mathopd:mathopd:1.3
cpe:/a:mathopd:mathopd:1.3_p4
cpe:/a:mathopd:mathopd:1.3_p5
cpe:/a:mathopd:mathopd:1.3_p6
cpe:/a:mathopd:mathopd:1.3_p7
cpe:/a:mathopd:mathopd:1.3_p8
cpe:/a:mathopd:mathopd:1.3_p17
cpe:/a:mathopd:mathopd:1.3_p18
cpe:/a:mathopd:mathopd:1.4
cpe:/a:mathopd:mathopd:1.4_p1
cpe:/a:mathopd:mathopd:1.5_b13
CVE-2003-1228
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.667-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20031205 [Fwd: Security Alert; possible buffer overflow in all Mathopd versions]
BUGTRAQ
20031208 Re: [Fwd: Security Alert; possible buffer overflow in all Mathopd
MISC
http://www.securiteam.com/unixfocus/5FP0C1FCAW.html
BID
9871
XF
mathopd-preparereply-bo(15474)
Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path.
CVE-2003-1229
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:18.903-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030128 Incorrect Certificate Validation in Java Secure Socket Extension
CONFIRM
http://java.sun.com/products/jsse/CHANGES.txt
SECTRACK
1006007
SECTRACK
1007483
SUNALERT
50081
BID
6682
SECTRACK
1006001
HP
HPSBUX0301-239
XF
sun-java-improper-validation(11182)
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
CVE-2003-1230
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.807-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
FREEBSD
FreeBSD-SA-03:03
BID
6920
XF
freebsd-syncookie-brute-force(11397)
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
cpe:/a:ecw-shop:ecw-shop:5.01
cpe:/a:ecw-shop:ecw-shop:5.5
CVE-2003-1231
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.870-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1008522
MISC
http://www.securiteam.com/unixfocus/6D00F2A95C.html
BID
9244
XF
ecwshop-cat-xss(14032)
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
cpe:/a:gnu:emacs:21.2.1
CVE-2003-1232
2003-12-31T00:00:00.000-05:00
2011-03-07T21:13:42.047-05:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2005-09-26T16:08:00.000-04:00
ALLOWS_USER_ACCESS
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183
MISC
http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f
MISC
http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html
MANDRIVA
MDKSA-2005:208
BID
15375
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
cpe:/a:pedestal_software:integrity_protection_driver:1.2
cpe:/a:pedestal_software:integrity_protection_driver:1.3
CVE-2003-1233
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.933-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030103 Pedestal Software Security Notice
BUGTRAQ
20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)
MISC
http://www.phrack.org/show.php?p=59&a=16
BID
6511
XF
ipd-ntcreatesymboliclinkobject-subs-symlink(10979)
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
cpe:/o:freebsd:freebsd:1.1.5.1
cpe:/o:freebsd:freebsd:2.1.0
cpe:/o:freebsd:freebsd:2.1.5
cpe:/o:freebsd:freebsd:2.1.6
cpe:/o:freebsd:freebsd:2.1.6.1
cpe:/o:freebsd:freebsd:2.1.7
cpe:/o:freebsd:freebsd:2.1.7.1
cpe:/o:freebsd:freebsd:2.2
cpe:/o:freebsd:freebsd:2.2:current
cpe:/o:freebsd:freebsd:2.2.1
cpe:/o:freebsd:freebsd:2.2.2
cpe:/o:freebsd:freebsd:2.2.3
cpe:/o:freebsd:freebsd:2.2.4
cpe:/o:freebsd:freebsd:2.2.5
cpe:/o:freebsd:freebsd:2.2.6
cpe:/o:freebsd:freebsd:2.2.7
cpe:/o:freebsd:freebsd:2.2.8
cpe:/o:freebsd:freebsd:3.1
cpe:/o:freebsd:freebsd:3.2
cpe:/o:freebsd:freebsd:3.3
cpe:/o:freebsd:freebsd:3.4
cpe:/o:freebsd:freebsd:3.5
cpe:/o:freebsd:freebsd:3.5.1:release
cpe:/o:freebsd:freebsd:4.2
cpe:/o:freebsd:freebsd:4.3
cpe:/o:freebsd:freebsd:4.3:release
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.5
cpe:/o:freebsd:freebsd:4.5:release
cpe:/o:freebsd:freebsd:4.6
cpe:/o:freebsd:freebsd:4.6:release
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.7:release
cpe:/o:freebsd:freebsd:4.9:releng
cpe:/o:freebsd:freebsd:4.10
cpe:/o:freebsd:freebsd:4.10:release
cpe:/o:freebsd:freebsd:4.10:release_p8
cpe:/o:freebsd:freebsd:4.10:releng
cpe:/o:freebsd:freebsd:4.11
cpe:/o:freebsd:freebsd:4.11:release_p3
cpe:/o:freebsd:freebsd:4.11:releng
cpe:/o:freebsd:freebsd:4.11:stable
cpe:/o:freebsd:freebsd:5.0
CVE-2003-1234
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:46.950-04:00
3.6
LOCAL
LOW
NONE
NONE
PARTIAL
PARTIAL
http://nvd.nist.gov
FREEBSD
FreeBSD-SA-02:44
BUGTRAQ
20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc
VULNWATCH
20030106 PDS: Integer overflow in FreeBSD kernel
XF
freebsd-kernel-integer-overflow(10993)
MISC
http://www.pine.nl/press/pine-cert-20030101.txt
BUGTRAQ
20030106 PDS: Integer overflow in FreeBSD kernel
BID
6524
SECTRACK
1005898
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
CVE-2003-1235
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:24.293-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-03T10:33:00.000-05:00
BUGTRAQ
20030331 BRS WebWeaver: full disclosure
XF
webweaver-testcgi-info-disclosure(11686)
BID
7283
BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory.
cpe:/a:tanne:tanne:0.6.17
CVE-2003-1236
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:24.447-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2006-01-03T10:40:00.000-05:00
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.
CONFIRM
http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2
XF
tanne-logger-format-string(11006)
BUGTRAQ
20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.
BUGTRAQ
20030108 Tanne Remote format string exploit (Proof of Concept)
BID
6553
SECTRACK
1005900
Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
CVE-2003-1237
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:24.590-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-03T10:44:00.000-05:00
BUGTRAQ
20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard
XF
wwwboard-message-xss(11383)
BID
6918
Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.
cpe:/a:nuked-klan:nuked-klan:1.2
cpe:/a:nuked-klan:nuked-klan:1.2_beta
cpe:/a:nuked-klan:nuked-klan:1.3
cpe:/a:nuked-klan:nuked-klan:1.3_beta
CVE-2003-1238
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:24.747-04:00
5.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
2006-01-03T10:47:00.000-05:00
BUGTRAQ
20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan
BUGTRAQ
20030318 Some XSS vulns
XF
nuked-klan-team-xss(11420)
BID
6916
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.
cpe:/a:wihphoto:wihphoto:0.86
CVE-2003-1239
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:24.900-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-03T10:54:00.000-05:00
VULNWATCH
20030223 WihPhoto (PHP)
XF
wihphoto-sendphoto-file-disclosure(11429)
BUGTRAQ
20030223 WihPhoto (PHP)
BID
6929
Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.
cpe:/a:cutephp:cutenews:0.88
CVE-2003-1240
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:25.043-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-03T11:00:00.000-05:00
BUGTRAQ
20030225 PHP code injection in CuteNews
XF
cutenews-php-file-include(11417)
BID
6935
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.
cpe:/a:levcgi.com:myguestbook:3.0
CVE-2003-1241
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:25.197-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-04T09:43:00.000-05:00
VULNWATCH
20030221 Myguestbook (PHP)
BUGTRAQ
20030221 Myguestbook (PHP)
BID
6906
Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.
CVE-2003-1242
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:25.340-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-17T13:22:00.000-05:00
BUGTRAQ
20030219 XSS and Path Disclosure in Sage
XF
sage-module-path-disclosure(11372)
BID
6893
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
CVE-2003-1243
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:50.993-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030219 XSS and Path Disclosure in Sage
BID
6894
XF
sage-mod-xss(11371)
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
cpe:/a:phpbb_group:phpbb:2.0.0
cpe:/a:phpbb_group:phpbb:2.0.1
cpe:/a:phpbb_group:phpbb:2.0.2
CVE-2003-1244
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:25.637-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-17T13:28:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030220 phpBB Security Bugs
XF
phpbb-pageheader-sql-injection(11376)
BID
6888
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2003-1245
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.040-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030224 Mambo SiteServer exploit gains administrative privileges
BID
6926
XF
mambo-sessionid-gain-privileges(11398)
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
cpe:/a:pedestal_software:integrity_protection_driver:1.2
cpe:/a:pedestal_software:integrity_protection_driver:1.3
CVE-2003-1246
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:25.933-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-17T13:34:00.000-05:00
BUGTRAQ
20030103 Pedestal Software Security Notice
BUGTRAQ
20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)
XF
ipd-ntcreatesymboliclinkobject-subs-symlink(10979)
BID
6511
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
cpe:/a:positive_software:h-sphere:2.3_rc3
CVE-2003-1247
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:26.090-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-17T13:37:00.000-05:00
ALLOWS_USER_ACCESS
MISC
http://psoft.net/misc/webshell_patch.html
XF
hsphere-webshell-readfile-bo(10999)
XF
hsphere-webshell-diskusage-bo(11002)
XF
hsphere-webshell-flist-bo(11003)
BUGTRAQ
20030106 Remote root vuln in HSphere WebShell
BID
6527
BID
6537
BID
6538
BID
6540
SECTRACK
1005893
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.
cpe:/a:positive_software:h-sphere:2.3_rc3
CVE-2003-1248
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:26.247-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-17T13:41:00.000-05:00
ALLOWS_USER_ACCESS
MISC
http://psoft.net/misc/webshell_patch.html
XF
hsphere-webshell-encodefilename-execution(11001)
BUGTRAQ
20030106 Remote root vuln in HSphere WebShell
BID
6537
BID
6539
SECTRACK
1005893
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
cpe:/a:businessobjects:webintelligence:2.7.1
CVE-2003-1249
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:26.387-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-17T13:43:00.000-05:00
ALLOWS_USER_ACCESS
VULNWATCH
20030109 WebIntelligence session hijacking vulnerability
XF
webintelligence-session-hijacking(11026)
BUGTRAQ
20030109 WebIntelligence session hijacking vulnerability
BID
6569
SECTRACK
1005906
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
cpe:/h:efficient_networks:5861_dsl_router:5.3.80_firmware
CVE-2003-1250
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:26.543-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-01-17T13:46:00.000-05:00
VULNWATCH
20030110 Efficient Networks 5861 DSL Router
SECTRACK
1005980
XF
efficient-dsl-portscan-dos(11032)
BUGTRAQ
20030110 Efficient Networks 5861 DSL Router
BUGTRAQ
20030123 5861 IP Filtering issues
BID
6573
SECTRACK
1005910
Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap.
cpe:/a:nx:n_x_web_content_management_system_2002:prerelease1
CVE-2003-1251
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:26.683-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-17T13:48:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030102 N/X (PHP)
XF
nx-file-include(10969)
BID
6500
The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.
cpe:/a:kelli_shaver:s8forum:3.0
CVE-2003-1252
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:26.823-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-17T13:50:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030105 A security vulnerability in S8Forum
XF
s8forum-register-command-execution(10974)
BUGTRAQ
20030105 A security vulnerability in S8Forum
BID
6547
SECTRACK
1005881
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
cpe:/a:sangwan_kim:bookmark4u:1.8.3
CVE-2003-1253
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:26.980-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-18T15:39:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities
XF
bookmark4u-file-include(11009)
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
CVE-2003-1254
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:27.120-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-18T15:44:00.000-05:00
BUGTRAQ
20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities
XF
apb-apbsettings-file-include(11010)
BID
6545
Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code.
cpe:/a:active_php_bookmarks:active_php_bookmarks:1.1.01
CVE-2003-1255
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.103-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities
BID
6546
XF
apb-addbookmark-authentication-bypass(11011)
add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter.
cpe:/a:e-theni:e-theni
CVE-2003-1256
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:27.433-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-18T15:49:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030106 E-theni (PHP)
XF
etheni-afflistelangue-file-include(11013)
BUGTRAQ
20030106 E-theni (PHP)
BID
6970
aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.
cpe:/a:e-theni:e-theni
CVE-2003-1257
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:27.573-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-18T15:51:00.000-05:00
VULNWATCH
20030106 E-theni (PHP)
XF
etheni-findthenihome-information-disclosure(11012)
BUGTRAQ
20030106 E-theni (PHP)
find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo.
cpe:/a:versatilebulletinboard:versatilebulletinboard:0.9.5
cpe:/a:versatilebulletinboard:versatilebulletinboard:0.9.6
CVE-2003-1258
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:27.730-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-18T15:53:00.000-05:00
ALLOWS_OTHER_ACCESS
VULNWATCH
20030110 vulnerability in versatile BulletinBoard Allows Gaining Administrative Privileges.
XF
vbb-unauthorized-privileges(11044)
activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid.
CVE-2003-1259
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:27.887-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-19T09:42:00.000-05:00
ALLOWS_USER_ACCESS
BUGTRAQ
20030104 CuteFTP: buffer overflow
XF
cuteftp-ftp-banner-bo(10984)
BUGTRAQ
20030618 Re: CuteFTP 5.0 XP, Buffer Overflow
BID
6518
Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
cpe:/a:globalscape:cuteftp:5.0
CVE-2003-1260
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:28.073-04:00
7.6
NETWORK
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2006-01-19T09:42:00.000-05:00
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030118 CuteFTP 5.0 XP, Buffer Overflow
BUGTRAQ
20030205 Re: CuteFTP 5.0 XP, Buffer Overflow
FULLDISC
20030107 CuteFTP 5.0 XP, Buffer Overflow
XF
cuteftp-list-command-bo(11093)
BUGTRAQ
20030618 Re: CuteFTP 5.0 XP, Buffer Overflow
BID
6642
Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.
cpe:/a:globalscape:cuteftp:5.0
cpe:/a:globalscape:cuteftp:5.0.1
CVE-2003-1261
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:28.213-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-01-19T09:45:00.000-05:00
BUGTRAQ
20030205 Re: CuteFTP 5.0 XP, Buffer Overflow
XF
cuteftp-url-clipboard-bo(11275)
BUGTRAQ
20030206 Re: CuteFTP 5.0 XP, Buffer Overflow
BUGTRAQ
20030618 Re: CuteFTP 5.0 XP, Buffer Overflow
BID
6786
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.
cpe:/a:http_fetcher:http_fetcher_library:1.0.0
cpe:/a:http_fetcher:http_fetcher_library:1.0.1
CVE-2003-1262
2003-12-31T00:00:00.000-05:00
2016-10-17T22:39:36.967-04:00
6.4
NETWORK
LOW
NONE
NONE
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030107 GLSA: http-fetcher
XF
http-fetcher-httpfetch-bo(11000)
GENTOO
GLSA-200301-6
BUGTRAQ
20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.
BID
6531
Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value.
cpe:/a:brown_bear_software:ical:3.7
CVE-2003-1263
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:28.527-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-01-19T09:49:00.000-05:00
BUGTRAQ
20030103 ical 3.7 remote dos
XF
ical-icalexe-port-dos(10973)
BID
6505
BID
6506
ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name.
cpe:/h:d-link:di-614%2b:2.0
cpe:/h:longshine_technologie:longshine_wireless_ethernet_access_point:lcs-883r-ac-b
CVE-2003-1264
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:28.683-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-19T09:52:00.000-05:00
XF
longshine-ap-tftp-access(10997)
BUGTRAQ
20030106 Longshine WLAN Access-Point LCS-883R VU#310201
BUGTRAQ
20030106 Re: Longshine WLAN Access-Point LCS-883R VU#310201
BID
6533
SECTRACK
1005897
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
cpe:/a:mozilla:mozilla:5.0
cpe:/a:netscape:navigator:7.0
CVE-2003-1265
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:28.823-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-19T09:53:00.000-05:00
BUGTRAQ
20030101 Potential disclosure of sensitive information in Netscape 7.0 email client
XF
netscape-email-deletion-failure(10963)
BID
6499
SECTRACK
1005871
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
cpe:/a:etype:eserv:2.92
cpe:/a:etype:eserv:2.93
cpe:/a:etype:eserv:2.94
cpe:/a:etype:eserv:2.95
cpe:/a:etype:eserv:2.96
cpe:/a:etype:eserv:2.97
cpe:/a:etype:eserv:2.98
CVE-2003-1266
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:28.980-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-01-19T09:56:00.000-05:00
BUGTRAQ
20030104 EServ/2.97 remote DoS
XF
eserv-remote-data-dos(10975)
BID
6519
BID
6520
BID
6521
BID
6522
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
cpe:/a:steve_poulsen:guildftpd:0.999
CVE-2003-1267
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:29.137-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-01-19T10:26:00.000-05:00
XF
guildftpd-aux-port-dos(10964)
MISC
http://www.securiteam.com/windowsntfocus/5SP030A8UO.html
SECTRACK
1005864
GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1.
cpe:/a:urlogy:a.shop.kart:2.0.3
CVE-2003-1268
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:29.293-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-19T14:10:00.000-05:00
ALLOWS_OTHER_ACCESS
MISC
http://www.centaura.com.ar/infosec/adv/ashopkart.txt
XF
ashopkart-multiple-sql-injection(11029)
BUGTRAQ
20030108 a.shopKart Shopping Cart remote vulnerabilities
BID
6558
SECTRACK
1005903
Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.
cpe:/a:an:an-http:1.41e
CVE-2003-1269
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:29.447-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-19T14:40:00.000-05:00
XF
an-http-path-disclosure(10976)
BUGTRAQ
20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack
BID
6528
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message.
cpe:/a:an:an-http:1.41e
CVE-2003-1270
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:29.590-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-01-20T08:48:00.000-05:00
XF
an-http-script-dos(10978)
BUGTRAQ
20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack
AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability.
cpe:/a:an:an-http:1.41e
CVE-2003-1271
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:29.747-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-20T09:10:00.000-05:00
XF
an-http-script-xss(10977)
BUGTRAQ
20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack
BID
6529
Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script.
cpe:/a:nullsoft:winamp:3.0
CVE-2003-1272
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.167-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030104 WinAmp v.3.0: buffer overflow
XF
winamp-b4s-playlistname-bo(10980)
BID
6515
BID
6516
XF
winamp-b4s-path-bo(10981)
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
cpe:/a:nullsoft:winamp:3.0
CVE-2003-1273
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.213-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030104 WinAmp v.3.0: buffer overflow
BID
6517
XF
winamp-b4s-playlistname-dos(10982)
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
cpe:/a:nullsoft:winamp:3.0
CVE-2003-1274
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.260-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030104 WinAmp v.3.0: buffer overflow
XF
winamp-b4s-path-dos(10983)
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
cpe:/a:microsoft:pocket_ie:3.0
CVE-2003-1275
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:30.340-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-01-20T10:15:00.000-05:00
BUGTRAQ
20030103 JS Bug makes it possible to deliberately crash Pocket PC IE
XF
pie-javascript-objectinnerhtml-dos(11004)
BID
6507
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
cpe:/a:nettelephone:nettelephone:3.5.6
CVE-2003-1276
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:30.497-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-20T10:18:00.000-05:00
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030103 Multiple Issues in Nettelephone Dialer
XF
nettelephone-insecure-account-information(11007)
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts.
cpe:/a:yabb:yabb:1.5.0
CVE-2003-1277
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:30.650-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-20T10:29:00.000-05:00
XF
yabb-newstemplate-xss(10989)
XF
yabb-se-index-xss(10990)
MISC
http://www.securiteam.com/unixfocus/5BP051F8VE.html
MISC
http://www.securiteam.com/unixfocus/5BP061F8US.html
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html
cpe:/a:infopop:opentopic:2.3.1
CVE-2003-1278
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:30.793-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-20T10:50:00.000-05:00
XF
opentopic-img-xss(10985)
BUGTRAQ
20030104 OpenTopic security hole
BID
6523
Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.
