CVE Output in CVRF 1.1: 20240227
CVE List
cve@mitre.org
The MITRE Corporation
20240227-102214
Interim
2024.02.27.10
1
2024-02-27T10:22:14
Initial public release
2024-02-27T10:22:14
2024-02-27T10:22:14
MITRE Custom CVE-to-CVRF Converter 2.0
This is a list of CVE Identifiers as published by MITRE.
The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Vulnerabilities and Exposures (CVE (R)) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITREs copyright designation and this license in any such copy.
ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
CVE-2003-0001
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
2003-01-08
2018-10-19
CVE-2003-0001
http://www.atstake.com/research/advisories/2003/a010603-1.txt
ATSTAKE:A010603-1
http://www.securityfocus.com/archive/1/305335/30/26420/threaded
BUGTRAQ:20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)
http://marc.info/?l=bugtraq&m=104222046632243&w=2
BUGTRAQ:20030110 More information regarding Etherleak
http://www.securityfocus.com/archive/1/307564/30/26270/threaded
BUGTRAQ:20030117 Re: More information regarding Etherleak
http://www.kb.cert.org/vuls/id/412115
CERT-VN:VU#412115
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
http://www.osvdb.org/9962
OSVDB:9962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665
OVAL:oval:org.mitre.oval:def:2665
http://www.redhat.com/support/errata/RHSA-2003-025.html
REDHAT:RHSA-2003:025
http://www.redhat.com/support/errata/RHSA-2003-088.html
REDHAT:RHSA-2003:088
http://www.securitytracker.com/id/1031583
SECTRACK:1031583
http://www.securitytracker.com/id/1040185
SECTRACK:1040185
http://secunia.com/advisories/7996
SECUNIA:7996
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
VULNWATCH:20030110 More information regarding Etherleak
CVE-2003-0002
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
2004-09-01
2007-11-20
CVE-2003-0002
http://www.securityfocus.com/bid/5922
BID:5922
http://marc.info/?l=bugtraq&m=103417794800719&w=2
BUGTRAQ:20021007 CSS on Microsoft Content Management Server
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-002
MS:MS03-002
http://www.iss.net/security_center/static/10318.php
XF:mcms-manuallogin-reasontxt-xss (10318)
CVE-2003-0003
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
2004-09-01
2008-05-08
CVE-2003-0003
http://www.securityfocus.com/bid/6666
BID:6666
http://marc.info/?l=bugtraq&m=104394414713415&w=2
BUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
http://www.cert.org/advisories/CA-2003-03.html
CERT:CA-2003-03
http://www.kb.cert.org/vuls/id/610986
CERT-VN:VU#610986
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001
MS:MS03-001
http://marc.info/?l=ntbugtraq&m=104393588232166&w=2
NTBUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103
OVAL:oval:org.mitre.oval:def:103
https://exchange.xforce.ibmcloud.com/vulnerabilities/11132
XF:win-locator-bo(11132)
CVE-2003-0004
Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
2004-09-01
2007-11-12
CVE-2003-0004
http://www.securityfocus.com/bid/6778
BID:6778
http://marc.info/?l=bugtraq&m=104878038418534&w=2
BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-005
MS:MS03-005
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html
VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
http://www.iss.net/security_center/static/11260.php
XF:winxp-windows-redirector-bo(11260)
CVE-2003-0005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0005
CVE-2003-0006
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0006
CVE-2003-0007
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
2004-09-01
2008-02-27
CVE-2003-0007
http://www.securityfocus.com/bid/6667
BID:6667
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-003
MS:MS03-003
https://exchange.xforce.ibmcloud.com/vulnerabilities/11133
XF:outlook-v1-certificate-plaintext(11133)
CVE-2003-0008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0008
CVE-2003-0009
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
2004-09-01
2008-02-06
CVE-2003-0009
http://www.securityfocus.com/bid/6966
BID:6966
http://marc.info/?l=bugtraq&m=104636383018686&w=2
BUGTRAQ:20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
http://www.kb.cert.org/vuls/id/489721
CERT-VN:VU#489721
http://www.ciac.org/ciac/bulletins/n-047.shtml
CIAC:N-047
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-006
MS:MS03-006
http://www.osvdb.org/6074
OSVDB:6074
http://www.iss.net/security_center/static/11425.php
XF:winme-hsc-hcp-bo(11425)
CVE-2003-0010
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
2003-03-21
2018-10-12
CVE-2003-0010
http://www.securityfocus.com/bid/7146
BID:7146
http://marc.info/?l=bugtraq&m=104812108307645&w=2
BUGTRAQ:20030319 iDEFENSE Security Advisory 03.19.03: Heap Overflow in Windows Script Engine
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26
IDEFENSE:20030319 Heap Overflow in Windows Script Engine
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-008
MS:MS03-008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A134
OVAL:oval:org.mitre.oval:def:134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A200
OVAL:oval:org.mitre.oval:def:200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A794
OVAL:oval:org.mitre.oval:def:794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A795
OVAL:oval:org.mitre.oval:def:795
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html
VULNWATCH:20030319 Windows Scripting Engine issue
CVE-2003-0011
Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
2003-03-21
2018-10-12
CVE-2003-0011
http://www.securityfocus.com/bid/7145
BID:7145
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-009
MS:MS03-009
CVE-2003-0012
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.