CVE-2003-1279
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:30.947-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-20T10:53:00.000-05:00
ALLOWS_USER_ACCESS
XF
splus-tmp-file-symlink(11005)
BUGTRAQ
20030105 S-plus /tmp usage
BID
6530
SECTRACK
1005896
S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html.
cpe:/a:eekim:cgihtml:1.69
CVE-2003-1280
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:31.090-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-20T10:54:00.000-05:00
XF
cgihtml-dotdot-directory-traversal(11022)
BUGTRAQ
20030107 Multiple cgihtml vulnerabilities
BID
6550
Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads.
cpe:/a:eekim:cgihtml:1.69
CVE-2003-1281
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:31.247-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-01-20T10:55:00.000-05:00
XF
cgihtml-tmpfile-symlink(11023)
BUGTRAQ
20030107 Multiple cgihtml vulnerabilities
BID
6552
cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files.
CVE-2003-1282
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:31.387-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-01-20T10:58:00.000-05:00
XF
ibm-netdata-view-variables(11016)
MISC
http://www.securiteam.com/securitynews/5CP061F8VS.html
SECTRACK
1005890
IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.
cpe:/a:kazaa:kazaa_media_desktop:2.0
CVE-2003-1283
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:31.527-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-01-20T10:59:00.000-05:00
ALLOWS_USER_ACCESS
BUGTRAQ
20030107 KaZaA - Bad Zone
XF
kazaa-ad-local-zone(11031)
BID
6543
KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code.
CVE-2003-1284
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.323-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SECTRACK
1007819
IDEFENSE
20030925 Sambar Server Multiple Vulnerabilities
CONFIRM
http://www.sambar.com/security.htm
XF
sambar-multiple-vulnerabilities(13305)
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe.
cpe:/a:sambar:sambar_server:5.0
cpe:/a:sambar:sambar_server:5.0:beta1
cpe:/a:sambar:sambar_server:5.0:beta2
cpe:/a:sambar:sambar_server:5.0:beta3
cpe:/a:sambar:sambar_server:5.0:beta4
cpe:/a:sambar:sambar_server:5.0:beta5
cpe:/a:sambar:sambar_server:5.0:beta6
cpe:/a:sambar:sambar_server:5.1
cpe:/a:sambar:sambar_server:5.1:beta1
cpe:/a:sambar:sambar_server:5.1:beta2
cpe:/a:sambar:sambar_server:5.1:beta3
cpe:/a:sambar:sambar_server:5.1:beta4
cpe:/a:sambar:sambar_server:5.1:beta5
cpe:/a:sambar:sambar_server:5.2
cpe:/a:sambar:sambar_server:5.3
cpe:/a:sambar:sambar_server:6.0:beta1
cpe:/a:sambar:sambar_server:6.0:beta2
cpe:/a:sambar:sambar_server:6.0:beta3
cpe:/a:sambar:sambar_server:6.0:beta4
cpe:/a:sambar:sambar_server:6.0:beta5
CVE-2003-1285
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.387-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1007819
IDEFENSE
20030925 Sambar Server Multiple Vulnerabilities
CONFIRM
http://www.sambar.com/security.htm
XF
sambar-multiple-vulnerabilities(13305)
XF
sambar-multiple-xss(16056)
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).
cpe:/a:sambar:sambar_server:5.0
cpe:/a:sambar:sambar_server:5.0:beta1
cpe:/a:sambar:sambar_server:5.0:beta2
cpe:/a:sambar:sambar_server:5.0:beta3
cpe:/a:sambar:sambar_server:5.0:beta4
cpe:/a:sambar:sambar_server:5.0:beta5
cpe:/a:sambar:sambar_server:5.0:beta6
cpe:/a:sambar:sambar_server:5.1
cpe:/a:sambar:sambar_server:5.1:beta1
cpe:/a:sambar:sambar_server:5.1:beta2
cpe:/a:sambar:sambar_server:5.1:beta3
cpe:/a:sambar:sambar_server:5.1:beta4
cpe:/a:sambar:sambar_server:5.1:beta5
cpe:/a:sambar:sambar_server:5.2
cpe:/a:sambar:sambar_server:5.3
cpe:/a:sambar:sambar_server:6.0:beta1
cpe:/a:sambar:sambar_server:6.0:beta2
cpe:/a:sambar:sambar_server:6.0:beta3
cpe:/a:sambar:sambar_server:6.0:beta4
cpe:/a:sambar:sambar_server:6.0:beta5
CVE-2003-1286
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.463-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20040430 SECURITY.NNOV: Sambar security quest
SECTRACK
1007819
IDEFENSE
20030925 Sambar Server Multiple Vulnerabilities
CONFIRM
http://www.sambar.com/security.htm
BID
10256
XF
sambar-http-gain-access(16054)
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
cpe:/a:sambar:sambar_server:5.0
cpe:/a:sambar:sambar_server:5.0:beta1
cpe:/a:sambar:sambar_server:5.0:beta2
cpe:/a:sambar:sambar_server:5.0:beta3
cpe:/a:sambar:sambar_server:5.0:beta4
cpe:/a:sambar:sambar_server:5.0:beta5
cpe:/a:sambar:sambar_server:5.0:beta6
cpe:/a:sambar:sambar_server:5.1
cpe:/a:sambar:sambar_server:5.1:beta1
cpe:/a:sambar:sambar_server:5.1:beta2
cpe:/a:sambar:sambar_server:5.1:beta3
cpe:/a:sambar:sambar_server:5.1:beta4
cpe:/a:sambar:sambar_server:5.1:beta5
cpe:/a:sambar:sambar_server:5.2
cpe:/a:sambar:sambar_server:5.3
cpe:/a:sambar:sambar_server:6.0:beta1
cpe:/a:sambar:sambar_server:6.0:beta2
CVE-2003-1287
2003-12-31T00:00:00.000-05:00
2017-07-10T21:29:51.540-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20040430 SECURITY.NNOV: Sambar security quest
SECTRACK
1007819
IDEFENSE
20030925 Sambar Server Multiple Vulnerabilities
CONFIRM
http://www.sambar.com/security.htm
XF
sambar-post-code-execution(16059)
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
cpe:/a:vserver:linux-vserver:1.22
CVE-2003-1288
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:32.447-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-06-15T14:19:00.000-04:00
CONFIRM
http://linux-vserver.org/ChangeLog
MLIST
[Vserver] 20031218 SMP oops 2.4.23 v1.22
MLIST
[Vserver] 20031219 Re: SMP oops 2.4.23 v1.22
MLIST
[Vserver] 20031220 Re: SMP oops 2.4.23 v1.22
Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.
CVE-2003-1289
2003-12-31T00:00:00.000-05:00
2017-07-19T21:29:01.237-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
FREEBSD
FreeBSD-SA-03:10
SECTRACK
1007460
XF
freebsd-ibcs2-kernel-memory(12892)
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
cpe:/a:bea:weblogic_server:6.0::win32
cpe:/a:bea:weblogic_server:6.0:sp1:express
cpe:/a:bea:weblogic_server:6.0:sp1:win32
cpe:/a:bea:weblogic_server:6.0:sp2:express
cpe:/a:bea:weblogic_server:6.0:sp2:win32
cpe:/a:bea:weblogic_server:6.1::win32
cpe:/a:bea:weblogic_server:6.1:sp1:express
cpe:/a:bea:weblogic_server:6.1:sp1:win32
cpe:/a:bea:weblogic_server:6.1:sp2:express
cpe:/a:bea:weblogic_server:6.1:sp2:win32
cpe:/a:bea:weblogic_server:6.1:sp3:express
cpe:/a:bea:weblogic_server:6.1:sp3:win32
cpe:/a:bea:weblogic_server:6.1:sp4
cpe:/a:bea:weblogic_server:6.1:sp4:express
cpe:/a:bea:weblogic_server:6.1:sp4:win32
cpe:/a:bea:weblogic_server:6.1:sp5
cpe:/a:bea:weblogic_server:6.1:sp5:express
cpe:/a:bea:weblogic_server:6.1:sp5:win32
cpe:/a:bea:weblogic_server:6.1:sp6
cpe:/a:bea:weblogic_server:6.1:sp6:win32
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp4
cpe:/a:bea:weblogic_server:7.0:sp4:express
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0:sp5
cpe:/a:bea:weblogic_server:7.0:sp5:express
cpe:/a:bea:weblogic_server:7.0:sp5:win32
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp3
cpe:/a:bea:weblogic_server:7.0.0.1:sp3:express
cpe:/a:bea:weblogic_server:7.0.0.1:sp4
cpe:/a:bea:weblogic_server:7.0.0.1:sp4:express
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:8.1::win32
cpe:/a:bea:weblogic_server:8.1:sp1
cpe:/a:bea:weblogic_server:8.1:sp1:express
cpe:/a:bea:weblogic_server:8.1:sp1:win32
cpe:/a:bea:weblogic_server:8.1:sp2
cpe:/a:bea:weblogic_server:8.1:sp2:express
cpe:/a:bea:weblogic_server:8.1:sp2:win32
cpe:/a:bea:weblogic_server:8.1:sp3
cpe:/a:bea:weblogic_server:8.1:sp3:express
cpe:/a:bea:weblogic_server:8.1:sp3:win32
cpe:/a:bea:weblogic_server:8.1:sp4
cpe:/a:bea:weblogic_server:8.1:sp4:express
cpe:/a:bea:weblogic_server:8.1:sp4:win32
CVE-2003-1290
2003-12-31T00:00:00.000-05:00
2017-07-19T21:29:01.393-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BEA
BEA03-43.00
BID
16215
BID
9034
XF
weblogic-mbeanhome-obtain-information(13752)
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
cpe:/o:vmware:esx:1.5.2:patch1
cpe:/o:vmware:esx:1.5.2:patch2
cpe:/o:vmware:esx:1.5.2:patch3
CVE-2003-1291
2003-12-31T00:00:00.000-05:00
2018-10-30T12:26:23.230-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://www.vmware.com/download/esx/esx152-patch4.html
CONFIRM
http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1108
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.
cpe:/a:ashwebstudio:ashnews:0.83
CVE-2003-1292
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:18.997-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
FULLDISC
20060130 Re: ashnews Cross-Site Scripting Vulnerability
FULLDISC
20060131 Re: ashnews Cross-Site Scripting Vulnerability
FULLDISC
20060131 Re: ashnews Cross-Site Scripting Vulnerability
CONFIRM
http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
BUGTRAQ
20030720 sorry, wrong file
BID
16436
BID
18248
EXPLOIT-DB
1864
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.
cpe:/a:nukedweb:guestbookhost
CVE-2003-1293
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:33.370-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2006-02-07T12:26:00.000-05:00
BUGTRAQ
20030724 GuestBookHost : Cross Site Scripting
BID
8025
Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook.
cpe:/a:xscreensaver:xscreensaver:4.05_5cl
cpe:/a:xscreensaver:xscreensaver:4.05_6
cpe:/a:xscreensaver:xscreensaver:4.05_6a
cpe:/a:xscreensaver:xscreensaver:4.05_150
cpe:/a:xscreensaver:xscreensaver:4.07_2
cpe:/a:xscreensaver:xscreensaver:4.08_29135cl
cpe:/a:xscreensaver:xscreensaver:4.09_0
cpe:/a:xscreensaver:xscreensaver:4.10_4
cpe:/a:xscreensaver:xscreensaver:4.10_6
cpe:/a:xscreensaver:xscreensaver:4.10_8
cpe:/a:xscreensaver:xscreensaver:4.10_15
cpe:/a:xscreensaver:xscreensaver:4.11_0
cpe:/a:xscreensaver:xscreensaver:4.12_58
cpe:/a:xscreensaver:xscreensaver:4.12_62
cpe:/a:xscreensaver:xscreensaver:4.14_0
cpe:/a:xscreensaver:xscreensaver:4.14_2
cpe:/a:xscreensaver:xscreensaver:4.14_4
cpe:/a:xscreensaver:xscreensaver:4.14_5
CVE-2003-1294
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:19.060-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SGI
20060602-01-U
MISC
http://jwz.livejournal.com/310943.html
CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
CONFIRM
http://www.novell.com/linux/download/updates/90_i386.html
REDHAT
RHSA-2006:0498
BID
9125
VUPEN
ADV-2006-1948
CONFIRM
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968
CONFIRM
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
cpe:/o:redhat:enterprise_linux:3.0::advanced_servers
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:redhat:enterprise_linux:3.0::workstation
cpe:/o:suse:suse_linux:9.0
CVE-2003-1295
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:33.713-04:00
2.1
LOCAL
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-03-01T11:04:00.000-05:00
CONFIRM
http://www.novell.com/linux/download/updates/90_i386.html
BID
9125
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
CVE-2003-1296
2003-12-31T00:00:00.000-05:00
2017-07-19T21:29:01.470-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)
XF
easyfilesharing-title-dos(13360)
Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data in the Your Message field, possibly a long argument.
CVE-2003-1297
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:34.057-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-05-01T11:07:00.000-04:00
BUGTRAQ
20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)
Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.
cpe:/a:anyportal_php:anyportal_php:0.1
CVE-2003-1298
2003-12-31T00:00:00.000-05:00
2017-07-19T21:29:01.533-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
MISC
http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152
BID
17197
VUPEN
ADV-2006-1053
XF
anyportalphp-siteman-directory-traversal(25396)
Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).
cpe:/a:pablo_software_solutions:baby_ftp_server:1.2
CVE-2003-1299
2003-12-31T00:00:00.000-05:00
2016-11-28T14:06:24.817-05:00
4.0
NETWORK
LOW
SINGLE_INSTANCE
PARTIAL
NONE
NONE
http://nvd.nist.gov
MISC
http://packetstormsecurity.org/0305-exploits/baby.txt
CONFIRM
http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
BID
7749
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.
cpe:/a:pablo_software_solutions:baby_ftp_server:1.2
CVE-2003-1300
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:34.447-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-06-15T14:26:00.000-04:00
MISC
http://packetstormsecurity.org/0305-exploits/baby.txt
CONFIRM
http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation.
cpe:/a:sun:jre:1.4.2
cpe:/a:sun:jre:1.4.2_1
cpe:/a:sun:jre:1.4.2_2
cpe:/a:sun:jre:1.4.2_3
cpe:/a:sun:jre:1.4.2_4
cpe:/a:sun:jre:1.4.2_5
cpe:/a:sun:jre:1.4.2_6
cpe:/a:sun:jre:1.4.2_7
cpe:/a:sun:jre:1.4.2_8
cpe:/a:sun:jre:1.4.2_9
cpe:/a:sun:jre:1.4.2_10
cpe:/a:sun:jre:1.5.0
cpe:/a:sun:jre:1.5.0:update1
cpe:/a:sun:jre:1.5.0:update2
cpe:/a:sun:jre:1.5.0:update3
cpe:/a:sun:jre:1.5.0:update4
cpe:/a:sun:jre:1.5.0:update5
CVE-2003-1301
2003-12-31T00:00:00.000-05:00
2018-10-30T12:26:21.640-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
MISC
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719
MISC
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300
MISC
http://www.illegalaccess.org/exploit/ObjectStackOverflow.html
BUGTRAQ
20060521 Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06
BID
18058
Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
cpe:/a:php:php:4.2::dev
cpe:/a:php:php:4.2.0
cpe:/a:php:php:4.2.1
cpe:/a:php:php:4.2.2
cpe:/a:php:php:4.2.3
cpe:/a:php:php:4.3.0
CVE-2003-1302
2003-12-31T00:00:00.000-05:00
2018-10-30T12:25:35.387-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-06-15T12:42:00.000-04:00
CONFIRM
http://bugs.php.net/bug.php?id=22048
CONFIRM
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
cpe:/a:php:php:4.3.0
cpe:/a:php:php:4.3.1
cpe:/a:php:php:4.3.2
CVE-2003-1303
2003-12-31T00:00:00.000-05:00
2018-10-30T12:25:35.387-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://bugs.php.net/bug.php?id=24150
CONFIRM
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.
cpe:/a:early_impact:productcart:1.1
cpe:/a:early_impact:productcart:1.2
cpe:/a:early_impact:productcart:1.3
cpe:/a:early_impact:productcart:1.4
cpe:/a:early_impact:productcart:1.5
cpe:/a:early_impact:productcart:1.6_b
cpe:/a:early_impact:productcart:1.6_b001
cpe:/a:early_impact:productcart:1.6_b002
cpe:/a:early_impact:productcart:1.6_b003
cpe:/a:early_impact:productcart:1.6_br
cpe:/a:early_impact:productcart:1.6_br001
cpe:/a:early_impact:productcart:1.6_br003
cpe:/a:early_impact:productcart:1.6b
cpe:/a:early_impact:productcart:1.6b001
cpe:/a:early_impact:productcart:1.6b002
cpe:/a:early_impact:productcart:1.6b003
cpe:/a:early_impact:productcart:1.6br
cpe:/a:early_impact:productcart:1.6br001
cpe:/a:early_impact:productcart:1.6br003
cpe:/a:early_impact:productcart:1.5002
cpe:/a:early_impact:productcart:1.5003
cpe:/a:early_impact:productcart:1.5003r
cpe:/a:early_impact:productcart:1.5004
cpe:/a:early_impact:productcart:1.6002
cpe:/a:early_impact:productcart:1.6003
cpe:/a:early_impact:productcart:2
cpe:/a:early_impact:productcart:2.0
CVE-2003-1304
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:48.017-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
FULLDISC
20030705 [Vulnerability] : ProductCart database file can be downloaded remotely
MISC
http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf
BUGTRAQ
20060622 productcart soltan_defacer
BID
8112
XF
shopping-cart-database-access(9816)
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.
CVE-2003-1305
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:35.337-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2006-09-01T17:18:00.000-04:00
BUGTRAQ
20030707 Internet Explorer Crash
Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page.
CVE-2003-1306
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:35.480-04:00
2.6
NETWORK
HIGH
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-10-16T11:23:00.000-04:00
MLIST
[WWW-Mobile-Code] 20030706 can - IIS Version Disclosure
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
cpe:/a:apache:http_server:2.0
cpe:/a:apache:http_server:2.0.9
cpe:/a:apache:http_server:2.0.28
cpe:/a:apache:http_server:2.0.28:beta
cpe:/a:apache:http_server:2.0.28:beta:win32
cpe:/a:apache:http_server:2.0.32
cpe:/a:apache:http_server:2.0.32:beta:win32
cpe:/a:apache:http_server:2.0.34:beta:win32
cpe:/a:apache:http_server:2.0.35
cpe:/a:apache:http_server:2.0.36
cpe:/a:apache:http_server:2.0.37
cpe:/a:apache:http_server:2.0.38
cpe:/a:apache:http_server:2.0.39
cpe:/a:apache:http_server:2.0.40
cpe:/a:apache:http_server:2.0.41
cpe:/a:apache:http_server:2.0.42
cpe:/a:apache:http_server:2.0.43
cpe:/a:apache:http_server:2.0.44
cpe:/a:apache:http_server:2.0.45
cpe:/a:apache:http_server:2.0.46
cpe:/a:apache:http_server:2.0.46::win32
cpe:/a:apache:http_server:2.0.47
cpe:/a:apache:http_server:2.0.48
CVE-2003-1307
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:48.497-04:00
4.3
LOCAL
LOW
SINGLE_INSTANCE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
MISC
http://bugs.php.net/38915
MISC
http://hackerdom.ru/~dimmo/phpexpl.c
BUGTRAQ
20031226 Hijacking Apache https by mod_php
BUGTRAQ
20061019 PHP "exec", "system", "popen" problem
BUGTRAQ
20061020 Re: PHP "exec", "system", "popen" (+small POC)
BID
9302
** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
cpe:/a:fvwm:fvwm:2.4.17
cpe:/a:fvwm:fvwm:2.5.8
CVE-2003-1308
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:35.837-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-11-20T13:52:00.000-05:00
CONFIRM
http://www.fvwm.org/news/
BID
9161
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
cpe:/a:zonelabs:zonealarm:3.7.202
cpe:/a:zonelabs:zonealarm:3.7.211::plus
cpe:/a:zonelabs:zonealarm:3.7.211::pro
CVE-2003-1309
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:04.997-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030805 Local ZoneAlarm Firewall (probably all versions - tested on v3.1)
CONFIRM
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
BID
8342
XF
device-driver-gain-privileges(12824)
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
cpe:/a:symantec:norton_antivirus:2002
cpe:/a:symantec:norton_antivirus:2003
CVE-2003-1310
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.060-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BID
8329
XF
device-driver-gain-privileges(12824)
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
CVE-2003-1311
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:36.290-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-12-18T17:43:00.000-05:00
ALLOWS_OTHER_ACCESS
MLIST
[curl-users] 20030529 Re: https, redirection and authentication using POST
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
CVE-2003-1312
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:36.463-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2006-12-19T09:25:00.000-05:00
MLIST
[curl-users] 20030529 Re: https, redirection and authentication using POST
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
cpe:/a:eternalmart:mailing_list_manager:1.32
CVE-2003-1313
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:36.620-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2006-12-28T16:18:00.000-05:00
ALLOWS_OTHER_ACCESS
SECTRACK
1007884
VULNWATCH
20031004 EMML, EMGB : Include() hole
BID
8767
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php.
cpe:/a:eternalmart:eternalmart_guestbook:1.1
CVE-2003-1314
2003-12-31T00:00:00.000-05:00
2017-10-18T21:29:01.470-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1007885
VULNWATCH
20031004 EMML, EMGB : Include() hole
BID
21720
BID
8767
EXPLOIT-DB
2980
PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.
cpe:/a:neocrome:land_down_under:701
CVE-2003-1315
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.123-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1008416
MISC
http://www.neocrome.net/index.php?m=single&id=76
MISC
http://www.neocrome.net/page.php?id=1250
BID
9168
XF
landdownunder-auth-sql-injection(13922)
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.
CVE-2003-1316
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.187-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SECTRACK
1007592
BID
8507
XF
endonesia-mod-path-disclosure(13042)
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2003-1317
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.247-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SECTRACK
1007592
BID
8506
XF
endonesia-mod-xss(13041)
Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2003-1318
2003-12-31T00:00:00.000-05:00
2016-10-17T22:39:38.437-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030713 TA-2003-07 Denial of Service Attack against Twilight WebServer v1.3.3.0
BID
22090
MISC
http://www.tripbit.org/advisories/twilight_advisory.txt
Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.
cpe:/a:smartftp:smartftp:1.0.973
CVE-2003-1319
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.327-04:00
7.6
NETWORK
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030608 [SmartFTP] Two Buffer Overflow Vulnerabilities
MISC
http://security.nnov.ru/docs4679.html
SECTRACK
1006956
BID
7858
BID
7861
XF
smartftp-pwd-directory-bo(12228)
XF
smartftp-long-list-bo(12231)
Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.
cpe:/h:sonicwall:firmware:6.4.0.1
CVE-2003-1320
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:37.667-04:00
5.1
NETWORK
HIGH
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-02-28T11:44:00.000-05:00
ALLOWS_OTHER_ACCESS
CERT-VN
VU#287771
MISC
http://www.kb.cert.org/vuls/id/AAMN-5L74VD
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.
cpe:/a:avant_force:avant_browser:8.2
CVE-2003-1321
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.390-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030821 Buffer overflow in Avant Browser 8.02
BID
8471
XF
avantbrowser-http-bo(12974)
Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
cpe:/a:atrium_software:mercur_mailserver:4.2
CVE-2003-1322
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:37.963-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2007-04-10T11:32:00.000-04:00
ALLOWS_ADMIN_ACCESS
XF
mercur-multiple-bo(12203)
BUGTRAQ
20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol
BID
7842
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
cpe:/a:elm_development_group:elm:2.4
CVE-2003-1323
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:38.150-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-04-10T11:38:00.000-04:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
cpe:/a:elmme-mailer:elm_me%2b:2.4
CVE-2003-1324
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:38.323-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-04-10T13:29:00.000-04:00
ALLOWS_OTHER_ACCESS
CONFIRM
http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz
Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group.
cpe:/a:valve_software:half-life_cstrike_dedicated_server:1.1.1.0
CVE-2003-1325
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:38.463-04:00
5.2
ADJACENT_NETWORK
MEDIUM
SINGLE_INSTANCE
NONE
NONE
COMPLETE
http://nvd.nist.gov
2007-04-12T18:29:00.000-04:00
MISC
http://aluigi.altervista.org/adv/csdos.txt
MISC
http://packetstormsecurity.org/0304-exploits/hl-headnut.c
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1326
2003-02-19T00:00:00.000-05:00
2018-10-12T17:33:51.917-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CIAC
N-038
XF
ie-dialog-zone-bypass(11258)
BID
6779
MS
MS03-004
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
cpe:/a:washington_university:wu-ftpd:2.6.2
CVE-2003-1327
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.450-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030922 Wu_ftpd all versions (not) vulnerability.
SECTRACK
1007775
BID
8668
SLACKWARE
SSA:2003-259-03
XF
wuftp-mailadmin-sockprintf-bo(13269)
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
cpe:/a:microsoft:ie:5.0.1
cpe:/a:microsoft:ie:5.0.1:sp1
cpe:/a:microsoft:ie:5.0.1:sp2
cpe:/a:microsoft:ie:5.0.1:sp3
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.5:sp1
cpe:/a:microsoft:ie:5.5:sp2
cpe:/a:microsoft:ie:6.0
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1328
2003-02-19T00:00:00.000-05:00
2018-10-12T17:33:52.697-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030206 showHelp("file:") disables security in IE - Sandblad advisory #11
CIAC
N-038
XF
ie-showhelp-zone-bypass(11259)
CERT-VN
VU#400577
BID
6780
MS
MS03-004
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
cpe:/a:washington_university:wu-ftpd:2.6.2
CVE-2003-1329
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:39.120-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
2007-05-23T17:00:00.000-04:00
CONFIRM
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
cpe:/a:clearswift_limited:mailsweeper:4.3.6_sp1::smtp
CVE-2003-1330
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.497-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BID
7226
XF
mailsweeper-onstrip-bypass-filter(11745)
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
cpe:/a:oracle:mysql:4.0.9:gamma
CVE-2003-1331
2003-12-31T00:00:00.000-05:00
2019-10-07T12:42:03.510-04:00
4.0
NETWORK
HIGH
NONE
NONE
PARTIAL
PARTIAL
http://nvd.nist.gov
FULLDISC
20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.
CONFIRM
http://bugs.mysql.com/bug.php?id=564
BID
7887
XF
mysql-mysqlrealconnect-bo(12337)
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
cpe:/a:samba:samba:2.2.7a
CVE-2003-1332
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.607-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
REDHAT
RHSA-2003:096
MISC
http://www.securiteam.com/exploits/5TP0M2AAKS.html
XF
samba-reply-nttrans-bo(12749)
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
cpe:/a:intersystems:cache_database:4.0.3
cpe:/a:intersystems:cache_database:4.0.4
cpe:/a:intersystems:cache_database:4.1.15
cpe:/a:intersystems:cache_database:4.1.16
cpe:/a:intersystems:cache_database:5
cpe:/a:intersystems:cache_database:5.0.3
cpe:/a:intersystems:cache_database:5.0.5
cpe:/a:intersystems:cache_database:5.0.12
cpe:/a:intersystems:cache_database:5.0.17
cpe:/a:intersystems:cache_database:5.0.19
cpe:/a:intersystems:cache_database:5.0.21
CVE-2003-1333
2003-12-31T00:00:00.000-05:00
2010-06-23T00:00:00.000-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2007-08-21T14:53:00.000-04:00
ALLOWS_ADMIN_ACCESS
CONFIRM
http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
cpe:/a:kai_blankenhorn_bitfolge:simple_and_nice_index_file:1.2.6
CVE-2003-1334
2003-12-31T00:00:00.000-05:00
2010-06-23T00:00:00.000-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2007-08-23T11:00:00.000-04:00
CONFIRM
http://www.bitfolge.de/snif-en.html
Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
cpe:/a:kai_blankenhorn_bitfolge:simple_and_nice_index_file:1.2.4
CVE-2003-1335
2003-12-31T00:00:00.000-05:00
2010-06-23T00:00:00.000-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2007-08-23T11:04:00.000-04:00
CONFIRM
http://www.bitfolge.de/snif-en.html
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
cpe:/a:mirc:mirc:6.1
CVE-2003-1336
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.670-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
NTBUGTRAQ
20031015 mIRC Buffer Overflow in irc protocol handler
MISC
http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html
BID
8819
XF
mirc-ircprotocol-execute-code(13405)
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
cpe:/a:aprelium_technologies:abyss_web_server:1.1.2
CVE-2003-1337
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.717-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
BUGTRAQ
20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection
BID
8062
XF
abyss-http-get-bo(12466)
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
cpe:/a:aprelium_technologies:abyss_web_server:1.1.2
CVE-2003-1338
2003-12-31T00:00:00.000-05:00
2010-06-23T00:00:00.000-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2007-09-24T17:06:00.000-04:00
BUGTRAQ
20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.
cpe:/a:ezmeeting:ezmeeting:3.3
cpe:/a:ezmeeting:ezmeeting:3.4
cpe:/a:ezmeeting:ezmeeting:3.5
CVE-2003-1339
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:19.183-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20031207 eZ Multiple Packages Stack Overflow Vulnerability
BUGTRAQ
20031211 eZ and eZphotoshare fixes
SECTRACK
1008412
MISC
http://www.governmentsecurity.org/archive/t5390.html
EXPLOIT-DB
133
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.
cpe:/a:phpnuke:php-nuke:5.6
cpe:/a:phpnuke:php-nuke:6.5
CVE-2003-1340
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:48.983-04:00
6.5
NETWORK
LOW
SINGLE_INSTANCE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3185
BUGTRAQ
20030530 Php-Nuke:users and admins password hashes vulnerability
BUGTRAQ
20070927 Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
cpe:/a:trend_micro:officescan:3.0::corporate
cpe:/a:trend_micro:officescan:3.0::corporate_for_windows_nt_server
cpe:/a:trend_micro:officescan:3.1.1::corporate_for_windows_nt_server
cpe:/a:trend_micro:officescan:3.5::corporate
cpe:/a:trend_micro:officescan:3.5::corporate_for_windows_nt_server
cpe:/a:trend_micro:officescan:3.11::corporate
cpe:/a:trend_micro:officescan:3.11::corporate_for_windows_nt_server
cpe:/a:trend_micro:officescan:3.13::corporate
cpe:/a:trend_micro:officescan:3.13::corporate_for_windows_nt_server
cpe:/a:trend_micro:officescan:3.54::corporate
cpe:/a:trend_micro:virus_buster:3.52::corporate
cpe:/a:trend_micro:virus_buster:3.53::corporate
cpe:/a:trend_micro:virus_buster:3.54::corporate
CVE-2003-1341
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:05.950-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
VULNWATCH
20030114 Assorted Trend Vulns Rev 2.0
CONFIRM
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353
BID
6616
XF
officescan-cgichkmasterpwd-auth-bypass(11059)
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
cpe:/a:trend_micro:virus_control_system:1.8
CVE-2003-1342
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.263-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030114 Assorted Trend Vulns Rev 2.0
VULNWATCH
20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0
BID
6617
XF
trend-vcs-activesupport-dos(11060)
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe.
cpe:/a:trend_micro:scanmail:3.8::microsoft_exchange
cpe:/a:trend_micro:scanmail:6.0::microsoft_exchange
CVE-2003-1343
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.357-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0
CONFIRM
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352
BID
6619
XF
scanmail-smgsmxcfg30-password-bypass(11061)
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".
cpe:/a:trend_micro:virus_control_system
CVE-2003-1344
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.560-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
VULNWATCH
20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0
BID
6618
XF
trend-vcs-weak-encryption(11063)
Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files.
cpe:/a:follett_software:webcollection_plus:5.00
CVE-2003-1345
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.623-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030114 Vulnerability in WebCollection Plus (TM)
BID
6574
XF
webcollection-plus-directory-traversal(11064)
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.
cpe:/h:d-link:dwl-900ap%2b:2.2
cpe:/h:d-link:dwl-900ap%2b:2.3
cpe:/h:d-link:dwl-900ap%2b:2.5
CVE-2003-1346
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.670-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030114 D-Link DWL-900AP+ Security Hole
BUGTRAQ
20030116 Re: D-Link DWL-900AP+ Security Hole
BID
6609
SECTRACK
1005926
XF
dlink-airplus-restore-default(11074)
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
cpe:/a:geeklog:geeklog:1.3.7
CVE-2003-1347
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.733-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3226
CONFIRM
http://www.geeklog.net/filemgmt/visit.php?lid=101
BUGTRAQ
20030114 Multiple XSS in Geeklog 1.3.7
BID
6601
BID
6602
BID
6603
BID
6604
XF
geeklog-php-scripts-xss(11075)
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
cpe:/a:ftls:guestbook:1.1
CVE-2003-1348
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.780-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3227
BUGTRAQ
20030125 ftls.org Guestbook 1.1 Script Injection
BID
6686
XF
guestbook-multiple-field-xss(11155)
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.
cpe:/a:thomas_krebs:niteserver_ftpd:1.83
CVE-2003-1349
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.827-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
VULNWATCH
20030115 Directory traversal vulnerabilities found in NITE ftp-server version 1.83
BID
6648
SECTRACK
1005923
XF
niteserver-dotdot-directory-traversal(11062)
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
cpe:/a:list_site_pro:list_site_pro:2.0
CVE-2003-1350
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.873-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3230
BUGTRAQ
20030124 List Site Pro v2 user account Hijacking vulnerablity
BID
6685
XF
listsitepro-account-hijacking(11156)
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
cpe:/a:greg_billock:edittag:1.1
CVE-2003-1351
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.937-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3231
BUGTRAQ
20030124 Vulnerability in edittag.pl
BID
6675
XF
edittag-dotdot-directory-traversal(11159)
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
cpe:/a:gabber:gabber:0.8.7
CVE-2003-1352
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:06.983-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030115 Gabber 0.8.7 leaks presence information without user authorization
BID
6624
XF
gabber-information-leak(11115)
Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing.
cpe:/a:lanifex:outreach_project_tool:0.946b
CVE-2003-1353
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.060-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030116 Outreach Project Tool
BID
6631
XF
opt-news-post-xss(11096)
Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field.
cpe:/a:gamespy3d:gamespy_3d:2.62
CVE-2003-1354
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.107-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030122 PivX Multi-Vendor Game Server dDoS Advisory
MISC
http://www.pivx.com/kristovich/adv/mk001/
MISC
http://www.securiteam.com/securitynews/5EP0O0K8UO.html
BID
6636
XF
battlefield-udp-query-dos(11084)
Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.
cpe:/a:electronic_arts:battlefield_1942:1.2
cpe:/a:electronic_arts:battlefield_1942:1.3
CVE-2003-1355
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.170-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030226 [VSA0307] Battlefield 1942 remote DoS
BID
6967
XF
battlefield-remoteconsole-username-dos(11426)
Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password.
cpe:/o:hp:hp-ux:10.01
cpe:/o:hp:hp-ux:10.10
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
CVE-2003-1356
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:19.263-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
HP
SSRT3454
BID
6640
XF
hpux-sort-file-handling(11107)
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.
cpe:/a:replicom:proxyview
CVE-2003-1357
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.327-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3228
BUGTRAQ
20030128 ProxyView default undocumented password
BID
6708
XF
proxyview-administrator-default-password(11185)
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
cpe:/o:hp:hp-ux:10.00
cpe:/o:hp:hp-ux:10.01
cpe:/o:hp:hp-ux:10.08
cpe:/o:hp:hp-ux:10.09
cpe:/o:hp:hp-ux:10.10
cpe:/o:hp:hp-ux:10.16
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:10.26
cpe:/o:hp:hp-ux:10.30
cpe:/o:hp:hp-ux:10.34
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.0.4
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
CVE-2003-1358
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.373-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3236
HP
HPSBUX0302-240
BUGTRAQ
20030710 [LSD] HP-UX security vulnerabilities
BID
6837
XF
hp-rsf3000-daemon-access(11312)
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.
cpe:/a:avaya:predictive_dialer_system:9.0
cpe:/a:avaya:predictive_dialer_system:11
cpe:/a:avaya:predictive_dialer_system:12
cpe:/o:hp:hp-ux:10.00
cpe:/o:hp:hp-ux:10.01
cpe:/o:hp:hp-ux:10.08
cpe:/o:hp:hp-ux:10.09
cpe:/o:hp:hp-ux:10.10
cpe:/o:hp:hp-ux:10.16
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:10.26
cpe:/o:hp:hp-ux:10.30
cpe:/o:hp:hp-ux:10.34
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.0.4
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
cpe:/o:hp:hp-ux:11.20
cpe:/o:hp:hp-ux:11.22
CVE-2003-1359
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:19.323-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3236
HP
HPSBUX0302-241
BUGTRAQ
20030610 [LSD] HP-UX security vulnerabilities
BID
6836
XF
hp-stmkfont-bo(11313)
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
cpe:/o:hp:hp-ux:10.00
cpe:/o:hp:hp-ux:10.01
cpe:/o:hp:hp-ux:10.08
cpe:/o:hp:hp-ux:10.09
cpe:/o:hp:hp-ux:10.10
cpe:/o:hp:hp-ux:10.16
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:10.24
cpe:/o:hp:hp-ux:10.26
cpe:/o:hp:hp-ux:10.30
cpe:/o:hp:hp-ux:10.34
CVE-2003-1360
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.483-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3236
HP
HPSBUX0302-243
BUGTRAQ
20030610 [LSD] HP-UX security vulnerabilities
BID
6834
XF
hp-landiag-lanadmin-bo(11314)
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
cpe:/a:veritas:bare_metal_restore
CVE-2003-1361
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.547-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030225 VERITAS Software Technical Advisory (fwd)
CONFIRM
http://seer.support.veritas.com/docs/252933.htm
CONFIRM
http://seer.support.veritas.com/docs/254442.htm
BID
6928
XF
veritas-bmr-root-access(11418)
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
cpe:/a:hp:bastille:b.02.00.05::hp-ux
CVE-2003-1362
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.593-04:00
7.8
NETWORK
LOW
NONE
COMPLETE
NONE
NONE
http://nvd.nist.gov
HP
HPSBUX0302-245
BID
6878
XF
hp-bastille-info-disclosure(11366)
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
cpe:/a:aprelium_technologies:abyss_web_server:1.1.2
CVE-2003-1363
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:44.477-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
2007-11-29T12:11:00.000-05:00
BUGTRAQ
20030212 Abyss WebServer Brute Force Vulnerability
XF
abyss-web-admin-bruteforce(11310)
BID
6842
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
cpe:/a:aprelium_technologies:abyss_web_server:1.1.2
CVE-2003-1364
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.657-04:00
8.5
NETWORK
LOW
NONE
NONE
PARTIAL
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030405 Abyss X1 1.1.2 remote crash
BID
7287
XF
abyss-http-get-dos(11718)
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
cpe:/a:perl:cgi_lite:2.0
CVE-2003-1365
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.700-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030211 Security bug in CGI::Lite::escape_dangerous_chars() function
CONFIRM
http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm
SREASON
3237
MISC
http://use.perl.org/~cbrooks/journal/10542
BUGTRAQ
20030211 Security bug in CGI::Lite::escape_dangerous_chars() function
BID
6833
XF
cgilite-shell-command-execution(11308)
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
cpe:/o:openbsd:openbsd:2.0
cpe:/o:openbsd:openbsd:2.1
cpe:/o:openbsd:openbsd:2.2
cpe:/o:openbsd:openbsd:2.3
cpe:/o:openbsd:openbsd:2.4
cpe:/o:openbsd:openbsd:2.5
cpe:/o:openbsd:openbsd:2.6
cpe:/o:openbsd:openbsd:2.7
cpe:/o:openbsd:openbsd:2.8
cpe:/o:openbsd:openbsd:2.9
cpe:/o:openbsd:openbsd:3.0
cpe:/o:openbsd:openbsd:3.1
cpe:/o:openbsd:openbsd:3.2
CVE-2003-1366
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.763-04:00
3.3
LOCAL
MEDIUM
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3238
BUGTRAQ
20030203 ASA-0001: OpenBSD chpass/chfn/chsh file content leak
BID
6748
SECTRACK
1006035
XF
openbsd-chpass-information-disclosure(11233)
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
cpe:/a:great_circle_associates:majordomo:1.94.4
cpe:/a:great_circle_associates:majordomo:1.94.5
cpe:/a:great_circle_associates:majordomo:2.0
CVE-2003-1367
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.827-04:00
7.8
NETWORK
LOW
NONE
COMPLETE
NONE
NONE
http://nvd.nist.gov
SREASON
3235
BUGTRAQ
20030204 Majordomo info leakage, all versions
BID
6761
XF
majordomo-whichaccess-email-disclosure(11243)
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
cpe:/o:electrasoft:ftp_client:9.49.01::32bit
CVE-2003-1368
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.873-04:00
6.4
NETWORK
LOW
NONE
NONE
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030204 Banner Buffer Overflows found in Multible FTP Clients
BID
6764
XF
32bit-ftp-banner-bo(11234)
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
cpe:/a:save_it_software_pty:bytecatcherftp:1.04b
CVE-2003-1369
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.937-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030204 Banner Buffer Overflows found in Multible FTP Clients
BID
6762
XF
bytecatcher-ftp-banner-bo(11235)
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
cpe:/a:nuked-klan:nuked-klan:1.2_beta
CVE-2003-1370
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:07.983-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030127 [SCSA-003] Multiple Cross Site Scripting & Script Injection Vulnerabilities in Nuked-Klan
BID
6697
BID
6699
BID
6700
XF
nuked-klan-index-xss(11176)
Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.