2004-09-01
2007-11-20
CVE-2003-0012
http://www.securityfocus.com/bid/6502
BID:6502
http://marc.info/?l=bugtraq&m=104154319200399&w=2
BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
http://www.debian.org/security/2003/dsa-230
DEBIAN:DSA-230
http://www.redhat.com/support/errata/RHSA-2003-012.html
REDHAT:RHSA-2003:012
http://www.iss.net/security_center/static/10971.php
XF:bugzilla-mining-world-writable(10971)
CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
2004-09-01
2007-11-20
CVE-2003-0013
http://www.securityfocus.com/bid/6501
BID:6501
http://marc.info/?l=bugtraq&m=104154319200399&w=2
BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
http://www.debian.org/security/2003/dsa-230
DEBIAN:DSA-230
http://www.osvdb.org/6351
OSVDB:6351
http://www.iss.net/security_center/static/10970.php
XF:bugzilla-htaccess-database-password(10970)
CVE-2003-0014
gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2005-01-19
2017-07-10
CVE-2003-0014
http://securityfocus.org/bid/12229
BID:12229
http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog
CONFIRM:http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog
http://www.debian.org/security/2005/dsa-633
DEBIAN:DSA-633
http://securitytracker.com/id?1012847
SECTRACK:1012847
http://secunia.com/advisories/13793
SECUNIA:13793
http://secunia.com/advisories/13796
SECUNIA:13796
https://exchange.xforce.ibmcloud.com/vulnerabilities/18823
XF:bmv-symlink(18823)
CVE-2003-0015
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
2004-09-01
2007-11-28
CVE-2003-0015
http://www.securityfocus.com/bid/6650
BID:6650
http://marc.info/?l=bugtraq&m=104333092200589&w=2
BUGTRAQ:20030122 [security@slackware.com: [slackware-security] New CVS packages available]
http://marc.info/?l=bugtraq&m=104342550612736&w=2
BUGTRAQ:20030124 Test program for CVS double-free.
http://marc.info/?l=bugtraq&m=104428571204468&w=2
BUGTRAQ:20030202 Exploit for CVS double free() for Linux pserver
CALDERA:CSSA-2003-006
http://www.cert.org/advisories/CA-2003-02.html
CERT:CA-2003-02
http://www.kb.cert.org/vuls/id/650937
CERT-VN:VU#650937
http://www.ciac.org/ciac/bulletins/n-032.shtml
CIAC:N-032
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
http://www.debian.org/security/2003/dsa-233
DEBIAN:DSA-233
http://marc.info/?l=bugtraq&m=104438807203491&w=2
FREEBSD:FreeBSD-SA-03:01
FULLDISC:20030120 Advisory 01/2003: CVS remote vulnerability
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
MANDRAKE:MDKSA-2003:009
http://security.e-matters.de/advisories/012003.html
MISC:http://security.e-matters.de/advisories/012003.html
http://www.redhat.com/support/errata/RHSA-2003-012.html
REDHAT:RHSA-2003:012
http://rhn.redhat.com/errata/RHSA-2003-013.html
REDHAT:RHSA-2003:013
SUSE:SuSE-SA:2003:0007
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
VULNWATCH:20030120 Advisory 01/2003: CVS remote vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/11108
XF:cvs-doublefree-memory-corruption(11108)
CVE-2003-0016
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
2004-09-01
2021-06-06
CVE-2003-0016
http://www.securityfocus.com/bid/6659
BID:6659
http://www.kb.cert.org/vuls/id/825177
CERT-VN:VU#825177
http://www.kb.cert.org/vuls/id/979793
CERT-VN:VU#979793
http://www.apacheweek.com/issues/03-01-24#security
CONFIRM:http://www.apacheweek.com/issues/03-01-24#security
http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2
MLIST:[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11125
XF:apache-device-code-execution(11125)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11124
XF:apache-device-name-dos(11124)
CVE-2003-0017
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
2004-09-01
2021-06-06
CVE-2003-0017
http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2
CONFIRM:http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
CVE-2003-0018
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
2004-09-01
2007-11-12
CVE-2003-0018
http://www.securityfocus.com/bid/6763
BID:6763
http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ
http://www.debian.org/security/2003/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014
MANDRAKE:MDKSA-2003:014
http://www.redhat.com/support/errata/RHSA-2003-025.html
REDHAT:RHSA-2003:025
http://www.iss.net/security_center/static/11249.php
XF:linux-odirect-information-leak(11249)
CVE-2003-0019
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.
2004-09-01
2007-11-12
CVE-2003-0019
http://www.securityfocus.com/bid/6801
BID:6801
http://www.kb.cert.org/vuls/id/134025
CERT-VN:VU#134025
http://www.ciac.org/ciac/bulletins/n-044.shtml
CIAC:N-044
http://www.redhat.com/support/errata/RHSA-2003-056.html
REDHAT:RHSA-2003:056
http://www.iss.net/security_center/static/11276.php
XF:linux-umlnet-gain-privileges(11276)
CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
2004-09-01
2021-06-06
CVE-2003-0020
http://marc.info/?l=bugtraq&m=108369640424244&w=2
APPLE:APPLE-SA-2004-05-03
http://www.securityfocus.com/bid/9930
BID:9930
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://marc.info/?l=bugtraq&m=108437852004207&w=2
BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
http://security.gentoo.org/glsa/glsa-200405-22.xml
GENTOO:GLSA-200405-22
http://marc.info/?l=bugtraq&m=108731648532365&w=2
HP:SSRT4717
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
MANDRAKE:MDKSA-2003:050
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
MANDRAKE:MDKSA-2004:046
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109
OVAL:oval:org.mitre.oval:def:100109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150
OVAL:oval:org.mitre.oval:def:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114
OVAL:oval:org.mitre.oval:def:4114
http://www.redhat.com/support/errata/RHSA-2003-082.html
REDHAT:RHSA-2003:082
http://www.redhat.com/support/errata/RHSA-2003-083.html
REDHAT:RHSA-2003:083
http://www.redhat.com/support/errata/RHSA-2003-104.html
REDHAT:RHSA-2003:104
http://www.redhat.com/support/errata/RHSA-2003-139.html
REDHAT:RHSA-2003:139
http://www.redhat.com/support/errata/RHSA-2003-243.html
REDHAT:RHSA-2003:243
http://www.redhat.com/support/errata/RHSA-2003-244.html
REDHAT:RHSA-2003:244
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
SLACKWARE:SSA:2004-133
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
SUNALERT:101555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
SUNALERT:57628
http://www.trustix.org/errata/2004/0017
TRUSTIX:2004-0017
http://www.trustix.org/errata/2004/0027
TRUSTIX:2004-0027
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11412.php