cpe:/a:nuked-klan:nuked-klan:1.3_beta
CVE-2003-1371
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.030-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan
BID
6917
XF
nukedklan-information-disclosure(11424)
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.
cpe:/a:myphpnuke:myphpnuke:1.8.8
CVE-2003-1372
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.093-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030219 myphpnuke xss
BID
6892
XF
phpbb-index-sql-injection(11376)
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
cpe:/a:phpbb_group:phpbb:1.4.0
cpe:/a:phpbb_group:phpbb:1.4.1
cpe:/a:phpbb_group:phpbb:1.4.2
cpe:/a:phpbb_group:phpbb:1.4.4
CVE-2003-1373
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.140-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030220 phpBB Security Bugs
BID
6889
XF
phpbb-auth-read-files(11407)
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
cpe:/o:hp:hp-ux:11
CVE-2003-1374
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.187-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030213 HPUX disable buffer overflow vulnerability
BID
6845
XF
hp-lp-disable-bo(11316)
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
cpe:/o:hp:hp-ux:10.20
cpe:/o:hp:hp-ux:11.00
cpe:/o:hp:hp-ux:11.04
cpe:/o:hp:hp-ux:11.11
CVE-2003-1375
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:19.387-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
SREASON
3264
HP
HPSBUX0305-258
BUGTRAQ
20030207 HPUX Wall Buffer Overflow
BID
6800
XF
hp-wall-bo(11272)
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
cpe:/a:winzip:winzip:8.0
CVE-2003-1376
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.297-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3265
BUGTRAQ
20030208 Yet another plaintext attack to ZIP encryption scheme.
BID
6805
XF
winzip-pkzip-weak-encryption(11296)
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
cpe:/a:sircd:sircd:0.4.0
cpe:/a:sircd:sircd:0.4.4
CVE-2003-1377
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.373-04:00
8.3
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030223 sircd proof-of-concept / advisory
BID
6924
XF
sircd-reverse-dns-bo(11409)
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
cpe:/a:microsoft:outlook:2000
cpe:/a:microsoft:outlook:2000:sp2
cpe:/a:microsoft:outlook:2000:sr1
cpe:/a:microsoft:outlook_express:6.0
CVE-2003-1378
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.420-04:00
8.8
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
NONE
http://nvd.nist.gov
BUGTRAQ
20030223 O UT LO OK E XPRE SS 6 .00 : broken
BUGTRAQ
20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken
BID
6923
XF
outlook-codebase-execute-programs(11411)
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
cpe:/h:point_clark_networks:clarkconnect:1.2::linux
CVE-2003-1379
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.483-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030225 clarkconnect(d) information disclosure
BID
6934
XF
clarkconnect-clarkconnectd-info-disclosure(11419)
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.
cpe:/h:bisonftp:bisonftp_server_4:r2
CVE-2003-1380
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.530-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP
BID
6873
XF
bisonftp-ls-view-files(11347)
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
cpe:/a:amxmod.net:amx_mod:0.9.2
CVE-2003-1381
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.623-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3258
BUGTRAQ
20030226 [VSA0308] Half-Life AMX-Mod remote (root) hole
BID
6968
XF
amx-amxsay-format-string(11427)
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
cpe:/a:instantservers_inc.:ismail:1.4.3
CVE-2003-1382
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.687-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3254
BUGTRAQ
20030227 ISMAIL (All Versions) Remote Buffer Overrun
BID
6972
XF
ismail-smtp-domain-bo(11432)
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
cpe:/a:logicworks:web_erp:0.1.4
CVE-2003-1383
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.733-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3257
BUGTRAQ
20030301 web-erp 0.1.4 database access vulnerability
BID
6996
XF
weberp-logicworks-ini-access(11443)
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
cpe:/a:py_software:py-livredor:1.0
CVE-2003-1384
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.780-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
BUGTRAQ
20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
FULLDISC
20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
BID
6997
XF
pylivredor-guestbook-xss(11448)
Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields.
cpe:/a:invision_power_services:invision_power_board:1.1.1
CVE-2003-1385
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.827-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
VULNWATCH
20030227 Invision Power Board (PHP)
BID
6976
XF
invision-ipchat-file-include(11435)
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
cpe:/h:axis:2400_video_server:2.0
cpe:/h:axis:2400_video_server:2.20
cpe:/h:axis:2400_video_server:2.31
cpe:/h:axis:2400_video_server:2.32
cpe:/h:axis:2400_video_server:2.33
cpe:/h:axis:2401_video_server:2.20
cpe:/h:axis:2401_video_server:2.31
cpe:/h:axis:2401_video_server:2.32
cpe:/h:axis:2401_video_server:2.33
CVE-2003-1386
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.873-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030228 axis2400 webcams
BUGTRAQ
20030325 Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI
BID
6980
MISC
http://www.websec.org/adv/axis2400.txt.html
XF
axis-messages-unauth-access(11440)
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
cpe:/a:opera_software:opera_web_browser:6.0.5::win32
cpe:/a:opera_software:opera_web_browser:6.0.6::win32
cpe:/a:opera_software:opera_web_browser:7.0_beta1::win32
cpe:/a:opera_software:opera_web_browser:7.0_beta2::win32
CVE-2003-1387
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.937-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3253
BUGTRAQ
20030209 Opera Username Buffer Overflow Vulnerability
BUGTRAQ
20030320 Opara 6.06 Released, Security-Hole Left
BID
6811
XF
opera-username-url-bo(11281)
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
cpe:/a:opera_software:opera:7.02_build_2668
CVE-2003-1388
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:08.997-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030407 Unchecked Buffer in Opera 7.02
XF
opera-long-url-bo(11740)
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
cpe:/a:research_triangle_software:cryptobuddy:1.0
cpe:/a:research_triangle_software:cryptobuddy:1.2
CVE-2003-1389
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.047-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
BID
6815
XF
cryptobuddy-truncate-weak-security(11294)
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
cpe:/a:research_triangle_software:cryptobuddy:1.0
cpe:/a:research_triangle_software:cryptobuddy:1.2
CVE-2003-1390
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.093-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
XF
cryptobuddy-plaintext-password-bytes(11297)
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.
cpe:/a:research_triangle_software:cryptobuddy:1.0
cpe:/a:research_triangle_software:cryptobuddy:1.2
CVE-2003-1391
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.157-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
BID
6810
XF
cryptobuddy-password-dictionary(11298)
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.
cpe:/a:research_triangle_software:cryptobuddy:1.0
cpe:/a:research_triangle_software:cryptobuddy:1.2
cpe:/o:microsoft:all_windows
CVE-2003-1392
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.200-04:00
6.6
LOCAL
LOW
NONE
COMPLETE
COMPLETE
NONE
http://nvd.nist.gov
BUGTRAQ
20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
BID
6812
XF
cryptobuddy-password-information-disclosure(11317)
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
cpe:/a:gupta_technologies:sqlbase:8.1.0
CVE-2003-1393
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.263-04:00
8.5
NETWORK
MEDIUM
SINGLE_INSTANCE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
SREASON
3256
BUGTRAQ
20030210 Buffer OverFlow in SQLBase 8.1.0 - NII Advisory
BUGTRAQ
20030308 NII Advisory - Buffer Overflow in SQLBase (Revised)
BID
6808
XF
sqlbase-execute-long-bo(11269)
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.
cpe:/a:coffeecup_software:coffeecup_password_wizard:4.0
CVE-2003-1394
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.407-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3259
BUGTRAQ
20030228 Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions
BID
6995
XF
coffeecup-password-file-retrieval(11447)
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.
cpe:/a:kazaa:kazaa_media_desktop:2.0
cpe:/a:kazaa:kazaa_media_desktop:2.0.2
CVE-2003-1395
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.453-04:00
9.0
NETWORK
LOW
NONE
PARTIAL
PARTIAL
COMPLETE
http://nvd.nist.gov
SREASON
3252
BUGTRAQ
20030202 Denial of service against Kazaa Media Desktop v2
BID
6747
XF
kazaa-automated-ad-bo(11228)
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
cpe:/a:opera_software:opera_web_browser:6.0::win32
cpe:/a:opera_software:opera_web_browser:6.0.1::win32
cpe:/a:opera_software:opera_web_browser:6.0.2::win32
cpe:/a:opera_software:opera_web_browser:6.0.3::win32
cpe:/a:opera_software:opera_web_browser:6.0.4::win32
cpe:/a:opera_software:opera_web_browser:6.0.5::win32
cpe:/a:opera_software:opera_web_browser:7.0::win32
cpe:/a:opera_software:opera_web_browser:7.0.1::win32
cpe:/a:opera_software:opera_web_browser:7.0.2::win32
cpe:/a:opera_software:opera_web_browser:7.0.3::win32
cpe:/a:opera_software:opera_web_browser:7.10
CVE-2003-1396
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.513-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030427 [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.
BID
7450
XF
opera-file-extension-bo(11894)
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
cpe:/a:opera_software:opera_web_browser:6.0.5::win32
cpe:/a:opera_software:opera_web_browser:7.0::win32
cpe:/a:opera_software:opera_web_browser:7.0.1::win32
cpe:/a:opera_software:opera_web_browser:7.0_beta1::win32
cpe:/a:opera_software:opera_web_browser:7.0_beta2::win32
CVE-2003-1397
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.560-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SREASON
3255
BUGTRAQ
20030210 Java-Applet crashes Opera 6.05 and 7.01
BID
6814
XF
opera-plugincontextshowdocument-bo(11280)
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
cpe:/o:cisco:ios:12.0
cpe:/o:cisco:ios:12.0s
cpe:/o:cisco:ios:12.0st
cpe:/o:cisco:ios:12.0t
cpe:/o:cisco:ios:12.1
cpe:/o:cisco:ios:12.1e
cpe:/o:cisco:ios:12.1t
cpe:/o:cisco:ios:12.2
cpe:/o:cisco:ios:12.2e
cpe:/o:cisco:ios:12.2f
cpe:/o:cisco:ios:12.2s
cpe:/o:cisco:ios:12.2t
CVE-2003-1398
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.623-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030211 Field Notice - IOS Accepts ICMP Redirects in Non-default Configuration Settings
SECTRACK
1006075
BID
6823
XF
cisco-ios-icmp-redirect(11306)
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
cpe:/a:eject:eject:2.0.10
cpe:/a:eject:eject:2.0.11
cpe:/a:eject:eject:2.0.12
CVE-2003-1399
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.687-04:00
1.9
LOCAL
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030222 eject 2.0.10 vulnerability
BID
6914
XF
linux-eject-information-disclosure(11380)
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
cpe:/a:francisco_burzi:php-nuke:5.0
cpe:/a:francisco_burzi:php-nuke:5.0.1
cpe:/a:francisco_burzi:php-nuke:5.1
cpe:/a:francisco_burzi:php-nuke:5.2
cpe:/a:francisco_burzi:php-nuke:5.2a
cpe:/a:francisco_burzi:php-nuke:5.3.1
cpe:/a:francisco_burzi:php-nuke:5.4
cpe:/a:francisco_burzi:php-nuke:5.5
cpe:/a:francisco_burzi:php-nuke:5.6
cpe:/a:francisco_burzi:php-nuke:6.0
CVE-2003-1400
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.747-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030203 PHP-Nuke Avatar Code injection vulnerability
BUGTRAQ
20030204 Re: PHP-Nuke Avatar Code injection vulnerability
BID
6750
XF
phpnuke-avatar-code-execution(11229)
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
cpe:/a:php_board:php_board:1.0
CVE-2003-1401
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.810-04:00
5.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030215 php-Board (php)
BID
6862
XF
phpboard-login-plaintext-passwords(11338)
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
cpe:/a:kietu:kietu:2.0
cpe:/a:kietu:kietu:2.3
CVE-2003-1402
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.873-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030215 Kietu ( PHP )
BID
6863
XF
kietu-hit-file-include(11341)
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.
cpe:/a:dotbr:botbr:0.1
CVE-2003-1403
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.937-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030215 DotBr (PHP)
BID
6864
XF
dotbr-foo-info-disclosure(11353)
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
cpe:/a:dotbr:botbr:0.1
CVE-2003-1404
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:09.997-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030215 DotBr (PHP)
BID
6865
XF
dotbr-config-info-disclosure(11354)
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
cpe:/a:dotbr:botbr:0.1
CVE-2003-1405
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.047-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030215 DotBr (PHP)
BID
6866
BID
6867
XF
dotbr-exec-execute-commands(11355)
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
cpe:/a:adalis_infomatique:d_forum:1.0
cpe:/a:adalis_infomatique:d_forum:1.10
cpe:/a:adalis_infomatique:d_forum:1.11
CVE-2003-1406
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.107-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030216 D-Forum (PHP)
BID
6879
XF
dform-header-file-include(11342)
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
cpe:/o:microsoft:windows_nt:4.0
CVE-2003-1407
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.157-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3251
BUGTRAQ
20030211 SECURITY.NNOV: Windows NT 4.0/2000 cmd.exe long path buffer overflow/DoS
BID
6829
XF
win-cmd-cd-bo(11329)
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
cpe:/a:lotus:domino_server:5.0
cpe:/a:lotus:domino_server:6.0
CVE-2003-1408
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.200-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030212 Lotus Domino DOT Bug Allows for Source Code Viewing
BUGTRAQ
20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing
BID
6841
XF
lotus-domino-dot-file-download(11311)
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
cpe:/a:ej3:topo:1.43
CVE-2003-1409
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.247-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030204 TOPo 1.43 and prior - Path Disclosure (in.php, out.php)
BID
6768
XF
topo-path-disclosure(11248)
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.
cpe:/a:isoca:cedric_email_reader:0.2
cpe:/a:isoca:cedric_email_reader:0.3
CVE-2003-1410
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.310-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030209 Cedric Email Reader (PHP)
BID
6818
XF
cedric-email-file-include(11278)
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
cpe:/a:isoca:cedric_email_reader:0.4
CVE-2003-1411
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.357-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030209 Cedric Email Reader (PHP)
BID
6820
XF
cedric-email-file-include(11278)
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
cpe:/a:gonicus:gonicus_system_administration:1.0
CVE-2003-1412
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:49.200-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
FULLDISC
20030223 GOnicus System Administrator php injection
BUGTRAQ
20030224 GOnicus System Administrator php injection
BID
6922
SECTRACK
1006162
XF
gosa-plugin-file-include(11408)
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
cpe:/a:apple:darwin_streaming_server:4.1.2
cpe:/a:apple:quicktime_streaming_server:4.1.1
CVE-2003-1413
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.450-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SREASON
3260
BUGTRAQ
20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
BID
6992
XF
darwin-dotdot-file-existence(11445)
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
cpe:/a:apple:darwin_streaming_server:4.1.2
cpe:/a:apple:quicktime_streaming_server:4.1.1
CVE-2003-1414
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.497-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3260
BUGTRAQ
20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
BID
6990
XF
darwin-dotdotdot-directory-traversal(11446)
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
cpe:/a:visual_mining:netcharts_xbrl_server:4.0.0
CVE-2003-1415
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.547-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3261
BUGTRAQ
20030218 [SecurityOffice] Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability
BID
6877
XF
netcharts-chunked-encoding-bo(11345)
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification.
cpe:/h:bisonftp:bisonftp_server_4:r2
CVE-2003-1416
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.607-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP
BID
6869
XF
bisonftp-ls-cwd-dos(11346)
BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command.
cpe:/a:ncipher:support_software:6.00
CVE-2003-1417
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.657-04:00
4.4
LOCAL
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030225 nCipher Advisory #7: Unexpected copies of imported software keys
BID
6927
XF
ncipher-duplicate-keys(11422)
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
cpe:/a:apache:http_server:1.3.22
cpe:/a:apache:http_server:1.3.23
cpe:/a:apache:http_server:1.3.24
cpe:/a:apache:http_server:1.3.25
cpe:/a:apache:http_server:1.3.26
cpe:/a:apache:http_server:1.3.27
CVE-2003-1418
2003-12-31T00:00:00.000-05:00
2017-10-19T21:29:00.253-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
OPENBSD
[3.2] 008: SECURITY FIX: February 25, 2003
CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
BID
6939
BID
6943
XF
apache-mime-information-disclosure(11438)
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
cpe:/a:netscape:navigator:7.0
CVE-2003-1419
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.747-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030225 Re: Netscape 6/7 crashes by a simple stylesheet...
BID
6959
XF
netscape-javascript-reformatdate-dos(11444)
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
cpe:/a:opera_software:opera_web_browser:6.0
cpe:/a:opera_software:opera_web_browser:6.0::win32
cpe:/a:opera_software:opera_web_browser:6.0.1
cpe:/a:opera_software:opera_web_browser:6.0.1::linux
cpe:/a:opera_software:opera_web_browser:6.0.1::win32
cpe:/a:opera_software:opera_web_browser:6.0.2::linux
cpe:/a:opera_software:opera_web_browser:6.0.2::win32
cpe:/a:opera_software:opera_web_browser:6.0.3::linux
cpe:/a:opera_software:opera_web_browser:6.0.3::win32
cpe:/a:opera_software:opera_web_browser:6.0.4::win32
cpe:/a:opera_software:opera_web_browser:6.0.5::win32
cpe:/a:opera_software:opera_web_browser:6.10::linux
cpe:/a:opera_software:opera_web_browser:7.0::win32
cpe:/a:opera_software:opera_web_browser:7.0.1::win32
cpe:/a:opera_software:opera_web_browser:8.0
CVE-2003-1420
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.810-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030226 Secunia Research: Opera browser Cross Site Scripting
BID
6962
XF
opera-automatic-redirection-xss(11423)
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.
cpe:/a:suckbot:suckbot:0.006
CVE-2003-1421
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.857-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BID
6854
XF
suckbot-modmysqllogger-dos(11340)
Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors.
cpe:/a:gentoo:syslinux:2.0.1
CVE-2003-1422
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.907-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://syslinux.zytor.com/history.php
BID
6876
XF
syslinux-gain-privileges(11351)
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
cpe:/a:petitforum:petitforum
CVE-2003-1423
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.953-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SECTRACK
1006117
XF
petitforum-liste-info-disclosure(11358)
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
cpe:/a:petitforum:petitforum
CVE-2003-1424
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:10.997-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SECTRACK
1006117
XF
petitforum-message-auth-bypass(11359)
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
cpe:/a:cpanel:cpanel:5.0
CVE-2003-1425
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.047-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
VULNWATCH
20030218 Cpanel 5 and below remote command execution and local root vulnerabilities
BID
6882
XF
cpanel-guestbook-command-execution(11356)
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
cpe:/a:cpanel:cpanel:5.0
CVE-2003-1426
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.093-04:00
3.3
LOCAL
MEDIUM
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030218 Cpanel 5 and below remote command execution and local root vulnerabilities
BID
6885
XF
cpanel-scriptfilename-gain-privileges(11357)
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
cpe:/h:netgear:fm114p:1.4_beta_release_17
CVE-2003-1427
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.157-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030209 Bug in Netgear FM114P Wireless Router firmware
BID
6807
XF
netgear-fm114p-directory-traversal(11279)
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
cpe:/a:bharat_mediratta:gallery:1.3.3
CVE-2003-1428
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.203-04:00
4.8
ADJACENT_NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030210 Gallery 1.3.3
BID
6809
XF
gallery-album-insecure-directory(11284)
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
cpe:/a:proxomitron:proxomitron_naoko:4.4
CVE-2003-1429
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.247-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
VULNWATCH
20030219 [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS
XF
proxomitron-parameter-length-bo(11364)
Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request.
cpe:/a:epic_games:unreal_engine:226f
cpe:/a:epic_games:unreal_engine:433
cpe:/a:epic_games:unreal_engine:436
CVE-2003-1430
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.297-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030205 Unreal engine: results of my research
BUGTRAQ
20030211 Re: Epic Games threatens to sue security researchers
BID
6775
XF
ut-file-directory-traversal(11299)
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
cpe:/a:epic_games:unreal_engine:226f
cpe:/a:epic_games:unreal_engine:433
cpe:/a:epic_games:unreal_engine:436
CVE-2003-1431
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.343-04:00
7.1
NETWORK
MEDIUM
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030205 Unreal engine: results of my research
BUGTRAQ
20030211 Re: Epic Games threatens to sue security researchers
BID
6774
XF
ut-url-memory-corruption(11301)
Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.
cpe:/a:epic_games:unreal_engine:226f
cpe:/a:epic_games:unreal_engine:433
cpe:/a:epic_games:unreal_engine:436
cpe:/a:epic_games:unreal_tournament_2003:2199_linux
cpe:/a:epic_games:unreal_tournament_2003:2199_win32
cpe:/a:epic_games:unreal_tournament_2003:demo_version_2206_linux
cpe:/a:epic_games:unreal_tournament_2003:demo_version_2206_win32
CVE-2003-1432
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.407-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030205 Unreal engine: results of my research
BUGTRAQ
20030211 Re: Epic Games threatens to sue security researchers
BUGTRAQ
20030513 UT2003 client passive DoS exploit
BID
6770
BID
6772
XF
ut-packet-dos(11302)
XF
ut-negative-memory-corruption(11305)
XF
ut-negative-udp-dos(12012)
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
cpe:/a:epic_games:unreal_engine:226f
cpe:/a:epic_games:unreal_engine:433
cpe:/a:epic_games:unreal_engine:436
CVE-2003-1433
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.453-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030205 Unreal engine: results of my research
BUGTRAQ
20030211 Re: Epic Games threatens to sue security researchers
BID
6771
XF
ut-join-request-dos(11304)
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
cpe:/a:pete_werner:login_ldap:3.1
cpe:/a:pete_werner:login_ldap:3.2
CVE-2003-1434
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.497-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030220 login_ldap security announcement
BID
6903
XF
loginldap-password-bypass(11374)
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
cpe:/a:francisco_burzi:php-nuke:5.6
cpe:/a:francisco_burzi:php-nuke:6.0
CVE-2003-1435
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.547-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030220 PHPNuke SQL Injection
BID
6887
XF
phpnuke-search-sql-injection(11375)
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
cpe:/a:crossnuke:nukebrowser:2.1
cpe:/a:crossnuke:nukebrowser:2.3
cpe:/a:crossnuke:nukebrowser:2.5
cpe:/a:crossnuke:nukebrowser:2.11
cpe:/a:crossnuke:nukebrowser:2.20
cpe:/a:crossnuke:nukebrowser:2.41
CVE-2003-1436
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.607-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SECTRACK
1006031
BID
6731
XF
nukebrowser-php-file-include(11217)
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0.0.1
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express
CVE-2003-1437
2003-12-31T00:00:00.000-05:00
2018-10-30T12:25:37.090-04:00
2.1
LOCAL
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BEA
BEA03-25.00
BID
6719
XF
weblogic-keystore-plaintext-passwords(11220)
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
cpe:/a:bea:weblogic_server:5.1
cpe:/a:bea:weblogic_server:6.0
cpe:/a:bea:weblogic_server:6.1
cpe:/a:bea:weblogic_server:7.0
cpe:/a:bea:weblogic_server:7.0.0.1
CVE-2003-1438
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.717-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BEA
BEA03-26.01
BID
6717
SECTRACK
1006018
XF
weblogic-clustered-race-condition(11221)
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
cpe:/a:silc:secure_internet_live_conferencing:0.9.11
cpe:/a:silc:secure_internet_live_conferencing:0.9.12
CVE-2003-1439
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:49.593-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030201 silc question - insecure memory
BUGTRAQ
20030201 Re: silc question - insecure memory
BID
6743
XF
silc-plaintext-account-information(11244)
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
cpe:/a:burton_computer_corporation:spamprobe:0.8a
CVE-2003-1440
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.810-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=137128
BID
6739
SECTRACK
1006038
XF
spamprobe-newlines-href-dos(11247)
SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.
cpe:/a:posadis:posadis:0.50.4
cpe:/a:posadis:posadis:0.50.5
cpe:/a:posadis:posadis:0.50.6
cpe:/a:posadis:posadis:0.50.7
cpe:/a:posadis:posadis:0.50.8
CVE-2003-1441
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.873-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BID
6799
XF
posadis-dns-packet-dos(11285)
Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference.
cpe:/h:ericsson:hm220dp_adsl_modem
CVE-2003-1442
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.920-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030211 Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability
BUGTRAQ
20030225 RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne
BID
6824
XF
ericsson-hm220dp-auth-bypass(11290)
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
cpe:/a:kaspersky_lab:kaspersky_anti-virus:4.0.9.0
CVE-2003-1443
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:11.967-04:00
4.4
LOCAL
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030211 SECURITY.NNOV: Kaspersky Antivirus DoS
XF
kav-device-name-bypass(11292)
Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.
cpe:/a:kaspersky_lab:kaspersky_anti-virus:4.0.9.0
CVE-2003-1444
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.013-04:00
4.4
LOCAL
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030211 SECURITY.NNOV: Kaspersky Antivirus DoS
XF
kav-long-path-dos(11291)
Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.
cpe:/a:rarlab:far_manager:1.65
cpe:/a:rarlab:far_manager:1.70_beta_1
cpe:/a:rarlab:far_manager:1.70_beta_4
CVE-2003-1445
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.060-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
SREASON
3281
BUGTRAQ
20030211 SECURITY.NNOV: Far buffer overflow
BID
6822
XF
far-long-path-bo(11293)
Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.
cpe:/a:rogue:rogue:5.2-2
cpe:/a:rogue:rogue:985.0
CVE-2003-1446
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.107-04:00
4.9
LOCAL
LOW
NONE
NONE
COMPLETE
NONE
http://nvd.nist.gov
BUGTRAQ
20030221 Rogue buffer overflow
BID
6912
XF
rogue-saveintofile-bo(11382)
Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde).
cpe:/a:ibm:websphere_application_server:4.0.4::advanced_server
CVE-2003-1447
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.170-04:00
1.9
LOCAL
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3277
BUGTRAQ
20030204 Weak password protection in WebSphere 4.0.4 XML configuration export
BUGTRAQ
20030206 Re: Weak password protection in WebSphere 4.0.4 XML configuration export
BID
6758
XF
websphere-xml-weak-encryption(11245)
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_2000::sp1
cpe:/o:microsoft:windows_2000::sp2
cpe:/o:microsoft:windows_2000::sp3
CVE-2003-1448
2003-12-31T00:00:00.000-05:00
2019-04-30T10:27:13.710-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
MISC
http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.html
BID
6766
XF
win2k-netbios-continuation-dos(11274)
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
cpe:/a:aladdin_knowledge_systems:esafe_gateway:3.5.126.0
CVE-2003-1449
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.263-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030206 FW-1 NG FP3 Bug - Data flow problem when transferring large files
BID
6787
XF
esafe-gateway-filter-bypass(11295)
Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection.
cpe:/a:bitchx:bitchx:1.0_c16
cpe:/a:bitchx:bitchx:1.0_c19
cpe:/a:bitchx:bitchx:1.0_c20cvs
cpe:/a:bitchx:bitchx:75p3
CVE-2003-1450
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.357-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
FULLDISC
20030217 [argv] BitchX-353 Vulnerability
SREASON
3279
GENTOO
200302-11
BUGTRAQ
20030217 [argv] BitchX-353 Vulnerability
BID
6880
XF
bitchx-irc-namreply-dos(11363)
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
cpe:/a:symantec:norton_antivirus:2002
CVE-2003-1451
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.420-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html
BUGTRAQ
20030219 [SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability
MISC
http://www.lac.co.jp/security/english/snsadv_e/61_e.html
BID
6886
XF
nav-email-filename-bo(11365)
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
cpe:/a:qualcomm:qpopper:4.0
cpe:/a:qualcomm:qpopper:4.0.1
cpe:/a:qualcomm:qpopper:4.0.2
cpe:/a:qualcomm:qpopper:4.0.3
cpe:/a:qualcomm:qpopper:4.0.4
cpe:/a:qualcomm:qpopper:4.0.5
cpe:/a:qualcomm:qpopper:4.0.5_fc2
cpe:/a:qualcomm:qpopper:4.0_b14
CVE-2003-1452
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.467-04:00
3.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030429 [INetCop Security Advisory] Qpopper v4.0.x poppassd local root
SREASON
3268
BUGTRAQ
20030428 Qpopper v4.0.x poppassd local root exploit
BID
7447
XF
qpopper-poppassd-root-access(11877)
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
cpe:/a:xoops:xoops:1.3.5
cpe:/a:xoops:xoops:1.3.6
cpe:/a:xoops:xoops:1.3.7
cpe:/a:xoops:xoops:1.3.8
cpe:/a:xoops:xoops:1.3.9
cpe:/a:xoops:xoops:2.0
cpe:/a:xoops:xoops:2.0.1
CVE-2003-1453
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.530-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3269
BUGTRAQ
20030425 XOOPS MyTextSanitizer CSS 1.3x & 2.x
BID
7434
XF
xoops-mytextsanitizer-xss(11872)
Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.
cpe:/a:invision_power_services:invision_board:1.0
cpe:/a:invision_power_services:invision_board:1.0.1
cpe:/a:invision_power_services:invision_board:1.1.1
CVE-2003-1454
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.577-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3276
BUGTRAQ
20030425 Invision Power Board Plaintext Password Disclosure Vuln
BID
7440
XF
invision-admin-plaintext-password(11871)
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
cpe:/a:poptop:pptp_server:1.1.4b1
cpe:/a:poptop:pptp_server:1.1.4b2
cpe:/a:poptop:pptp_server:1.1.4b3
CVE-2003-1455
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.640-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=138437
BID
7582
BID
7590
XF
poptop-launchbcrelay-pptpctrlc-bo(12101)
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.
cpe:/a:mike_bobbitt:album.pl:6.1
CVE-2003-1456
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.687-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
CONFIRM
http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720
SREASON
3270
BUGTRAQ
20030426 Album.pl Vulnerability - Remote Command Execution
BID
7444
XF
albumpl-command-execution(11878)
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
cpe:/a:auerswald:comsuite_cti_controlcenter:3.1
CVE-2003-1457
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.733-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3282
BUGTRAQ
20030429 Auerswald COMsuite/ Back Door
BID
7458
XF
comsuite-runasositron-backdoor-account(11923)
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
cpe:/a:ttcms:ttcms:2.2
cpe:/a:ttcms:ttforum:1.1
CVE-2003-1458
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.797-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3278
BUGTRAQ
20030509 ttcms and ttforum exploits
BID
7543
XF
ttcms-profile-sql-injection(12273)
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
cpe:/a:ttcms:ttcms:2.2
cpe:/a:ttcms:ttforum:1.1
CVE-2003-1459
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.857-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3278
BUGTRAQ
20030509 ttcms and ttforum exploits
BID
7542
XF
ttcms-ttforum-file-include(12271)
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
cpe:/a:ralf_hoffmann:worker_filemanager:1.0
cpe:/a:ralf_hoffmann:worker_filemanager:1.1
cpe:/a:ralf_hoffmann:worker_filemanager:1.2
cpe:/a:ralf_hoffmann:worker_filemanager:1.3
cpe:/a:ralf_hoffmann:worker_filemanager:1.3.1
cpe:/a:ralf_hoffmann:worker_filemanager:1.3.2
cpe:/a:ralf_hoffmann:worker_filemanager:1.3.3
cpe:/a:ralf_hoffmann:worker_filemanager:2.0
cpe:/a:ralf_hoffmann:worker_filemanager:2.0.1
cpe:/a:ralf_hoffmann:worker_filemanager:2.0.2
cpe:/a:ralf_hoffmann:worker_filemanager:2.1
cpe:/a:ralf_hoffmann:worker_filemanager:2.2
cpe:/a:ralf_hoffmann:worker_filemanager:2.2.1
cpe:/a:ralf_hoffmann:worker_filemanager:2.2.2
cpe:/a:ralf_hoffmann:worker_filemanager:2.3
cpe:/a:ralf_hoffmann:worker_filemanager:2.3.1
cpe:/a:ralf_hoffmann:worker_filemanager:2.4
cpe:/a:ralf_hoffmann:worker_filemanager:2.5
cpe:/a:ralf_hoffmann:worker_filemanager:2.6
cpe:/a:ralf_hoffmann:worker_filemanager:2.6.1
cpe:/a:ralf_hoffmann:worker_filemanager:2.7
CVE-2003-1460
2003-12-31T00:00:00.000-05:00
2008-09-05T16:36:59.650-04:00
3.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
2007-12-11T11:05:00.000-05:00
CONFIRM
http://www.boomerangsworld.de/worker/wchanges.php3?lang=en
BID
7460
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
cpe:/o:hp:hp-ux:11.00
CVE-2003-1461
2003-12-31T00:00:00.000-05:00
2017-10-10T21:29:19.450-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3283
BUGTRAQ
20030502 HP-UX 11.0 /usr/lbin/rwrite
BUGTRAQ
20030503 rwrite buffer overflow in hp-ux
BID
7489
XF
hp-rwrite-bo(11919)
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
cpe:/a:mod_survey:mod_survey:3.0
cpe:/a:mod_survey:mod_survey:3.0.1
cpe:/a:mod_survey:mod_survey:3.0.2
cpe:/a:mod_survey:mod_survey:3.0.3
cpe:/a:mod_survey:mod_survey:3.0.4
cpe:/a:mod_survey:mod_survey:3.0.5
cpe:/a:mod_survey:mod_survey:3.0.6
cpe:/a:mod_survey:mod_survey:3.0.7
cpe:/a:mod_survey:mod_survey:3.0.8
cpe:/a:mod_survey:mod_survey:3.0.9
cpe:/a:mod_survey:mod_survey:3.0.10
cpe:/a:mod_survey:mod_survey:3.0.11
cpe:/a:mod_survey:mod_survey:3.0.12
cpe:/a:mod_survey:mod_survey:3.0.13
cpe:/a:mod_survey:mod_survey:3.0.14
cpe:/a:mod_survey:mod_survey:3.0.14d
cpe:/a:mod_survey:mod_survey:3.0.14e
cpe:/a:mod_survey:mod_survey:3.0.15pre1
cpe:/a:mod_survey:mod_survey:3.0.15pre2
cpe:/a:mod_survey:mod_survey:3.0.15pre3
cpe:/a:mod_survey:mod_survey:3.0.15pre4
cpe:/a:mod_survey:mod_survey:3.0.15pre5
cpe:/a:mod_survey:mod_survey:3.0.15pre6
CVE-2003-1462
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:12.997-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030504 Mod_Survey SYSBASE vulnerability
CONFIRM
http://gathering.itm.mh.se/modsurvey/SA20030504.txt
BID
7498
XF
modsurvey-nonexistent-survey-dos(11861)
mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash).
cpe:/a:alt-n:webadmin:2.0.0
cpe:/a:alt-n:webadmin:2.0.1
cpe:/a:alt-n:webadmin:2.0.2
CVE-2003-1463
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.060-04:00
3.5
NETWORK
MEDIUM
SINGLE_INSTANCE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3286
BUGTRAQ
20030425 Path disclosure and file access on WebAdmin
BID
7438
BID
7439
XF
webadmin-webadmindll-path-disclosure(11874)
XF
webadmin-webadmindll-view-files(11875)
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
cpe:/h:siemens:m45
cpe:/h:siemens:s45
CVE-2003-1464
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.107-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SREASON
3287
BUGTRAQ
20030506 Siemens Mobile Phone - Buffer Overflow
BID
7507
XF
siemens-sms-image-bo(11950)
Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.
cpe:/a:phorum:phorum:3.4
cpe:/a:phorum:phorum:3.4.1
cpe:/a:phorum:phorum:3.4.2
CVE-2003-1465
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.157-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3288
BUGTRAQ
20030513 Phorum Vulnerabilities
BID
7569
XF
phorum-download-directory-traversal(12482)
Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.
cpe:/a:phorum:phorum:3.4
cpe:/a:phorum:phorum:3.4.1
cpe:/a:phorum:phorum:3.4.2
CVE-2003-1466
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:00.633-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-12-11T12:01:00.000-05:00
SREASON
3288
BUGTRAQ
20030513 Phorum Vulnerabilities
BID
7581
BID
7583
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
cpe:/a:phorum:phorum:3.4
cpe:/a:phorum:phorum:3.4.1
cpe:/a:phorum:phorum:3.4.2
CVE-2003-1467
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.217-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3288
BUGTRAQ
20030513 Phorum Vulnerabilities
BID
7572
BID
7573
BID
7576
BID
7577
BID
7584
XF
phorum-multiple-xss(12487)
XF
phorum-register-html-injection(12502)
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
cpe:/a:francisco_burzi:php-nuke:6.0
cpe:/a:francisco_burzi:php-nuke:6.5
cpe:/a:francisco_burzi:php-nuke:6.5_beta1
cpe:/a:francisco_burzi:php-nuke:6.5_final
cpe:/a:francisco_burzi:php-nuke:6.5_rc1
cpe:/a:francisco_burzi:php-nuke:6.5_rc2
cpe:/a:francisco_burzi:php-nuke:6.5_rc3
CVE-2003-1468
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.263-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030512 Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
BID
7589
XF
phpnuke-weblinks-path-disclosure(12436)
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
cpe:/a:macromedia:coldfusion
cpe:/a:macromedia:coldfusion:::developer
cpe:/a:macromedia:coldfusion:6.0
cpe:/a:macromedia:coldfusion_professional
CVE-2003-1469
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.327-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3307
MISC
http://www.nii.co.in/vuln/pdmac.html
BUGTRAQ
20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server
BID
7443
XF
coldfusion-mx-path-disclosure(11879)
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
cpe:/a:alt-n:mdaemon:6.7.5
CVE-2003-1470
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.373-04:00
9.0
NETWORK
LOW
SINGLE_INSTANCE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3296
BUGTRAQ
20030427 MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow
BID
7446
XF
mdaemon-imap-create-bo(11896)
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
cpe:/a:alt-n:mdaemon:6.0.7
CVE-2003-1471
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.437-04:00
6.3
NETWORK
MEDIUM
SINGLE_INSTANCE
NONE
NONE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20030428 MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
BUGTRAQ
20030428 RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
XF
mdaemon-pop3-negative-dos(11882)
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
cpe:/a:3d-ftp:3d-ftp:4.0
CVE-2003-1472
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.483-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SREASON
3297
BUGTRAQ
20030428 Buffer overflow in 3D-ftp
BID
7451
XF
3dftp-ftp-banner-bo(11883)
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.
cpe:/a:lgames:ltris:1.0.1
CVE-2003-1473
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.530-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
FULLDISC
20030509 ltris-and-slashem-tty possible trouble
BUGTRAQ
20030508 ltris-and-slashem-tty possible trouble
BID
7537
XF
ltris-bo(11978)
Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable.
cpe:/a:freebsd:slashem-tty:0.0.6e.4f.8
CVE-2003-1474
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:01.883-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2007-12-11T13:35:00.000-05:00
ALLOWS_ADMIN_ACCESS
FULLDISC
20030509 ltris-and-slashem-tty possible trouble
XF
slashem-tty-insecure-permissions(11979)
BUGTRAQ
20030508 ltris-and-slashem-tty possible trouble
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
cpe:/a:netbus:netbus:1.5
cpe:/a:netbus:netbus:1.6
cpe:/a:netbus:netbus:1.7
CVE-2003-1475
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.577-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
SREASON
3289
BUGTRAQ
20030509 Netbus 1.x exploit
BID
7538
XF
netbus-password-authentication-bypass(11982)
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.
cpe:/a:cerberus:ftp_server:2.1
CVE-2003-1476
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:02.197-04:00
2.1
LOCAL
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2007-12-11T15:04:00.000-05:00
CONFIRM
http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues
BID
7556
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.