XF:apache-esc-seq-injection(11412)
CVE-2003-0021
The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
2004-09-01
2009-01-01
CVE-2003-0021
http://www.securityfocus.com/bid/6936
BID:6936
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
GENTOO:GLSA-200303-1
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
MANDRAKE:MDKSA-2003:040
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11413.php
XF:terminal-emulator-screen-dump(11413)
CVE-2003-0022
The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
2004-09-01
2009-01-01
CVE-2003-0022
http://www.securityfocus.com/bid/6938
BID:6938
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
MANDRAKE:MDKSA-2003:034
http://www.redhat.com/support/errata/RHSA-2003-054.html
REDHAT:RHSA-2003:054
http://www.redhat.com/support/errata/RHSA-2003-055.html
REDHAT:RHSA-2003:055
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11413.php
XF:terminal-emulator-screen-dump(11413)
CVE-2003-0023
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
2004-09-01
2009-01-01
CVE-2003-0023
http://www.securityfocus.com/bid/6947
BID:6947
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
MANDRAKE:MDKSA-2003:034
http://www.redhat.com/support/errata/RHSA-2003-054.html
REDHAT:RHSA-2003:054
http://www.redhat.com/support/errata/RHSA-2003-055.html
REDHAT:RHSA-2003:055
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11416.php
XF:terminal-emulator-menu-modification(11416)
CVE-2003-0024
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
2004-09-01
2009-01-01
CVE-2003-0024
http://www.securityfocus.com/bid/6949
BID:6949
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11416.php
XF:terminal-emulator-menu-modification(11416)
CVE-2003-0025
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
2003-01-15
2016-10-17
CVE-2003-0025
http://www.securityfocus.com/bid/6559
BID:6559
http://marc.info/?l=bugtraq&m=104204786206563&w=2
BUGTRAQ:20030108 IMP 2.x SQL injection vulnerabilities
http://www.securityfocus.com/archive/1/306268
BUGTRAQ:20030108 Re: IMP 2.x SQL injection vulnerabilities
http://www.debian.org/security/2003/dsa-229
DEBIAN:DSA-229
http://www.securitytracker.com/id?1005904
SECTRACK:1005904
http://secunia.com/advisories/8087
SECUNIA:8087
http://secunia.com/advisories/8177
SECUNIA:8177
SUSE:SuSE-SA:2003:0008
CVE-2003-0026
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.
2003-01-16
2017-07-10
CVE-2003-0026
http://www.securityfocus.com/bid/6627
BID:6627
http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html
BUGTRAQ:20030122 [securityslackware.com: [slackware-security] New DHCP packages available]
http://www.cert.org/advisories/CA-2003-01.html
CERT:CA-2003-01
http://www.kb.cert.org/vuls/id/284857
CERT-VN:VU#284857
http://www.ciac.org/ciac/bulletins/n-031.shtml
CIAC:N-031
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562
CONECTIVA:CLA-2003:562
http://www.debian.org/security/2003/dsa-231
DEBIAN:DSA-231
http://www.mandriva.com/security/advisories?name=MDKSA-2003:007
MANDRAKE:MDKSA-2003:007
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html
OPENPKG:OpenPKG-SA-2003.002
http://www.redhat.com/support/errata/RHSA-2003-011.html
REDHAT:RHSA-2003:011
http://www.securitytracker.com/id?1005924
SECTRACK:1005924
http://www.suse.com/de/security/2003_006_dhcp.html
SUSE:SuSE-SA:2003:0006
http://www.suse.com/de/security/2003_006_dhcp.html
SUSE:SuSE-SA:2003:006
https://exchange.xforce.ibmcloud.com/vulnerabilities/11073
XF:dhcpd-minires-multiple-bo(11073)
CVE-2003-0027
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
2004-09-01
2008-02-06
CVE-2003-0027
http://www.securityfocus.com/bid/6665
BID:6665
http://marc.info/?l=bugtraq&m=104326556329850&w=2
BUGTRAQ:20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
http://www.kb.cert.org/vuls/id/850785
CERT-VN:VU#850785
http://www.entercept.com/news/uspr/01-22-03.asp
MISC:http://www.entercept.com/news/uspr/01-22-03.asp
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120
OVAL:oval:org.mitre.oval:def:120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195
OVAL:oval:org.mitre.oval:def:195
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592
OVAL:oval:org.mitre.oval:def:2592
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104
SUNALERT:50104
https://exchange.xforce.ibmcloud.com/vulnerabilities/11129
XF:solaris-kcms-directory-traversal(11129)
CVE-2003-0028
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
2003-03-21
2018-10-19
CVE-2003-0028
http://marc.info/?l=bugtraq&m=104810574423662&w=2
BUGTRAQ:20030319 EEYE: XDR Integer Overflow
http://marc.info/?l=bugtraq&m=104811415301340&w=2
BUGTRAQ:20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes
http://www.securityfocus.com/archive/1/315638/30/25430/threaded
BUGTRAQ:20030319 RE: EEYE: XDR Integer Overflow
http://marc.info/?l=bugtraq&m=104860855114117&w=2
BUGTRAQ:20030325 GLSA: glibc (200303-22)
http://www.securityfocus.com/archive/1/316931/30/25250/threaded
BUGTRAQ:20030331 GLSA: dietlibc (200303-29)
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://marc.info/?l=bugtraq&m=105362148313082&w=2
BUGTRAQ:20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)
CALDERA:CSSA-2003-013.0
http://www.cert.org/advisories/CA-2003-10.html
CERT:CA-2003-10
http://www.kb.cert.org/vuls/id/516825
CERT-VN:VU#516825
https://security.netapp.com/advisory/ntap-20150122-0002/
CONFIRM:https://security.netapp.com/advisory/ntap-20150122-0002/
http://www.debian.org/security/2003/dsa-266
DEBIAN:DSA-266
http://www.debian.org/security/2003/dsa-272
DEBIAN:DSA-272
http://www.debian.org/security/2003/dsa-282
DEBIAN:DSA-282
http://www.eeye.com/html/Research/Advisories/AD20030318.html
EEYE:AD20030318
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
ENGARDE:ESA-20030321-010
FREEBSD:FreeBSD-SA-03:05
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
MANDRAKE:MDKSA-2003:037
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
NETBSD:NetBSD-SA2003-008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
OVAL:oval:org.mitre.oval:def:230
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-089.html
REDHAT:RHSA-2003:089
http://www.redhat.com/support/errata/RHSA-2003-091.html
REDHAT:RHSA-2003:091
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
SUSE:SuSE-SA:2003:027
http://marc.info/?l=bugtraq&m=104878237121402&w=2
TRUSTIX:2003-0014
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
VULNWATCH:20030319 EEYE: XDR Integer Overflow
CVE-2003-0029
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0029
CVE-2003-0030
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.