cpe:/a:clearswift:mailsweeper_for_smtp:4.3.6
cpe:/a:clearswift:mailsweeper_for_smtp:4.3.7
CVE-2003-1477
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.640-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
BID
7562
XF
mailsweeper-powerpoint-file-dos(12052)
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."
cpe:/a:kde:konqueror:3.0.3
CVE-2003-1478
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.687-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030502 Re: April appeared to be a month of IE bugs. Here
BID
7486
XF
kde-konqueror-dos(11971)
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
cpe:/a:darkwet:webcam_xp:1.02.432
cpe:/a:darkwet:webcam_xp:1.02.535
CVE-2003-1479
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.733-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3304
MISC
http://www.frame4.com/content/advisories/FSA-2003-002.txt
BUGTRAQ
20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature
BID
7490
XF
webcamxp-multiple-xss(11952)
Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field.
cpe:/a:mysql:mysql:4.1.0:alpha
cpe:/a:mysql:mysql:4.1.0.0
cpe:/a:oracle:mysql:3.20
cpe:/a:oracle:mysql:3.20.32a
cpe:/a:oracle:mysql:3.21
cpe:/a:oracle:mysql:3.22
cpe:/a:oracle:mysql:3.22.26
cpe:/a:oracle:mysql:3.22.27
cpe:/a:oracle:mysql:3.22.28
cpe:/a:oracle:mysql:3.22.29
cpe:/a:oracle:mysql:3.22.30
cpe:/a:oracle:mysql:3.22.32
cpe:/a:oracle:mysql:3.23.2
cpe:/a:oracle:mysql:3.23.3
cpe:/a:oracle:mysql:3.23.4
cpe:/a:oracle:mysql:3.23.5
cpe:/a:oracle:mysql:3.23.8
cpe:/a:oracle:mysql:3.23.9
cpe:/a:oracle:mysql:3.23.10
cpe:/a:oracle:mysql:3.23.22
cpe:/a:oracle:mysql:3.23.23
cpe:/a:oracle:mysql:3.23.24
cpe:/a:oracle:mysql:3.23.25
cpe:/a:oracle:mysql:3.23.26
cpe:/a:oracle:mysql:3.23.27
cpe:/a:oracle:mysql:3.23.28
cpe:/a:oracle:mysql:3.23.28:gamma
cpe:/a:oracle:mysql:3.23.29
cpe:/a:oracle:mysql:3.23.30
cpe:/a:oracle:mysql:3.23.31
cpe:/a:oracle:mysql:3.23.32
cpe:/a:oracle:mysql:3.23.33
cpe:/a:oracle:mysql:3.23.34
cpe:/a:oracle:mysql:3.23.35
cpe:/a:oracle:mysql:3.23.36
cpe:/a:oracle:mysql:3.23.37
cpe:/a:oracle:mysql:3.23.38
cpe:/a:oracle:mysql:3.23.39
cpe:/a:oracle:mysql:3.23.40
cpe:/a:oracle:mysql:3.23.41
cpe:/a:oracle:mysql:3.23.42
cpe:/a:oracle:mysql:3.23.43
cpe:/a:oracle:mysql:3.23.44
cpe:/a:oracle:mysql:3.23.45
cpe:/a:oracle:mysql:3.23.46
cpe:/a:oracle:mysql:3.23.47
cpe:/a:oracle:mysql:3.23.48
cpe:/a:oracle:mysql:3.23.49
cpe:/a:oracle:mysql:3.23.50
cpe:/a:oracle:mysql:3.23.51
cpe:/a:oracle:mysql:3.23.52
cpe:/a:oracle:mysql:3.23.53
cpe:/a:oracle:mysql:3.23.53a
cpe:/a:oracle:mysql:3.23.54
cpe:/a:oracle:mysql:3.23.54a
cpe:/a:oracle:mysql:3.23.55
cpe:/a:oracle:mysql:3.23.56
cpe:/a:oracle:mysql:4.0.0
cpe:/a:oracle:mysql:4.0.1
cpe:/a:oracle:mysql:4.0.2
cpe:/a:oracle:mysql:4.0.3
cpe:/a:oracle:mysql:4.0.5a
cpe:/a:oracle:mysql:4.0.7:gamma
cpe:/a:oracle:mysql:4.0.8:gamma
cpe:/a:oracle:mysql:4.0.9:gamma
cpe:/a:oracle:mysql:4.0.11:gamma
CVE-2003-1480
2003-12-31T00:00:00.000-05:00
2019-10-07T12:42:10.637-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2007-12-11T19:28:00.000-05:00
MISC
http://www.securiteam.com/tools/5WP031FA0U.html
BID
7500
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
cpe:/a:stalker:communigate_pro:3.1
cpe:/a:stalker:communigate_pro:3.2.4
cpe:/a:stalker:communigate_pro:3.2_b5
cpe:/a:stalker:communigate_pro:3.2_b7
cpe:/a:stalker:communigate_pro:3.3.2
cpe:/a:stalker:communigate_pro:3.3_b1
cpe:/a:stalker:communigate_pro:3.3_b2
cpe:/a:stalker:communigate_pro:3.4_b3
cpe:/a:stalker:communigate_pro:4.0.1
cpe:/a:stalker:communigate_pro:4.0.2
cpe:/a:stalker:communigate_pro:4.0.3
cpe:/a:stalker:communigate_pro:4.0.6
cpe:/a:stalker:communigate_pro:4.0_b2
cpe:/a:stalker:communigate_pro:4.0_b3
CVE-2003-1481
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.780-04:00
5.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3290
BUGTRAQ
20030504 CommuniGatePro 4.0.6 [EXPLOIT]
BID
7501
XF
communigate-pro-session-hijacking(11932)
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
cpe:/h:microsoft:mn-500_wireless_base_station
CVE-2003-1482
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:03.260-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-12-12T13:01:00.000-05:00
SECTRACK
1006691
BID
7496
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
cpe:/a:flashfxp:flashfxp:1.4
CVE-2003-1483
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.843-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
MISC
http://downloads.securityfocus.com/vulnerabilities/exploits/flashfxp_decrypt.c
SECTRACK
1006730
BID
7499
XF
flashfxp-weak-password-encryption(12298)
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
cpe:/a:microsoft:ie:6.0:sp1
CVE-2003-1484
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.890-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SREASON
3292
BUGTRAQ
20030505 Crash in Internet Explorer 6.0 Sp1
BID
7502
XF
ie-anchorclick-dos(11946)
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
cpe:/a:clearswift:mailsweeper:4.0
cpe:/a:clearswift:mailsweeper:4.1
cpe:/a:clearswift:mailsweeper:4.2
cpe:/a:clearswift:mailsweeper:4.3
cpe:/a:clearswift:mailsweeper:4.3.3
cpe:/a:clearswift:mailsweeper:4.3.4
cpe:/a:clearswift:mailsweeper:4.3.5
cpe:/a:clearswift:mailsweeper:4.3.6
cpe:/a:clearswift:mailsweeper:4.3.6_sp1
cpe:/a:clearswift:mailsweeper:4.3.7
CVE-2003-1485
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:03.697-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2007-12-12T13:35:00.000-05:00
BID
7568
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
cpe:/a:phorum:phorum:3.4
cpe:/a:phorum:phorum:3.4.1
cpe:/a:phorum:phorum:3.4.2
CVE-2003-1486
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.937-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3288
BUGTRAQ
20030513 Phorum Vulnerabilities
BID
7571
XF
phorum-multiple-path-disclosure(12499)
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.
cpe:/a:phorum:phorum:3.4
cpe:/a:phorum:phorum:3.4.1
cpe:/a:phorum:phorum:3.4.2
CVE-2003-1487
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:13.983-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3288
BUGTRAQ
20030513 Phorum Vulnerabilities
BID
7574
BID
7578
BID
7579
XF
phorum-command-execution(12500)
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
cpe:/a:truelogik:truegalerie:1.0
CVE-2003-1488
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.047-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030425 True Galerie 1.0 : Admin Access & File Copy
BID
7427
XF
truegalerie-verifadmin-admin-access(11886)
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
cpe:/a:truegalerie:truegalerie:1.0
CVE-2003-1489
2003-12-31T00:00:00.000-05:00
2016-10-17T22:39:45.560-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
VULNWATCH
20030425 True Galerie 1.0 : Admin Access & File Copy
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
cpe:/h:sonicwall:pro100:6.4.0.1
cpe:/h:sonicwall:pro200:6.4.0.1
cpe:/h:sonicwall:pro300:6.4.0.1
CVE-2003-1490
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.093-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SREASON
3291
BUGTRAQ
20030424 SonicWall Pro DoS?
BID
7435
XF
sonicwallpro-http-post-dos(11876)
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
cpe:/a:kerio:personal_firewall:2.1.4
CVE-2003-1491
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.140-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
FULLDISC
20030422 UDP bypassing in Kerio Firewall 2.1.4
MISC
http://www.securiteam.com/securitynews/5FP0N1P9PI.html
BID
7436
XF
kerio-pf-firewall-bypass(11880)
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
cpe:/a:mozilla:firefox
cpe:/a:netscape:navigator:7.0.2
CVE-2003-1492
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.187-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030429 "netscape navigator" is cracked.
BID
7456
XF
netscape-domain-obtain-info(11924)
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
cpe:/a:hp:openview_network_node_manager:5.0.1
cpe:/a:hp:openview_network_node_manager:6.0.1
cpe:/a:hp:openview_network_node_manager:6.1
cpe:/a:hp:openview_network_node_manager:6.1::hp_ux_10.x
cpe:/a:hp:openview_network_node_manager:6.1::hp_ux_11.x
cpe:/a:hp:openview_network_node_manager:6.1::solaris
cpe:/a:hp:openview_network_node_manager:6.2
cpe:/a:hp:openview_network_node_manager:6.2::hp_ux_10.x
cpe:/a:hp:openview_network_node_manager:6.2::hp_ux_11.x
cpe:/a:hp:openview_network_node_manager:6.2::nt_4.x_windows_2000
cpe:/a:hp:openview_network_node_manager:6.2::solaris
cpe:/a:hp:openview_network_node_manager:6.4
cpe:/a:hp:openview_network_node_manager:6.4::hp_ux_11.x
cpe:/a:hp:openview_network_node_manager:6.4::nt_4.x_windows_2000
cpe:/a:hp:openview_network_node_manager:6.4::solaris
cpe:/a:hp:openview_network_node_manager:6.10
cpe:/a:hp:openview_network_node_manager:6.31
cpe:/a:hp:openview_network_node_manager:6.41
CVE-2003-1493
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.247-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
HP
HPSBUX0310-291
BID
8859
XF
openview-nnm-packet-dos(13467)
Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.
cpe:/a:hp:openview_network_node_manager:6.2
cpe:/a:hp:openview_network_node_manager:6.4
CVE-2003-1494
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.297-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
HP
HPSBUX0310-291
BID
8859
XF
openview-nnm-packet-dos(13467)
Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet.
cpe:/a:hp:insight_management_suite:3.5
cpe:/a:hp:insight_management_suite:4.0
cpe:/a:hp:insight_management_suite:5.0
cpe:/a:hp:insight_manager:1.0
cpe:/a:hp:insight_manager:1.6
cpe:/a:hp:remote_diagnostics_enabling_agent
CVE-2003-1495
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.357-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BID
8878
XF
hp-management-gain-privileges(13496)
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
cpe:/o:hp:tru64:4.0f
cpe:/o:hp:tru64:4.0f_pk6_bl17
cpe:/o:hp:tru64:4.0f_pk7_bl18
cpe:/o:hp:tru64:4.0f_pk8_bl22
cpe:/o:hp:tru64:4.0g
cpe:/o:hp:tru64:4.0g_pk3_bl17
cpe:/o:hp:tru64:4.0g_pk4_bl22
cpe:/o:hp:tru64:5.1
cpe:/o:hp:tru64:5.1_pk3_bl17
cpe:/o:hp:tru64:5.1_pk4_bl18
cpe:/o:hp:tru64:5.1_pk5_bl19
cpe:/o:hp:tru64:5.1_pk6_bl20
cpe:/o:hp:tru64:5.1a
cpe:/o:hp:tru64:5.1a_pk1_bl1
cpe:/o:hp:tru64:5.1a_pk2_bl2
cpe:/o:hp:tru64:5.1a_pk3_bl3
cpe:/o:hp:tru64:5.1a_pk4_bl21
cpe:/o:hp:tru64:5.1a_pk5_bl23
cpe:/o:hp:tru64:5.1b
CVE-2003-1496
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.420-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
COMPAQ
SSRT3589
BID
8813
XF
tru64-dtmailpr-gain-privileges(13418)
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
cpe:/h:linksys:befsx41:1.43.3
CVE-2003-1497
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.467-04:00
6.3
NETWORK
MEDIUM
SINGLE_INSTANCE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SREASON
3298
CONFIRM
http://www.linksys.com/download/vertxt/befsx41_1453.txt
BUGTRAQ
20031015 LinkSys EtherFast Router Denial of Service Attack
BID
8834
XF
linksys-etherfast-logpagenum-dos(13436)
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
cpe:/a:wrensoft:zoom_search_engine:2.0_build_1018
CVE-2003-1498
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.530-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20031014 Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
BID
8823
XF
zoom-search-xss(13431)
Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter.
cpe:/a:bytehoard:bytehoard:0.7
CVE-2003-1499
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.577-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20031019 ByteHoard Directory Traversal Vulnerability
FULLDISC
20031019 ByteHoard Directory Traversal Vulnerability
MISC
http://www.securiteam.com/unixfocus/6L00L008KE.html
BID
8850
XF
bytehoard-dotdot-directory-traversal(13456)
Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter.
cpe:/a:cpcommerce:cpcommerce:0.5f
CVE-2003-1500
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.717-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
CONFIRM
http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864
SREASON
3301
MISC
http://www.securiteam.com/unixfocus/6H00E2K8KG.html
BUGTRAQ
20031019 ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce
BID
8851
XF
cpCommerce-functionsphp-file-include(13457)
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.
cpe:/a:gast_arbeiter:gast_arbeiter:1.3
CVE-2003-1501
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.763-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20031020 Gast Arbeiter Privilege Escalation
BID
8858
XF
gast-arbeiter-file-upload(13469)
Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter.
cpe:/a:snert.com:mod_throttle:3.0
CVE-2003-1502
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:06.353-04:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-12-12T15:50:00.000-05:00
FULLDISC
20031015 Mod-Throttle [was: client attacks server - XSS]
BID
8822
mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
cpe:/a:aol:instant_messenger:5.2.3292
CVE-2003-1503
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.827-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
NTBUGTRAQ
20031015 Buffer Overflow in AOL Instant Messager
BID
8825
XF
aim-getfile-screenname-bo(13443)
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
cpe:/a:goldscripts:goldlink:3.0
CVE-2003-1504
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.873-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3302
BUGTRAQ
20031018 Get admin level on Goldlink script v3.0
BID
8847
XF
goldlink-variables-gain-access(13465)
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
cpe:/a:microsoft:ie:6
CVE-2003-1505
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.920-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SREASON
3295
BUGTRAQ
20031022 IE6 CSS-Crash
BID
8874
XF
ie-scrollbarbasecolor-dos(13809)
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
cpe:/a:daniel_barron:dansguardian:3.0
cpe:/a:daniel_barron:dansguardian:3.1_r5
cpe:/a:daniel_barron:dansguardian:3.1_r6
cpe:/a:daniel_barron:dansguardian:3.2
CVE-2003-1506
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:14.983-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3299
BUGTRAQ
20031022 CensorNet: Cross Site Scripting Vulnerability
BUGTRAQ
20031027 Re: CensorNet: Cross Site Scripting Vulnerability
BUGTRAQ
20031027 Re: CensorNet: Cross Site Scripting Vulnerability
BID
8876
XF
censornet-cgi-xss(13507)
Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.
cpe:/h:planet_technology_corp:wgsd-1020
cpe:/h:planet_technology_corp:wsw-2401
CVE-2003-1507
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.030-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SECTRACK
1007924
BUGTRAQ
20031015 Few issues previously unpublished in English
BID
8837
XF
wgsd-default-admin-account(13446)
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
cpe:/a:mirc:mirc:6.12
CVE-2003-1508
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:07.243-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2007-12-14T13:27:00.000-05:00
SREASON
3303
CONFIRM
http://www.irchelp.org/irchelp/mirc/exploit.html
BUGTRAQ
20031023 (Fw) : mIRC 6.12 (latest) DCC Exploit
BID
8880
Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename.
cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774
cpe:/a:realnetworks:realone_player:2.0
cpe:/a:realnetworks:realone_player:6.0.11.818
cpe:/a:realnetworks:realone_player:6.0.11.830
cpe:/a:realnetworks:realone_player:6.0.11.841
cpe:/a:realnetworks:realone_player:6.0.11.853
CVE-2003-1509
2003-12-31T00:00:00.000-05:00
2017-08-16T21:29:00.880-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
CONFIRM
http://service.real.com/help/faq/security/securityupdate_october2003.html
BID
8839
XF
realoneplayer-temporary-script-execution(13445)
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
cpe:/a:rit_research_labs:tinyweb:1.9
CVE-2003-1510
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.123-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
MISC
http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html
BID
8810
XF
tinyweb-httpget-dos(13402)
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
cpe:/a:bajie:java_http_server:0.95
cpe:/a:bajie:java_http_server:0.95:d
cpe:/a:bajie:java_http_server:0.95:zxc
cpe:/a:bajie:java_http_server:0.95:zxe
cpe:/a:bajie:java_http_server:0.95:zxe1
cpe:/a:bajie:java_http_server:0.95:zxv4
CVE-2003-1511
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:07.697-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2007-12-14T13:39:00.000-05:00
SREASON
3306
CONFIRM
http://www.geocities.com/gzhangx/websrv/docs/security.html
BUGTRAQ
20031016 CSS Vulnerability in Bajie HTTP JServer
BID
8841
Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.
cpe:/a:khaled_mardam-bey:mirc:6.1
cpe:/a:khaled_mardam-bey:mirc:6.11
CVE-2003-1512
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:07.867-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2007-12-14T13:42:00.000-05:00
BID
8818
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
cpe:/a:caucho_technology:resin:2.0
cpe:/a:caucho_technology:resin:2.1.1
cpe:/a:caucho_technology:resin:2.1.2
cpe:/a:caucho_technology:resin:2.1.12
CVE-2003-1513
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.187-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
FULLDISC
20031019 Caucho Resin 2.x - Cross Site Scripting
BID
8852
XF
resin-name-comment-xss(13460)
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.
cpe:/a:emule:emule:0.29c
CVE-2003-1514
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.233-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SREASON
3294
BUGTRAQ
20031019 eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)
BID
8854
XF
emule-long-password-dos(13464)
eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow.
cpe:/h:origo:asr-8100:adsl_router_3.21
cpe:/h:origo:asr-8400:adsl_router
CVE-2003-1515
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.280-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SREASON
3300
BUGTRAQ
20031012 Origo ASR-8100 ADSL router remote factory reset
BID
8855
XF
origo-default-settings-restore(13463)
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.
cpe:/a:sun:java_plug-in:1.4.2_01
CVE-2003-1516
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:08.460-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-12-14T15:14:00.000-05:00
BUGTRAQ
20031020 Cross Site Java applets
BID
8857
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
cpe:/a:dansie:shopping_cart
CVE-2003-1517
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.327-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
MISC
http://www.securiteam.com/securitynews/6T00T008KG.html
BID
8860
XF
dansie-cartpl-path-disclosure(13461)
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
cpe:/a:adiscon:winsyslog:4.21_sp1
cpe:/a:adiscon:winsyslog:5.0_beta
CVE-2003-1518
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.373-04:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
CONFIRM
http://www.adiscon.com/Common/en/advisory/2003-09-15.asp
MISC
http://www.securiteam.com/windowsntfocus/6L00F158KE.html
BID
8821
XF
winsyslog-long-syslog-dos(13428)
Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.
cpe:/a:vivisimo:clustering_engine:0
CVE-2003-1519
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.420-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1007955
BID
8862
XF
vÃvÃsimo-clustering-engine-xss(13452)
Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.
cpe:/a:fuzzymonkey:myclassifieds:2.11
CVE-2003-1520
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:09.087-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2007-12-14T16:09:00.000-05:00
SREASON
3293
BUGTRAQ
20031021 SQL Injection Vulnerability in FuzzyMonkey MyClassifieds SQL Version
BID
8863
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
cpe:/a:sun:java_plug-in:1.4
cpe:/a:sun:java_plug-in:1.4.2
cpe:/a:sun:java_plug-in:1.4.2_01
cpe:/a:sun:java_plug-in:1.4.2_02
CVE-2003-1521
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:09.243-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
2007-12-17T18:12:00.000-05:00
BUGTRAQ
20031021 IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
BID
8867
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
cpe:/a:pscs:vpop3_web_mail_server:2.0e
cpe:/a:pscs:vpop3_web_mail_server:2.0f
CVE-2003-1522
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.483-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
CONFIRM
http://www.pscs.co.uk/products/vpop3/whatsnew.html
MISC
http://www.securiteam.com/windowsntfocus/6S00S008KW.html
BID
8869
XF
vpop3-login-xss(13459)
Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page.
cpe:/a:dbmail:dbmail:1.0
cpe:/a:dbmail:dbmail:1.1
CVE-2003-1523
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.530-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BID
8829
XF
dbmail-multiple-sql-injection(13416)
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
cpe:/a:pgpi:pgpdisk:6.0.2i
CVE-2003-1524
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.577-04:00
6.3
LOCAL
MEDIUM
NONE
COMPLETE
COMPLETE
NONE
http://nvd.nist.gov
MISC
http://www.securiteam.com/windowsntfocus/6M00L0K8KI.html
BID
8870
XF
pgpdisk-obtain-information(13490)
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
cpe:/a:my_photo_gallery:my_photo_gallery:3.5
CVE-2003-1525
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.623-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
BID
8872
XF
myphotogallery-unknown-vulnerabilities(13498)
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
cpe:/a:francisco_burzi:php-nuke:7.0
CVE-2003-1526
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:10.007-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2007-12-18T11:39:00.000-05:00
BUGTRAQ
20031018 PHP-Nuke Path Disclosure Vulnerability
BID
8848
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
cpe:/a:ibm:internet_security_systems_blackice_defender:2.9cap
cpe:/a:iss:blackice_server_protection:3.5.cdf
CVE-2003-1527
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:10.163-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2007-12-18T12:40:00.000-05:00
BUGTRAQ
20021008 Multiple Vendor PC firewall remote denial of services Vulnerability
XF
firewall-autoblock-spoofing-dos(10314)
BID
5917
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
cpe:/a:fujitsu:siemens_networker:6.0
CVE-2003-1528
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:49.920-04:00
7.2
LOCAL
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
SREASON
3353
BUGTRAQ
20040119 Networker 6.0 - possible symlink attack
BID
9446
SECTRACK
1008801
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.
cpe:/a:seagull_software_systems:j_walk_application_server:3.2c9
CVE-2003-1529
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.670-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030325 IRM 005: JWalk Application Server Version 3.2c9 Directory Traversal Vulnerability
BID
7160
SECTRACK
1006378
XF
jwalk-dotdot-directory-traversal(11623)
Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.
cpe:/a:phpbb:phpbb:2.0.3
CVE-2003-1530
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:50.187-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_USER_ACCESS
BUGTRAQ
20030116 phpBB SQL Injection vulnerability
BUGTRAQ
20030117 phpBB SQL Injection vulnerability
BID
6634
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
cpe:/a:lilikoi:ceilidh:2.70
CVE-2003-1531
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.733-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe
BID
7214
SECTRACK
1006391
XF
ceilidh-textcgi-xss(11638)
Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
cpe:/a:julien_desaunay:phpmyshop:1.00
CVE-2003-1532
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:50.483-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3348
BUGTRAQ
20030203 phpMyShop (php)
BID
6746
SECTRACK
1006030
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
cpe:/a:phppass:phppass:2
CVE-2003-1533
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:50.780-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
SREASON
3349
BUGTRAQ
20030113 phpPass (PHP)
BID
6594
SECTRACK
1005948
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
cpe:/a:justice_media:guestbook:1.3
CVE-2003-1534
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:51.030-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3347
BUGTRAQ
20030329 Justice Guestbook 1.3 vulnerabilities
BID
7233
SECTRACK
1006412
Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables.
cpe:/a:justice_media:guestbook:1.3
CVE-2003-1535
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:51.327-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3347
BUGTRAQ
20030329 Justice Guestbook 1.3 vulnerabilities
BID
7234
SECTRACK
1006412
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
cpe:/a:dcp-portal:dcp-portal:5.3.1
CVE-2003-1536
2003-12-31T00:00:00.000-05:00
2017-07-28T21:29:15.797-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030318 Some XSS vulns
BID
7141
BID
7144
XF
dcpportal-search-calendar-xss(11602)
Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php.
cpe:/a:postnuke_software_foundation:postnuke:0.723
CVE-2003-1537
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:11.650-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2007-12-18T14:40:00.000-05:00
VULNWATCH
20030309 Postnuke v 0.723 SQL injection and directory traversing
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
cpe:/a:suse:suse_linux_openexchange_server:4.0
cpe:/o:suse:office_server
cpe:/o:suse:suse_linux:8::enterprise_server
cpe:/o:suse:suse_linux:8.1
CVE-2003-1538
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:11.807-04:00
6.4
NETWORK
LOW
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
2007-12-21T11:55:00.000-05:00
SUSE
SUSE-SA:2003:005
SECTRACK
1005954
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.
cpe:/a:onedotoh:simple_file_manager:0.19
CVE-2003-1539
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:11.960-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2008-01-10T13:23:00.000-05:00
CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=144274
CONFIRM
http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842
BID
7035
Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.
cpe:/a:wfchat:wfchat:1.0:beta
CVE-2003-1540
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:51.640-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3645
SECTRACK
1006352
BUGTRAQ
20030319 WF-Chat
BID
7147
XF
wf-chat-plaintext-passwords(11571)
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.
cpe:/a:planetmoon:guestbook:tr3.a.1
CVE-2003-1541
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:52.107-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3653
BUGTRAQ
20030321 Guestbook tr3.a
BID
7167
SECTRACK
1006360
XF
guestbooktr3a-plaintext-password-disclosure(11609)
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
cpe:/a:ondrej_jombik:phpwebfilemanager:0.4
CVE-2003-1542
2003-12-31T00:00:00.000-05:00
2008-09-05T16:37:12.400-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2008-02-14T14:25:00.000-05:00
CONFIRM
http://platon.sk/projects/release_view_page.php?release_id=2
BID
6933
Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter.
cpe:/a:bajie:java_http_server:0.95:zxc
cpe:/a:bajie:java_http_server:0.95:zxe
CVE-2003-1543
2003-12-31T00:00:00.000-05:00
2017-08-07T21:29:00.397-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SECTRACK
1006428
MISC
http://www.geocities.com/gzhangx/websrv/docs/security.html
MISC
http://www.lucaercoli.it/advs/bajie.txt
MISC
http://www.securiteam.com/securitynews/5LP10009FC.html
BID
7344
XF
bajie-error-message-xss(11687)
Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message.
cpe:/o:microsoft:windows_2000::sp3:adv_srv
cpe:/o:microsoft:windows_2000::sp3:srv
CVE-2003-1544
2003-12-31T00:00:00.000-05:00
2017-08-07T21:29:00.460-04:00
6.8
NETWORK
LOW
SINGLE_INSTANCE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SREASON
3654
MSKB
815225
BUGTRAQ
20030123 DoS attack on Windows 2000 Terminal Server
BUGTRAQ
20030124 RE: DoS attack on Windows 2000 Terminal Server
BID
6672
SECTRACK
1005986
XF
win2k-terminal-msgina-dos(11141)
XF
win2k-terminal-msgina-permissions(11816)
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
cpe:/a:nukestyles:viewpage
cpe:/a:phpnuke:nukestyles_viewpage_module
CVE-2003-1545
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:52.530-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030325 PHPNuke viewpage.php allows Remote File retrieving
BUGTRAQ
20030325 Re: PHPNuke viewpage.php allows Remote File retrieving
BUGTRAQ
20030325 Re: PHPNuke viewpage.php and another SQL injections
BUGTRAQ
20030325 Re: PHPNuke viewpage.php allows Remote File retrieving
BUGTRAQ
20030326 Re: PHPNuke viewpage.php allows Remote File retrieving
BUGTRAQ
20030325 Re: PHPNuke viewpage.php allows Remote File retrieving
BUGTRAQ
20030327 Re: PHPNuke viewpage.php allows Remote File retrieving
BID
7191
SECTRACK
1006377
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
cpe:/a:filebased:guestbook:1.1.3
CVE-2003-1546
2003-12-31T00:00:00.000-05:00
2017-08-07T21:29:00.507-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030314 Guestbook v1.1.3 CSS Vuln
BID
7104
SECTRACK
1006289
XF
filebased-guestbook-gbook-xss(11540)
Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section.
cpe:/a:francisco_burzi:php-nuke:6.5
cpe:/a:francisco_burzi:php-nuke:6.5_beta1
cpe:/a:francisco_burzi:php-nuke:6.5_rc1
cpe:/a:francisco_burzi:php-nuke:6.5_rc2
cpe:/a:francisco_burzi:php-nuke:6.5_rc3
CVE-2003-1547
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:53.390-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3718
BUGTRAQ
20030331 PHP-Nuke block-Forums.php subject vulnerabilities
BUGTRAQ
20030401 Re: PHP-Nuke block-Forums.php subject vulnerabilities
BID
7248
XF
phpnuke-blockforums-subject-xss(11675)
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
cpe:/a:myabracadaweb:myabracadaweb:1.0.2
CVE-2003-1548
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:53.857-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3717
BUGTRAQ
20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb
BID
7126
SECTRACK
1006308
XF
myabracadaweb-index-path-disclosure(11556)
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message.
cpe:/a:myabracadaweb:myabracadaweb:1.0.2
CVE-2003-1549
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:54.233-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3717
BUGTRAQ
20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb
BID
7127
SECTRACK
1006308
XF
myabracadaweb-index-makw-xss(11557)
Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter.
cpe:/a:xoops:xoops:2.0
CVE-2003-1550
2003-12-31T00:00:00.000-05:00
2017-08-07T21:29:00.773-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
BUGTRAQ
20030320 [SCSA-011] Path Disclosure Vulnerability in XOOPS
BUGTRAQ
20030328 Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS
BID
7149
XF
xoops-xoopsoption-path-disclosure(11587)
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
cpe:/a:novell:groupwise:6.0_sp3:revision_e
CVE-2003-1551
2003-12-31T00:00:00.000-05:00
2017-08-07T21:29:00.820-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BID
6896
SECTRACK
1006171
XF
groupwise-script-execution(11394)
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
cpe:/a:graeme:uploader:1.1
CVE-2003-1552
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:54.657-04:00
6.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
BUGTRAQ
20030304 uploader.php vulnerability
BUGTRAQ
20030304 uploader.php script
XF
uploader-uploads-file-upload(11467)
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
cpe:/a:sips:sips:0.2.2
CVE-2003-1553
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:54.920-04:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3780
BUGTRAQ
20030318 SIPS (PHP)
BID
7134
XF
sips-user-obtain-information(11572)
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.
cpe:/a:scoznet:scozbook:1.1_beta
CVE-2003-1554
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:55.233-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3781
BUGTRAQ
20030329 ScozBook BETA 1.1 vulnerabilities
BID
7235
SECTRACK
1006413
XF
scozbook-add-xss(11658)
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.
cpe:/a:scoznet:scozbook:1.1_beta
CVE-2003-1555
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:55.640-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3781
BUGTRAQ
20030329 ScozBook BETA 1.1 vulnerabilities
BID
7236
SECTRACK
1006413
XF
scozbook-view-path-disclosure(11659)
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
cpe:/a:cgi_city:cc_guestbook
CVE-2003-1556
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:56.047-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SREASON
3796
BUGTRAQ
20030329 CGI-City's CCGuestBook Script Injection Vulns
BID
7237
Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters.
cpe:/a:spamassassin:spamassassin:2.40
cpe:/a:spamassassin:spamassassin:2.41
cpe:/a:spamassassin:spamassassin:2.42
cpe:/a:spamassassin:spamassassin:2.43
CVE-2003-1557
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:56.233-04:00
7.6
NETWORK
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
BUGTRAQ
20030123 SpamAssassin / spamc+BSMTP remote buffer overflow
GENTOO
GLSA-200302-01
BUGTRAQ
20030204 Re: GLSA: Mail-SpamAssasin
BID
6679
XF
spamassassin-spamc-offbyone-bo(11154)
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
cpe:/a:fefe:fnord:1.6
CVE-2003-1558
2003-12-31T00:00:00.000-05:00
2018-10-19T11:29:56.703-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
CONFIRM
http://www.fefe.de/fnord/
BUGTRAQ
20030117 GLSA: fnord
BID
6635
XF
fnord-httpdc-cgi-bo(11121)
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.
cpe:/a:microsoft:ie:5.5
cpe:/a:microsoft:ie:5.22
cpe:/a:microsoft:ie:6
cpe:/a:microsoft:ie:6:sp1
CVE-2003-1559
2003-12-31T00:00:00.000-05:00
2009-01-29T00:28:34.390-05:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
3989
MISC
http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
BUGTRAQ
20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
BUGTRAQ
20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
BID
9295
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
cpe:/a:netscape:navigator:4
CVE-2003-1560
2003-12-31T00:00:00.000-05:00
2009-01-29T00:28:34.530-05:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
4004
BUGTRAQ
20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
cpe:/a:opera:opera
CVE-2003-1561
2003-12-31T00:00:00.000-05:00
2009-01-29T00:28:34.717-05:00
4.3
NETWORK
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SREASON
4004
BUGTRAQ
20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
cpe:/a:openbsd:openssh:1.2
cpe:/a:openbsd:openssh:1.2.1
cpe:/a:openbsd:openssh:1.2.2
cpe:/a:openbsd:openssh:1.2.3
cpe:/a:openbsd:openssh:1.2.27
cpe:/a:openbsd:openssh:1.3
cpe:/a:openbsd:openssh:1.5
cpe:/a:openbsd:openssh:1.5.7
cpe:/a:openbsd:openssh:1.5.8
cpe:/a:openbsd:openssh:2
cpe:/a:openbsd:openssh:2.1
cpe:/a:openbsd:openssh:2.1.1
cpe:/a:openbsd:openssh:2.2
cpe:/a:openbsd:openssh:2.3
cpe:/a:openbsd:openssh:2.3.1
cpe:/a:openbsd:openssh:2.5
cpe:/a:openbsd:openssh:2.5.1
cpe:/a:openbsd:openssh:2.5.2
cpe:/a:openbsd:openssh:2.9
cpe:/a:openbsd:openssh:2.9.9
cpe:/a:openbsd:openssh:2.9.9p2
cpe:/a:openbsd:openssh:2.9p1
cpe:/a:openbsd:openssh:2.9p2
cpe:/a:openbsd:openssh:3.0
cpe:/a:openbsd:openssh:3.0.1
cpe:/a:openbsd:openssh:3.0.1p1
cpe:/a:openbsd:openssh:3.0.2
cpe:/a:openbsd:openssh:3.0.2p1
cpe:/a:openbsd:openssh:3.0p1
cpe:/a:openbsd:openssh:3.1
cpe:/a:openbsd:openssh:3.1p1
cpe:/a:openbsd:openssh:3.2
cpe:/a:openbsd:openssh:3.2.2
cpe:/a:openbsd:openssh:3.2.2p1
cpe:/a:openbsd:openssh:3.2.3p1
cpe:/a:openbsd:openssh:3.3
cpe:/a:openbsd:openssh:3.3p1
cpe:/a:openbsd:openssh:3.4
cpe:/a:openbsd:openssh:3.4p1
cpe:/a:openbsd:openssh:3.5
cpe:/a:openbsd:openssh:3.5p1
cpe:/a:openbsd:openssh:3.6
cpe:/a:openbsd:openssh:3.6.1
cpe:/a:openbsd:openssh:3.6.1p1
cpe:/a:openbsd:openssh:3.6.1p2
CVE-2003-1562
2003-12-31T00:00:00.000-05:00
2008-09-05T00:00:00.000-04:00
7.6
NETWORK
HIGH
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2008-08-04T14:32:00.000-04:00
ALLOWS_ADMIN_ACCESS
CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747
BUGTRAQ
20030501 Re: OpenSSH/PAM timing attack allows remote users identification
BUGTRAQ
20030501 Re: OpenSSH/PAM timing attack allows remote users identification
BUGTRAQ
20030505 Re: OpenSSH/PAM timing attack allows remote users identification
BID
7482
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
cpe:/a:sun:cluster:2.2::sparc
cpe:/a:sun:cluster:3.0::sparc
cpe:/a:sun:cluster:3.1::sparc
cpe:/a:sun:cluster:3.2::sparc
CVE-2003-1563
2003-12-31T00:00:00.000-05:00
2018-10-30T12:25:15.027-04:00
4.0
LOCAL
HIGH
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SUNALERT
101393
SUNALERT
200810
AUSCERT
ESB-2003.0843
BID
9137
Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.
cpe:/a:xmlsoft:libxml2:1.7.0
cpe:/a:xmlsoft:libxml2:1.7.1
cpe:/a:xmlsoft:libxml2:1.7.2
cpe:/a:xmlsoft:libxml2:1.7.3
cpe:/a:xmlsoft:libxml2:1.7.4
cpe:/a:xmlsoft:libxml2:1.8.0
cpe:/a:xmlsoft:libxml2:1.8.1
cpe:/a:xmlsoft:libxml2:1.8.2
cpe:/a:xmlsoft:libxml2:1.8.3
cpe:/a:xmlsoft:libxml2:1.8.4
cpe:/a:xmlsoft:libxml2:1.8.5
cpe:/a:xmlsoft:libxml2:1.8.6
cpe:/a:xmlsoft:libxml2:1.8.7
cpe:/a:xmlsoft:libxml2:1.8.9
cpe:/a:xmlsoft:libxml2:1.8.10
cpe:/a:xmlsoft:libxml2:1.8.13
cpe:/a:xmlsoft:libxml2:1.8.14
cpe:/a:xmlsoft:libxml2:1.8.16
cpe:/a:xmlsoft:libxml2:2.0.0
cpe:/a:xmlsoft:libxml2:2.1.0
cpe:/a:xmlsoft:libxml2:2.1.1
cpe:/a:xmlsoft:libxml2:2.2.0
cpe:/a:xmlsoft:libxml2:2.2.0:beta
cpe:/a:xmlsoft:libxml2:2.2.1
cpe:/a:xmlsoft:libxml2:2.2.2
cpe:/a:xmlsoft:libxml2:2.2.3
cpe:/a:xmlsoft:libxml2:2.2.4
cpe:/a:xmlsoft:libxml2:2.2.5
cpe:/a:xmlsoft:libxml2:2.2.6
cpe:/a:xmlsoft:libxml2:2.2.7
cpe:/a:xmlsoft:libxml2:2.2.8
cpe:/a:xmlsoft:libxml2:2.2.9
cpe:/a:xmlsoft:libxml2:2.2.10
cpe:/a:xmlsoft:libxml2:2.2.11
cpe:/a:xmlsoft:libxml2:2.3.0
cpe:/a:xmlsoft:libxml2:2.3.1
cpe:/a:xmlsoft:libxml2:2.3.2
cpe:/a:xmlsoft:libxml2:2.3.3
cpe:/a:xmlsoft:libxml2:2.3.4
cpe:/a:xmlsoft:libxml2:2.3.5
cpe:/a:xmlsoft:libxml2:2.3.6
cpe:/a:xmlsoft:libxml2:2.3.7
cpe:/a:xmlsoft:libxml2:2.3.8
cpe:/a:xmlsoft:libxml2:2.3.9
cpe:/a:xmlsoft:libxml2:2.3.10
cpe:/a:xmlsoft:libxml2:2.3.11
cpe:/a:xmlsoft:libxml2:2.3.12
cpe:/a:xmlsoft:libxml2:2.3.13
cpe:/a:xmlsoft:libxml2:2.3.14
cpe:/a:xmlsoft:libxml2:2.4.1
cpe:/a:xmlsoft:libxml2:2.4.2
cpe:/a:xmlsoft:libxml2:2.4.3
cpe:/a:xmlsoft:libxml2:2.4.4
cpe:/a:xmlsoft:libxml2:2.4.5
cpe:/a:xmlsoft:libxml2:2.4.6
cpe:/a:xmlsoft:libxml2:2.4.7
cpe:/a:xmlsoft:libxml2:2.4.8
cpe:/a:xmlsoft:libxml2:2.4.9
cpe:/a:xmlsoft:libxml2:2.4.10
cpe:/a:xmlsoft:libxml2:2.4.11
cpe:/a:xmlsoft:libxml2:2.4.12
cpe:/a:xmlsoft:libxml2:2.4.13
cpe:/a:xmlsoft:libxml2:2.4.14
cpe:/a:xmlsoft:libxml2:2.4.15
cpe:/a:xmlsoft:libxml2:2.4.16
cpe:/a:xmlsoft:libxml2:2.4.17
cpe:/a:xmlsoft:libxml2:2.4.18
cpe:/a:xmlsoft:libxml2:2.4.19
cpe:/a:xmlsoft:libxml2:2.4.20
cpe:/a:xmlsoft:libxml2:2.4.21
cpe:/a:xmlsoft:libxml2:2.4.22
cpe:/a:xmlsoft:libxml2:2.4.23
cpe:/a:xmlsoft:libxml2:2.4.24
cpe:/a:xmlsoft:libxml2:2.4.25
cpe:/a:xmlsoft:libxml2:2.4.26
cpe:/a:xmlsoft:libxml2:2.4.27
cpe:/a:xmlsoft:libxml2:2.4.28
cpe:/a:xmlsoft:libxml2:2.4.29
cpe:/a:xmlsoft:libxml2:2.4.30
cpe:/a:xmlsoft:libxml2:2.5.0
CVE-2003-1564
2003-12-31T00:00:00.000-05:00
2008-10-24T00:30:02.847-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
ALLOWS_ADMIN_ACCESS
MLIST
[xml] 20080820 Security fix for libxml2
MISC
http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2
REDHAT
RHSA-2008:0886
MLIST
[xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services
MISC
http://xmlsoft.org/news.html
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
CVE-2003-1565
2003-08-27T00:00:00.000-04:00
2008-09-10T15:24:42.507-04:00
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1565. Reason: This candidate is a duplicate of CVE-2002-1565. Notes: All CVE users should reference CVE-2002-1565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
cpe:/a:microsoft:internet_information_services:5.0
CVE-2003-1566
2009-01-14T19:30:00.233-05:00
2017-08-07T21:29:01.210-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
NTBUGTRAQ
20031227 AQ-2003-02: Microsoft IIS Logging Failure
MISC
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
BID
9313
XF
iis-improper-httptrack-logging(14077)
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.