2003-03-14
2016-10-17
CVE-2003-0030
http://www.securityfocus.com/bid/7083
BID:7083
http://www.securityfocus.com/bid/7084
BID:7084
http://www.securityfocus.com/bid/7085
BID:7085
http://marc.info/?l=bugtraq&m=104758650516677&w=2
BUGTRAQ:20030313 Protegrity buffer overflow
http://www.kb.cert.org/vuls/id/247545
CERT-VN:VU#247545
http://secunia.com/advisories/8294
SECUNIA:8294
CVE-2003-0031
Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).
2003-01-15
2016-10-17
CVE-2003-0031
http://www.securityfocus.com/bid/6510
BID:6510
http://marc.info/?l=bugtraq&m=104162752401212&w=2
BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
http://marc.info/?l=bugtraq&m=104188513728573&w=2
BUGTRAQ:20030105 GLSA: libmcrypt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
CONECTIVA:CLA-2003:567
http://www.debian.org/security/2003/dsa-228
DEBIAN:DSA-228
http://www.securitytracker.com/id?1006181
SECTRACK:1006181
SUSE:SuSE-SA:2003:0010
CVE-2003-0032
Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.
2004-09-01
2008-02-06
CVE-2003-0032
http://www.securityfocus.com/bid/6512
BID:6512
http://marc.info/?l=bugtraq&m=104162752401212&w=2
BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
http://marc.info/?l=bugtraq&m=104188513728573&w=2
BUGTRAQ:20030105 GLSA: libmcrypt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
CONECTIVA:CLA-2003:567
http://www.debian.org/security/2003/dsa-228
DEBIAN:DSA-228
SUSE:SuSE-SA:2003:0010
http://www.iss.net/security_center/static/10988.php
XF:libmcrypt-libtool-memory-leak(10988)
CVE-2003-0033
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.
2004-09-01
2007-11-12
CVE-2003-0033
http://www.securityfocus.com/bid/6963
BID:6963
http://marc.info/?l=bugtraq&m=104673386226064&w=2
BUGTRAQ:20030303 Snort RPC Vulnerability (fwd)
http://www.cert.org/advisories/CA-2003-13.html
CERT:CA-2003-13
http://www.kb.cert.org/vuls/id/916785
CERT-VN:VU#916785
http://www.debian.org/security/2003/dsa-297
DEBIAN:DSA-297
http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
ENGARDE:ESA-20030307-007
http://marc.info/?l=bugtraq&m=104716001503409&w=2
GENTOO:GLSA-200303-6.1
http://marc.info/?l=bugtraq&m=105154530427824&w=2
GENTOO:GLSA-200304-06
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
ISS:20030303 Snort RPC Preprocessing Vulnerability
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029
MANDRAKE:MDKSA-2003:029
http://www.osvdb.org/4418
OSVDB:4418
http://www.iss.net/security_center/static/10956.php
XF:snort-rpc-fragment-bo(10956)
CVE-2003-0034
Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.
2003-01-22
2008-03-25
CVE-2003-0034
http://www.securityfocus.com/bid/6656
BID:6656
http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
MANDRAKE:MDKSA-2003:010
http://www.idefense.com/advisory/01.21.03.txt
MISC:http://www.idefense.com/advisory/01.21.03.txt
http://www.securitytracker.com/id?1005959
SECTRACK:1005959
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
CVE-2003-0035
Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.
2003-01-22
2018-10-19
CVE-2003-0035
http://www.securityfocus.com/bid/6658
BID:6658
http://www.securityfocus.com/archive/1/307608/30/26270/threaded
BUGTRAQ:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
MANDRAKE:MDKSA-2003:010
http://www.idefense.com/advisory/01.21.03.txt
MISC:http://www.idefense.com/advisory/01.21.03.txt
http://www.securitytracker.com/id?1005959
SECTRACK:1005959
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
CVE-2003-0036
ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".
2003-01-22
2018-10-19
CVE-2003-0036
http://www.securityfocus.com/archive/1/307608/30/26270/threaded
BUGTRAQ:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
MANDRAKE:MDKSA-2003:010
http://www.idefense.com/advisory/01.21.03.txt
MISC:http://www.idefense.com/advisory/01.21.03.txt
http://www.securitytracker.com/id?1005959
SECTRACK:1005959
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
CVE-2003-0037
Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.
2003-01-29
2017-07-10
CVE-2003-0037
http://www.securityfocus.com/bid/6695
BID:6695
http://www.debian.org/security/2003/dsa-244
DEBIAN:DSA-244
http://secunia.com/advisories/7955
SECUNIA:7955
https://exchange.xforce.ibmcloud.com/vulnerabilities/11181
XF:noffle-multiple-bo(11181)
CVE-2003-0038
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
2003-01-29
2017-07-10
CVE-2003-0038
http://www.securityfocus.com/bid/6677
BID:6677
http://marc.info/?l=bugtraq&m=104342745916111
BUGTRAQ:20030124 Mailman: cross-site scripting bug
http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
CONFIRM:http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
http://www.debian.org/security/2004/dsa-436
DEBIAN:DSA-436
http://www.osvdb.org/9205
OSVDB:9205
http://www.securitytracker.com/id?1005987
SECTRACK:1005987
https://exchange.xforce.ibmcloud.com/vulnerabilities/11152
XF:mailman-email-variable-xss(11152)
CVE-2003-0039
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
2004-09-01
2008-02-06
CVE-2003-0039
http://www.securityfocus.com/bid/6628
BID:6628
http://marc.info/?l=bugtraq&m=104310927813830&w=2
BUGTRAQ:20030115 DoS against DHCP infrastructure with isc dhcrelay
http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html
BUGTRAQ:20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
http://www.kb.cert.org/vuls/id/149953
CERT-VN:VU#149953
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616
CONECTIVA:CLSA-2003:616
http://www.debian.org/security/2003/dsa-245
DEBIAN:DSA-245
http://www.redhat.com/support/errata/RHSA-2003-034.html
REDHAT:RHSA-2003:034
http://cc.turbolinux.com/security/TLSA-2003-26.txt
TURBO:TLSA-2003-26
https://exchange.xforce.ibmcloud.com/vulnerabilities/11187
XF:dhcp-dhcrelay-dos(11187)
CVE-2003-0040
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
2004-09-01
2007-11-12
CVE-2003-0040
http://www.securityfocus.com/bid/6738
BID:6738
http://www.debian.org/security/2003/dsa-247
DEBIAN:DSA-247
https://exchange.xforce.ibmcloud.com/vulnerabilities/11213
XF:courierimap-authmysqllib-sql-injection(11213)
CVE-2003-0041
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
2003-02-01
2007-11-12
CVE-2003-0041
http://www.mandriva.com/security/advisories?name=MDKSA-2003:021
MANDRAKE:MDKSA-2003:021
http://www.redhat.com/support/errata/RHSA-2003-020.html
REDHAT:RHSA-2003:020
http://secunia.com/advisories/7979
SECUNIA:7979
http://secunia.com/advisories/8114
SECUNIA:8114
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html
VULNWATCH:20030128 MIT Kerberos FTP client remote shell commands execution
CVE-2003-0042
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
2003-01-29
2017-07-10
CVE-2003-0042
http://www.securityfocus.com/bid/6721
BID:6721
http://marc.info/?l=bugtraq&m=104394568616290&w=2
BUGTRAQ:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
http://www.ciac.org/ciac/bulletins/n-060.shtml
CIAC:N-060
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
http://www.debian.org/security/2003/dsa-246
DEBIAN:DSA-246
http://www.securityfocus.com/advisories/5111
HP:HPSBUX0303-249
http://secunia.com/advisories/7972
SECUNIA:7972
http://secunia.com/advisories/7977
SECUNIA:7977
VULNWATCH:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/11194
XF:tomcat-null-directory-listing(11194)
CVE-2003-0043
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
2004-09-01
2007-11-20
CVE-2003-0043
http://www.securityfocus.com/bid/6722
BID:6722
http://www.ciac.org/ciac/bulletins/n-060.shtml
CIAC:N-060
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
http://www.debian.org/security/2003/dsa-246
DEBIAN:DSA-246
http://www.securityfocus.com/advisories/5111
HP:HPSBUX0303-249
https://exchange.xforce.ibmcloud.com/vulnerabilities/11195
XF:tomcat-webxml-read-files(11195)
CVE-2003-0044
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
2003-01-29
2017-07-10
CVE-2003-0044
http://www.securityfocus.com/bid/6720
BID:6720
http://www.ciac.org/ciac/bulletins/n-060.shtml
CIAC:N-060
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
http://www.debian.org/security/2003/dsa-246
DEBIAN:DSA-246
http://www.securityfocus.com/advisories/5111
HP:HPSBUX0303-249
http://www.osvdb.org/9203
OSVDB:9203
http://www.osvdb.org/9204
OSVDB:9204
http://secunia.com/advisories/7972
SECUNIA:7972
https://exchange.xforce.ibmcloud.com/vulnerabilities/11196
XF:tomcat-web-app-xss(11196)
CVE-2003-0045
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
2004-09-01
2007-11-28
CVE-2003-0045
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/12102
XF:jakarta-tomcat-msdos-dos(12102)
CVE-2003-0046
AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
2003-02-01
2016-10-17
CVE-2003-0046
http://www.securityfocus.com/bid/6725
BID:6725
http://marc.info/?l=bugtraq&m=104386492422014&w=2
BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
http://www.celestialsoftware.net/telnet/beta_software.html
CONFIRM:http://www.celestialsoftware.net/telnet/beta_software.html
http://www.idefense.com/advisory/01.28.03.txt
MISC:http://www.idefense.com/advisory/01.28.03.txt
http://www.osvdb.org/7686
OSVDB:7686
http://www.securitytracker.com/id?1006013
SECTRACK:1006013
CVE-2003-0047
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
2003-02-01
2016-10-17
CVE-2003-0047
http://www.securityfocus.com/bid/6726
BID:6726
http://www.securityfocus.com/bid/6727
BID:6727
http://www.securityfocus.com/bid/6728
BID:6728
http://marc.info/?l=bugtraq&m=104386492422014&w=2
BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
http://www.idefense.com/advisory/01.28.03.txt
MISC:http://www.idefense.com/advisory/01.28.03.txt
http://www.securitytracker.com/id?1006010
SECTRACK:1006010
http://www.securitytracker.com/id?1006011
SECTRACK:1006011
http://www.securitytracker.com/id?1006012
SECTRACK:1006012
CVE-2003-0048
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
2003-02-01
2016-10-17
CVE-2003-0048
http://www.securityfocus.com/bid/6724
BID:6724
http://marc.info/?l=bugtraq&m=104386492422014&w=2
BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
http://www.idefense.com/advisory/01.28.03.txt
MISC:http://www.idefense.com/advisory/01.28.03.txt
http://www.securitytracker.com/id?1006014
SECTRACK:1006014
CVE-2003-0049
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
2003-02-26
2007-10-21
CVE-2003-0049
http://www.securityfocus.com/bid/6860
BID:6860
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://securitytracker.com/id?1006107
SECTRACK:1006107
http://www.iss.net/security_center/static/11333.php
XF:macos-afp-unauthorized-access(11333)
CVE-2003-0050
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
2004-09-01
2008-02-06
CVE-2003-0050
ATSTAKE:A032403-1
http://www.securityfocus.com/bid/6954
BID:6954
http://marc.info/?l=bugtraq&m=104618904330226&w=2
BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://www.iss.net/security_center/static/11401.php
XF:quicktime-darwin-command-execution(11401)
CVE-2003-0051
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
2004-09-01
2008-02-06
CVE-2003-0051
ATSTAKE:A032403-1
http://www.securityfocus.com/bid/6956
BID:6956
http://marc.info/?l=bugtraq&m=104618904330226&w=2
BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://www.iss.net/security_center/static/11402.php
XF:quicktime-darwin-path-disclosure(11402)
CVE-2003-0052
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
2004-09-01
2008-02-06
CVE-2003-0052
ATSTAKE:A032403-1
http://www.securityfocus.com/bid/6955
BID:6955
http://marc.info/?l=bugtraq&m=104618904330226&w=2
BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://www.iss.net/security_center/static/11403.php
XF:quicktime-darwin-directory-disclosure(11403)
CVE-2003-0053
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
2004-09-01
2008-02-06
CVE-2003-0053
ATSTAKE:A032403-1
http://www.securityfocus.com/bid/6958
BID:6958
http://marc.info/?l=bugtraq&m=104618904330226&w=2
BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://www.iss.net/security_center/static/11404.php
XF:quicktime-darwin-parsexml-xss(11404)
CVE-2003-0054
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.