cpe:/a:microsoft:internet_information_services:5.0
CVE-2003-1567
2009-01-14T19:30:00.250-05:00
2009-01-16T00:00:00.000-05:00
5.8
NETWORK
MEDIUM
NONE
PARTIAL
PARTIAL
NONE
http://nvd.nist.gov
2009-01-15T10:26:00.000-05:00
NTBUGTRAQ
20031227 AQ-2003-02: Microsoft IIS Logging Failure
MISC
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
CERT-VN
VU#288308
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
cpe:/a:goahead:goahead_webserver:2.0
cpe:/a:goahead:goahead_webserver:2.1
cpe:/a:goahead:goahead_webserver:2.1.1
cpe:/a:goahead:goahead_webserver:2.1.2
cpe:/a:goahead_software:goahead_webserver:2.1.3
cpe:/a:goahead_software:goahead_webserver:2.1.4
cpe:/a:goahead_software:goahead_webserver:2.1.5
CVE-2003-1568
2009-02-06T14:30:00.390-05:00
2009-02-09T00:00:00.000-05:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2009-02-09T09:12:00.000-05:00
CONFIRM
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
cpe:/a:goahead:goahead_webserver:2.0
cpe:/a:goahead:goahead_webserver:2.1
cpe:/a:goahead:goahead_webserver:2.1.1
cpe:/a:goahead:goahead_webserver:2.1.2
cpe:/a:goahead:goahead_webserver:2.1.3
cpe:/a:goahead:goahead_webserver:2.1.4
CVE-2003-1569
2009-02-06T14:30:00.407-05:00
2009-02-09T00:00:00.000-05:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2009-02-09T09:21:00.000-05:00
CONFIRM
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
cpe:/a:ibm:tivoli_storage_manager:5.1.0
cpe:/a:ibm:tivoli_storage_manager:5.1.1
cpe:/a:ibm:tivoli_storage_manager:5.1.5
cpe:/a:ibm:tivoli_storage_manager:5.1.6
cpe:/a:ibm:tivoli_storage_manager:5.1.7
cpe:/a:ibm:tivoli_storage_manager:5.1.8
cpe:/a:ibm:tivoli_storage_manager:5.1.9
cpe:/a:ibm:tivoli_storage_manager:5.1.10
cpe:/a:ibm:tivoli_storage_manager:5.2.0
cpe:/a:ibm:tivoli_storage_manager:5.2.1
cpe:/a:ibm:tivoli_storage_manager:6.0
CVE-2003-1570
2009-03-31T14:24:44.563-04:00
2017-08-16T21:29:00.943-04:00
3.5
NETWORK
MEDIUM
SINGLE_INSTANCE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SECTRACK
1021947
BID
34285
VUPEN
ADV-2009-0881
CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21375360
AIXAPAR
IC37554
XF
tsm-consolemode-info-disclosure(49536)
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
cpe:/a:webwizguide:web_wiz_guestbook:6.0
cpe:/a:webwizguide:web_wiz_guestbook:8.21
CVE-2003-1571
2009-04-02T11:30:00.233-04:00
2017-10-10T21:29:19.513-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
MISC
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863
EXPLOIT-DB
7488
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
cpe:/a:sun:jmf:2.1.1
cpe:/a:sun:jmf:2.1.1a
cpe:/a:sun:jmf:2.1.1b
cpe:/a:sun:jmf:2.1.1c
CVE-2003-1572
2009-06-01T18:30:00.187-04:00
2009-06-02T00:00:00.000-04:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2009-06-02T09:19:00.000-04:00
BUGTRAQ
20030625 Privilege escalation applet, Java Media Framework
SECTRACK
1006777
MISC
http://www.illegalaccess.org/java/jmf.php
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
cpe:/a:sun:j2ee:1.4
CVE-2003-1573
2009-06-01T18:30:00.203-04:00
2017-08-16T21:29:01.050-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
BUGTRAQ
20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB
FULLDISC
20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB
BUGTRAQ
20031216 J2EE 1.4 reference implementation: database component allows remote code execution
SECTRACK
1008491
BID
9230
XF
j2ee-pointbase-sql-injection(14008)
XF
pointbase-insecure-permissions-dos(14881)
XF
pointbase-information-disclosure(14882)
XF
pointbase-command-execution(14883)
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
cpe:/a:tiki:tikiwiki_cms%2fgroupware:1.6.1
CVE-2003-1574
2009-08-24T06:30:01.233-04:00
2017-08-16T21:29:01.130-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
ALLOWS_OTHER_ACCESS
CONFIRM
http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846
BID
14170
XF
tikiwiki-username-security-byass(40347)
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
cpe:/a:symantec:vxfs:3.3.3
cpe:/a:symantec:vxfs:3.4
cpe:/a:symantec:vxfs:3.5
CVE-2003-1575
2010-01-28T15:30:00.823-05:00
2010-01-31T00:00:00.000-05:00
4.6
LOCAL
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2010-01-29T09:15:00.000-05:00
CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1
SUNALERT
200161
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
cpe:/a:sun:change_manager:1.0
CVE-2003-1576
2010-01-28T15:30:00.853-05:00
2010-01-31T00:00:00.000-05:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2010-01-29T09:43:00.000-05:00
ALLOWS_ADMIN_ACCESS
CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1
SUNALERT
201231
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
cpe:/a:sun:one_web_server:4.1
cpe:/a:sun:one_web_server:4.1:sp1
cpe:/a:sun:one_web_server:4.1:sp10
cpe:/a:sun:one_web_server:4.1:sp11
cpe:/a:sun:one_web_server:4.1:sp12
cpe:/a:sun:one_web_server:4.1:sp2
cpe:/a:sun:one_web_server:4.1:sp3
cpe:/a:sun:one_web_server:4.1:sp4
cpe:/a:sun:one_web_server:4.1:sp5
cpe:/a:sun:one_web_server:4.1:sp6
cpe:/a:sun:one_web_server:4.1:sp7
cpe:/a:sun:one_web_server:4.1:sp8
cpe:/a:sun:one_web_server:4.1:sp9
cpe:/a:sun:one_web_server:6.0
cpe:/a:sun:one_web_server:6.0:sp1
cpe:/a:sun:one_web_server:6.0:sp2
cpe:/a:sun:one_web_server:6.0:sp3
cpe:/a:sun:one_web_server:6.0:sp4
cpe:/a:sun:one_web_server:6.0:sp5
CVE-2003-1577
2010-02-05T17:30:01.563-05:00
2017-08-16T21:29:01.193-04:00
2.6
NETWORK
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SUNALERT
201453
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
XF
sunone-iplanetlog-xss(56632)
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
cpe:/a:sun:one_web_server:4.1
cpe:/a:sun:one_web_server:4.1:sp1
cpe:/a:sun:one_web_server:4.1:sp10
cpe:/a:sun:one_web_server:4.1:sp11
cpe:/a:sun:one_web_server:4.1:sp12
cpe:/a:sun:one_web_server:4.1:sp2
cpe:/a:sun:one_web_server:4.1:sp3
cpe:/a:sun:one_web_server:4.1:sp4
cpe:/a:sun:one_web_server:4.1:sp5
cpe:/a:sun:one_web_server:4.1:sp6
cpe:/a:sun:one_web_server:4.1:sp7
cpe:/a:sun:one_web_server:4.1:sp8
cpe:/a:sun:one_web_server:4.1:sp9
cpe:/a:sun:one_web_server:6.0
cpe:/a:sun:one_web_server:6.0:sp1
cpe:/a:sun:one_web_server:6.0:sp2
cpe:/a:sun:one_web_server:6.0:sp3
cpe:/a:sun:one_web_server:6.0:sp4
cpe:/a:sun:one_web_server:6.0:sp5
CVE-2003-1578
2010-02-05T17:30:01.657-05:00
2017-08-16T21:29:01.237-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
SUNALERT
201453
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
BID
7012
XF
iplanet-logpreview-security-bypass(56633)
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:sun:one_web_server:6.0
CVE-2003-1579
2010-02-05T17:30:02.000-05:00
2010-02-08T09:55:37.877-05:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2010-02-08T09:49:00.000-05:00
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:apache:http_server:2.0.44
CVE-2003-1580
2010-02-05T17:30:02.030-05:00
2010-02-08T00:00:00.000-05:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2010-02-08T09:52:00.000-05:00
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:apache:http_server:2.0.44
CVE-2003-1581
2010-02-05T17:30:02.063-05:00
2010-02-08T00:00:00.000-05:00
2.6
NETWORK
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2010-02-08T09:54:00.000-05:00
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:microsoft:internet_information_server:6.0
CVE-2003-1582
2010-02-05T17:30:02.077-05:00
2019-07-03T13:25:47.480-04:00
2.6
NETWORK
HIGH
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2010-02-08T09:56:00.000-05:00
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:webtrends:webtrends_log_analyzer
CVE-2003-1583
2010-02-05T17:30:02.110-05:00
2017-08-16T21:29:01.287-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
XF
webtrends-domain-name-xss(56650)
Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:surfstats:surfstats
CVE-2003-1584
2010-02-05T17:30:02.140-05:00
2017-08-16T21:29:01.380-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
XF
surfstats-domain-name-xss(56649)
Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:alentum:weblog_expert
CVE-2003-1585
2010-02-05T17:30:02.170-05:00
2017-08-16T21:29:01.443-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
XF
weblogexpert-domain-name-xss(56647)
Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
cpe:/a:iplanet:webexpert
CVE-2003-1586
2010-02-05T17:30:02.203-05:00
2017-08-16T21:29:01.503-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
XF
webexpert-useragent-xss(56646)
Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
cpe:/a:iplanet:loganpro
CVE-2003-1587
2010-02-05T17:30:02.233-05:00
2017-08-16T21:29:01.550-04:00
5.0
NETWORK
LOW
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
BUGTRAQ
20030304 Log corruption on multiple webservers, log analyzers,...
XF
loganpro-useragent-xss(56645)
Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
cpe:/a:sun:cluster:2.2::sparc
CVE-2003-1588
2010-02-08T15:30:00.593-05:00
2017-08-16T21:29:01.597-04:00
1.9
LOCAL
MEDIUM
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
SUNALERT
201460
XF
suncluster-haoracle-information-disclosure(56617)
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
cpe:/a:sun:one_web_server:4.1
cpe:/a:sun:one_web_server:4.1:sp1
cpe:/a:sun:one_web_server:4.1:sp10
cpe:/a:sun:one_web_server:4.1:sp11
cpe:/a:sun:one_web_server:4.1:sp12
cpe:/a:sun:one_web_server:4.1:sp2
cpe:/a:sun:one_web_server:4.1:sp3
cpe:/a:sun:one_web_server:4.1:sp4
cpe:/a:sun:one_web_server:4.1:sp5
cpe:/a:sun:one_web_server:4.1:sp6
cpe:/a:sun:one_web_server:4.1:sp7
cpe:/a:sun:one_web_server:4.1:sp8
cpe:/a:sun:one_web_server:4.1:sp9
cpe:/a:sun:one_web_server:6.0
cpe:/a:sun:one_web_server:6.0:sp1
cpe:/a:sun:one_web_server:6.0:sp2
cpe:/a:sun:one_web_server:6.0:sp3
cpe:/a:sun:one_web_server:6.0:sp4
cpe:/a:sun:one_web_server:6.0:sp5
CVE-2003-1589
2010-02-25T14:30:00.327-05:00
2017-08-16T21:29:01.660-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
201454
XF
iplanet-unspecified-dos(56616)
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.
cpe:/a:sun:one_web_server:6.0:sp3
cpe:/a:sun:one_web_server:6.0:sp4
cpe:/a:sun:one_web_server:6.0:sp5
CVE-2003-1590
2010-02-25T14:30:00.360-05:00
2017-08-16T21:29:01.723-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
SUNALERT
201451
XF
sunone-unspecified-dos(56615)
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.
cpe:/o:novell:netware:6.0
cpe:/o:novell:netware:6.0:sp1
cpe:/o:novell:netware:6.0:sp2
cpe:/o:novell:netware:6.0:sp3
cpe:/o:novell:netware:6.5
CVE-2003-1591
2010-04-05T11:30:00.640-04:00
2010-06-08T00:00:00.000-04:00
4.3
NETWORK
MEDIUM
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2010-04-05T16:22:00.000-04:00
CONFIRM
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload.
cpe:/a:novell:netware_ftp_server
cpe:/o:novell:netware:6.0
cpe:/o:novell:netware:6.0:sp1
cpe:/o:novell:netware:6.0:sp2
cpe:/o:novell:netware:6.0:sp3
cpe:/o:novell:netware:6.5
CVE-2003-1592
2010-04-05T11:30:00.670-04:00
2010-04-06T00:00:00.000-04:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2010-04-06T08:25:00.000-04:00
CONFIRM
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password.
cpe:/a:novell:netware_ftp_server
cpe:/o:novell:netware:6.0
cpe:/o:novell:netware:6.0:sp1
cpe:/o:novell:netware:6.0:sp2
cpe:/o:novell:netware:6.0:sp3
cpe:/o:novell:netware:6.5
CVE-2003-1593
2010-04-05T11:30:00.703-04:00
2010-04-06T00:00:00.000-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2010-04-06T08:42:00.000-04:00
CONFIRM
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.
cpe:/a:novell:netware_ftp_server
cpe:/o:novell:netware:6.5
CVE-2003-1594
2010-04-05T11:30:00.717-04:00
2010-04-06T00:00:00.000-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2010-04-06T08:53:00.000-04:00
CONFIRM
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.
cpe:/a:novell:netware_ftp_server
cpe:/o:novell:netware:6.5
CVE-2003-1595
2010-04-05T11:30:00.750-04:00
2010-04-06T00:00:00.000-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2010-04-06T09:04:00.000-04:00
CONFIRM
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.
cpe:/a:novell:netware_ftp_server:5.01i
cpe:/a:novell:netware_ftp_server:5.01o
cpe:/a:novell:netware_ftp_server:5.01w
cpe:/a:novell:netware_ftp_server:5.01y
cpe:/a:novell:netware_ftp_server:5.02b
cpe:/a:novell:netware_ftp_server:5.02i
cpe:/a:novell:netware_ftp_server:5.02r
cpe:/a:novell:netware_ftp_server:5.02y
cpe:/a:novell:netware_ftp_server:5.03b
cpe:/o:novell:netware:5.1
cpe:/o:novell:netware:6.0
cpe:/o:novell:netware:6.5
CVE-2003-1596
2010-04-05T11:30:00.780-04:00
2010-06-08T00:00:00.000-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
2010-04-06T09:14:00.000-04:00
CONFIRM
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.
cpe:/a:wordpress:wordpress:0.7
CVE-2003-1598
2014-10-01T10:55:08.933-04:00
2017-08-28T21:29:01.190-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
MLIST
[oss-sec] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)
MISC
http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt
BID
7784
XF
wordpress-blogheader-sql-injection(12204)
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
cpe:/a:wordpress:wordpress:0.70
CVE-2003-1599
2014-10-27T16:55:07.373-04:00
2017-08-28T21:29:01.283-04:00
7.5
NETWORK
LOW
NONE
PARTIAL
PARTIAL
PARTIAL
http://nvd.nist.gov
MLIST
[oss-security] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)
BID
7785
XF
wordpress-linksall-file-include(12205)
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
cpe:/a:gehealthcare:discovery_vh:-
CVE-2003-1603
2015-08-04T10:59:04.127-04:00
2018-03-27T21:29:00.557-04:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
CONFIRM
http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1
MISC
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
MISC
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
MISC
https://twitter.com/digitalbond/status/619250429751222277
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
cpe:/o:linux:linux_kernel:2.5.75
CVE-2003-1604
2016-05-02T06:59:00.123-04:00
2016-11-30T21:59:02.587-05:00
7.8
NETWORK
LOW
NONE
NONE
NONE
COMPLETE
http://nvd.nist.gov
SUSE
openSUSE-SU-2016:1008
MLIST
[netfilter-devel] 20031020 [PATCH] Fix possible oops in ipt_REDIRECT
MLIST
[oss-security] 20160127 Re: CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function
CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1303072
The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.
cpe:/a:haxx:curl:7.1.1
cpe:/a:haxx:curl:7.2
cpe:/a:haxx:curl:7.2.1
cpe:/a:haxx:curl:7.3
cpe:/a:haxx:curl:7.4
cpe:/a:haxx:curl:7.4.1
cpe:/a:haxx:curl:7.4.2
cpe:/a:haxx:curl:7.5
cpe:/a:haxx:curl:7.5.1
cpe:/a:haxx:curl:7.5.2
cpe:/a:haxx:curl:7.6
cpe:/a:haxx:curl:7.6.1
cpe:/a:haxx:curl:7.7
cpe:/a:haxx:curl:7.7.1
cpe:/a:haxx:curl:7.7.2
cpe:/a:haxx:curl:7.7.3
cpe:/a:haxx:curl:7.8
cpe:/a:haxx:curl:7.8.1
cpe:/a:haxx:curl:7.9
cpe:/a:haxx:curl:7.9.1
cpe:/a:haxx:curl:7.9.2
cpe:/a:haxx:curl:7.9.3
cpe:/a:haxx:curl:7.9.4
cpe:/a:haxx:curl:7.9.5
cpe:/a:haxx:curl:7.9.6
cpe:/a:haxx:curl:7.9.7
cpe:/a:haxx:curl:7.9.8
cpe:/a:haxx:curl:7.10
cpe:/a:haxx:curl:7.10.1
cpe:/a:haxx:curl:7.10.2
cpe:/a:haxx:curl:7.10.3
cpe:/a:haxx:curl:7.10.4
cpe:/a:haxx:curl:7.10.5
cpe:/a:haxx:curl:7.10.6
CVE-2003-1605
2018-08-23T15:29:00.220-04:00
2018-10-15T14:20:38.663-04:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2018-10-12T11:00:21.600-04:00
BID
8432
MISC
https://curl.haxx.se/docs/CVE-2003-1605.html
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.