2004-09-01
2008-02-06
CVE-2003-0054
ATSTAKE:A032403-1
http://www.securityfocus.com/bid/6960
BID:6960
http://marc.info/?l=bugtraq&m=104618904330226&w=2
BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://www.iss.net/security_center/static/11405.php
XF:quicktime-darwin-describe-xss(11405)
CVE-2003-0055
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.
2004-09-01
2008-02-06
CVE-2003-0055
ATSTAKE:A032403-1
http://www.securityfocus.com/bid/6957
BID:6957
http://marc.info/?l=bugtraq&m=104618904330226&w=2
BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://www.iss.net/security_center/static/11406.php
XF:quicktime-darwin-mp3-bo(11406)
CVE-2003-0056
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
2003-02-01
2017-10-09
CVE-2003-0056
http://marc.info/?l=bugtraq&m=104342864418213&w=2
BUGTRAQ:20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)
http://marc.info/?l=bugtraq&m=104348607205691&w=2
BUGTRAQ:20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)
http://marc.info/?l=bugtraq&m=104428624705363&w=2
BUGTRAQ:20030202 GLSA: slocate
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt
CALDERA:CSSA-2003-009.0
http://www.net-security.org/advisory.php?id=2010
CONECTIVA:CLA-2003:643
http://www.debian.org/security/2003/dsa-252
DEBIAN:DSA-252
http://www.mandriva.com/security/advisories?name=MDKSA-2003:015
MANDRAKE:MDKSA-2003:015
http://www.usg.org.uk/advisories/2003.001.txt
MISC:http://www.usg.org.uk/advisories/2003.001.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11369
OVAL:oval:org.mitre.oval:def:11369
http://rhn.redhat.com/errata/RHSA-2004-041.html
REDHAT:RHSA-2004:041
http://secunia.com/advisories/10720
SECUNIA:10720
http://secunia.com/advisories/7947
SECUNIA:7947
http://secunia.com/advisories/7982
SECUNIA:7982
http://secunia.com/advisories/8007
SECUNIA:8007
http://secunia.com/advisories/8118/
SECUNIA:8118
http://secunia.com/advisories/8236
SECUNIA:8236
http://secunia.com/advisories/8749
SECUNIA:8749
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
CVE-2003-0057
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.
2003-02-01
2017-07-10
CVE-2003-0057
http://www.securityfocus.com/bid/6689
BID:6689
http://www.securityfocus.com/bid/6690
BID:6690
http://marc.info/?l=bugtraq&m=104369136703903&w=2
BUGTRAQ:20030127 Hypermail buffer overflows
http://www.debian.org/security/2003/dsa-248
DEBIAN:DSA-248
http://secunia.com/advisories/8030
SECUNIA:8030
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0042.html
VULNWATCH:20030126 Hypermail buffer overflows
https://exchange.xforce.ibmcloud.com/vulnerabilities/11158
XF:hypermail-long-hostname-bo(11158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11157
XF:hypermail-mail-attachment-bo(11157)
CVE-2003-0058
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
2004-09-01
2004-08-17
CVE-2003-0058
http://www.securityfocus.com/bid/6683
BID:6683
http://www.kb.cert.org/vuls/id/661243
CERT-VN:VU#661243
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
CONECTIVA:CLSA-2003:639
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
MANDRAKE:MDKSA-2003:043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1110
OVAL:oval:org.mitre.oval:def:1110
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-168.html
REDHAT:RHSA-2003:168
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142
SUNALERT:50142
https://exchange.xforce.ibmcloud.com/vulnerabilities/10099
XF:kerberos-kdc-null-pointer-dos(10099)
CVE-2003-0059
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
2004-09-01
2004-08-17
CVE-2003-0059
http://www.securityfocus.com/bid/6714
BID:6714
http://www.kb.cert.org/vuls/id/684563
CERT-VN:VU#684563
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
CONECTIVA:CLSA-2003:639
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
MANDRAKE:MDKSA-2003:043
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-168.html
REDHAT:RHSA-2003:168
https://exchange.xforce.ibmcloud.com/vulnerabilities/11188
XF:kerberos-kdc-user-spoofing(11188)
CVE-2003-0060
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
2003-02-01
2017-07-10
CVE-2003-0060
http://www.securityfocus.com/bid/6712
BID:6712
http://www.kb.cert.org/vuls/id/787523
CERT-VN:VU#787523
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
CONECTIVA:CLSA-2003:639
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
http://www.osvdb.org/4879
OSVDB:4879
https://exchange.xforce.ibmcloud.com/vulnerabilities/11189
XF:kerberos-kdc-format-string(11189)
CVE-2003-0061
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.
2005-04-15
CVE-2003-0061
http://www.idefense.com/application/poi/display?id=87&type=vulnerabilities&flashstatus=true
IDEFENSE:20030203 HP UX passwd Binary Buffer Overflow Vulnerability
CVE-2003-0062
Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.
2004-09-01
2007-11-12
CVE-2003-0062
http://www.securityfocus.com/bid/6803
BID:6803
http://marc.info/?l=bugtraq&m=104490777824360&w=2
BUGTRAQ:20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix
http://www.idefense.com/advisory/02.10.03.txt
MISC:http://www.idefense.com/advisory/02.10.03.txt
http://www.iss.net/security_center/static/11282.php
XF:nod32-pathname-bo(11282)
CVE-2003-0063
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2010-05-20
CVE-2003-0063
http://www.securityfocus.com/bid/6940
BID:6940
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.debian.org/security/2003/dsa-380
DEBIAN:DSA-380
http://www.redhat.com/support/errata/RHSA-2003-064.html
REDHAT:RHSA-2003:064
http://www.redhat.com/support/errata/RHSA-2003-065.html
REDHAT:RHSA-2003:065
http://www.redhat.com/support/errata/RHSA-2003-066.html
REDHAT:RHSA-2003:066
http://www.redhat.com/support/errata/RHSA-2003-067.html
REDHAT:RHSA-2003:067
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0064
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2009-01-01
CVE-2003-0064
http://www.securityfocus.com/bid/6942
BID:6942
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.securityfocus.com/advisories/6236
HP:HPSBUX0401-309
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0065
The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2004-08-10
CVE-2003-0065
http://www.securityfocus.com/bid/6945
BID:6945
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0066
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2009-01-01
CVE-2003-0066
http://www.securityfocus.com/bid/6953
BID:6953
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.securityfocus.com/advisories/5137
GENTOO:200303-16
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
MANDRAKE:MDKSA-2003:003
http://www.redhat.com/support/errata/RHSA-2003-054.html
REDHAT:RHSA-2003:054
http://www.redhat.com/support/errata/RHSA-2003-055.html
REDHAT:RHSA-2003:055
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0067
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2009-01-01
CVE-2003-0067
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0068
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2009-01-01
CVE-2003-0068
http://www.securityfocus.com/bid/10237
BID:10237
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.debian.org/security/2004/dsa-496
DEBIAN:DSA-496
GENTOO:GLSA-200303-1
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
MANDRAKE:MDKSA-2003:040
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0069
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2009-01-01
CVE-2003-0069
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.osvdb.org/8347
OSVDB:8347
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2010-08-04
CVE-2003-0070
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://seclists.org/lists/bugtraq/2003/Mar/0010.html
GENTOO:GLSA-200303-2
http://www.redhat.com/support/errata/RHSA-2003-053.html
REDHAT:RHSA-2003:053
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0071
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
2004-09-01
2010-05-20
CVE-2003-0071
http://www.securityfocus.com/bid/6950
BID:6950
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.debian.org/security/2003/dsa-380
DEBIAN:DSA-380
http://www.redhat.com/support/errata/RHSA-2003-064.html
REDHAT:RHSA-2003:064
http://www.redhat.com/support/errata/RHSA-2003-065.html
REDHAT:RHSA-2003:065
http://www.redhat.com/support/errata/RHSA-2003-066.html
REDHAT:RHSA-2003:066
http://www.redhat.com/support/errata/RHSA-2003-067.html
REDHAT:RHSA-2003:067
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11415.php
XF:terminal-emulator-dec-udk(11415)
CVE-2003-0072
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
2003-03-26
2018-10-19
CVE-2003-0072
http://www.securityfocus.com/bid/7184
BID:7184
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
http://www.debian.org/security/2003/dsa-266
DEBIAN:DSA-266
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
SUNALERT:54042
CVE-2003-0073
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
2004-09-01
2008-02-06
CVE-2003-0073
http://www.securityfocus.com/bid/6718
BID:6718
http://marc.info/?l=bugtraq&m=104385719107879&w=2
BUGTRAQ:20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
CONECTIVA:CLA-2003:743
http://www.mysql.com/doc/en/News-3.23.55.html
CONFIRM:http://www.mysql.com/doc/en/News-3.23.55.html
http://www.debian.org/security/2003/dsa-303
DEBIAN:DSA-303
http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
ENGARDE:ESA-20030220-004
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013
MANDRAKE:MDKSA-2003:013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436
OVAL:oval:org.mitre.oval:def:436
http://www.redhat.com/support/errata/RHSA-2003-093.html
REDHAT:RHSA-2003:093
http://www.redhat.com/support/errata/RHSA-2003-094.html
REDHAT:RHSA-2003:094
http://www.redhat.com/support/errata/RHSA-2003-166.html
REDHAT:RHSA-2003:166
http://www.iss.net/security_center/static/11199.php
XF:mysql-mysqlchangeuser-doublefree-dos(11199)
CVE-2003-0074
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.
2003-02-05
2016-10-17
CVE-2003-0074
http://www.securityfocus.com/bid/6715
BID:6715
http://marc.info/?l=bugtraq&m=104385772908969&w=2
BUGTRAQ:20030129 Local root vuln in SuSE 8.0 plptools package
http://marc.info/?l=bugtraq&m=104386699725019&w=2
BUGTRAQ:20030129 Re: Local root vuln in SuSE 8.0 plptools package
http://www.iss.net/security_center/static/11193.php
XF:plptools-plpnsfd-format-string(11193)
CVE-2003-0075
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
2004-09-01
2008-03-04
CVE-2003-0075
http://www.securityfocus.com/bid/6745
BID:6745
http://marc.info/?l=bugtraq&m=104428700106672&w=2
BUGTRAQ:20030202 Bladeenc 0.94.2 code execution
http://marc.info/?l=bugtraq&m=104446346127432&w=2
GENTOO:GLSA-200302-04
http://www.pivx.com/luigi/adv/blade942-adv.txt
MISC:http://www.pivx.com/luigi/adv/blade942-adv.txt
http://www.iss.net/security_center/static/11227.php
XF:bladeenc-myfseek-code-execution(11227)
CVE-2003-0076
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.
2003-02-11
2016-10-17
CVE-2003-0076
http://marc.info/?l=bugtraq&m=104437720116243&w=2
BUGTRAQ:20030204 GLSA: qt-dcgui
http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html
CONFIRM:http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html
http://www.iss.net/security_center/static/11246.php
XF:qtdcgui-directory-download-files(11246)
CVE-2003-0077
The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
2004-09-01
2007-11-12
CVE-2003-0077
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.osvdb.org/4917
OSVDB:4917
http://www.redhat.com/support/errata/RHSA-2003-070.html
REDHAT:RHSA-2003:070
http://www.redhat.com/support/errata/RHSA-2003-071.html
REDHAT:RHSA-2003:071
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11414.php
XF:terminal-emulator-window-title(11414)
CVE-2003-0078
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
2004-09-01
2010-02-22
CVE-2003-0078
http://www.securityfocus.com/bid/6884
BID:6884
http://marc.info/?l=bugtraq&m=104567627211904&w=2
BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released
http://marc.info/?l=bugtraq&m=104568426824439&w=2
BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
http://www.ciac.org/ciac/bulletins/n-051.shtml
CIAC:N-051
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
CONECTIVA:CLSA-2003:570
http://www.openssl.org/news/secadv_20030219.txt
CONFIRM:http://www.openssl.org/news/secadv_20030219.txt
http://www.debian.org/security/2003/dsa-253
DEBIAN:DSA-253
http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
ENGARDE:ESA-20030220-005
FREEBSD:FreeBSD-SA-03:02
http://marc.info/?l=bugtraq&m=104577183206905&w=2
GENTOO:GLSA-200302-10
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
MANDRAKE:MDKSA-2003:020
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc
NETBSD:NetBSD-SA2003-001
http://www.osvdb.org/3945
OSVDB:3945
http://www.redhat.com/support/errata/RHSA-2003-062.html
REDHAT:RHSA-2003:062
http://www.redhat.com/support/errata/RHSA-2003-063.html
REDHAT:RHSA-2003:063
http://www.redhat.com/support/errata/RHSA-2003-082.html
REDHAT:RHSA-2003:082
http://www.redhat.com/support/errata/RHSA-2003-104.html
REDHAT:RHSA-2003:104
http://www.redhat.com/support/errata/RHSA-2003-205.html
REDHAT:RHSA-2003:205
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
SGI:20030501-01-I
SUSE:SuSE-SA:2003:011
http://www.trustix.org/errata/2003/0005
TRUSTIX:2003-0005
http://www.iss.net/security_center/static/11369.php
XF:ssl-cbc-information-leak(11369)
CVE-2003-0079
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
2004-09-01
2009-01-01
CVE-2003-0079
http://www.securityfocus.com/bid/6944
BID:6944
http://marc.info/?l=bugtraq&m=104612710031920&w=2
BUGTRAQ:20030224 Terminal Emulator Security Issues
http://www.osvdb.org/4918
OSVDB:4918
http://www.redhat.com/support/errata/RHSA-2003-070.html
REDHAT:RHSA-2003:070
http://www.redhat.com/support/errata/RHSA-2003-071.html
REDHAT:RHSA-2003:071
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
VULNWATCH:20030224 Terminal Emulator Security Issues
http://www.iss.net/security_center/static/11415.php
XF:terminal-emulator-dec-udk(11415)
CVE-2003-0080
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
2003-03-18
2017-07-10
CVE-2003-0080
http://www.securityfocus.com/bid/7128
BID:7128
http://www.osvdb.org/4400
OSVDB:4400
http://www.redhat.com/support/errata/RHSA-2003-072.html
REDHAT:RHSA-2003:072
https://exchange.xforce.ibmcloud.com/vulnerabilities/11552
XF:gnomelokkit-forward-bypass-firewall(11552)
CVE-2003-0081
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
2004-09-01
2007-11-12
CVE-2003-0081
http://www.securityfocus.com/bid/7049
BID:7049
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627
CONECTIVA:CLSA-2003:627
http://www.ethereal.com/appnotes/enpa-sa-00008.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
http://www.debian.org/security/2003/dsa-258
DEBIAN:DSA-258
http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html
FULLDISC:20030308 Ethereal format string bug, yet still ethereal much better than windows
http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html
GENTOO:GLSA-200303-10
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051
MANDRAKE:MDKSA-2003:051
http://www.guninski.com/etherre.html
MISC:http://www.guninski.com/etherre.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54
OVAL:oval:org.mitre.oval:def:54
http://www.redhat.com/support/errata/RHSA-2003-076.html
REDHAT:RHSA-2003:076
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
SUSE:SuSE-SA:2003:019
https://exchange.xforce.ibmcloud.com/vulnerabilities/11497
XF:ethereal-socks-format-string(11497)
CVE-2003-0082
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
2003-03-26
2018-10-19
CVE-2003-0082
http://www.securityfocus.com/bid/7185
BID:7185
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
http://www.debian.org/security/2003/dsa-266
DEBIAN:DSA-266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244
OVAL:oval:org.mitre.oval:def:244
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536
OVAL:oval:org.mitre.oval:def:2536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430
OVAL:oval:org.mitre.oval:def:4430
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-091.html
REDHAT:RHSA-2003:091
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
SUNALERT:54042
CVE-2003-0083
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
2003-03-28
2021-06-06
CVE-2003-0083
http://marc.info/?l=bugtraq&m=108024081011678&w=2
BUGTRAQ:20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2
http://marc.info/?l=bugtraq&m=108034113406858&w=2
BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25
CONFIRM:http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH
CONFIRM:http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A151
OVAL:oval:org.mitre.oval:def:151
http://www.redhat.com/support/errata/RHSA-2003-139.html
REDHAT:RHSA-2003:139
http://secunia.com/advisories/8146
SECUNIA:8146
CVE-2003-0084
mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.
2003-04-29
2017-07-10
CVE-2003-0084
http://www.securityfocus.com/bid/7448
BID:7448
http://www.ciac.org/ciac/bulletins/n-090.shtml
CIAC:N-090
http://www.itlab.musc.edu/webNIS/mod_auth_any.html
CONFIRM:http://www.itlab.musc.edu/webNIS/mod_auth_any.html
http://www.redhat.com/support/errata/RHSA-2003-113.html
REDHAT:RHSA-2003:113
http://rhn.redhat.com/errata/RHSA-2003-114.html
REDHAT:RHSA-2003:114
https://exchange.xforce.ibmcloud.com/vulnerabilities/11893
XF:modauthany-command-execution(11893)
CVE-2003-0085
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
2003-03-18
2018-10-19
CVE-2003-0085
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
APPLE:APPLE-SA-2003-03-24
http://www.securityfocus.com/bid/7106
BID:7106
http://marc.info/?l=bugtraq&m=104792646416629&w=2
BUGTRAQ:20030317 GLSA: samba (200303-11)
http://marc.info/?l=bugtraq&m=104792723017768&w=2
BUGTRAQ:20030317 Security Bugfix for Samba - Samba 2.2.8 Released
http://marc.info/?l=bugtraq&m=104801012929374&w=2
BUGTRAQ:20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
BUGTRAQ:20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
http://www.securityfocus.com/archive/1/317145/30/25220/threaded
BUGTRAQ:20030401 Immunix Secured OS 7+ samba update
http://www.kb.cert.org/vuls/id/298233
CERT-VN:VU#298233
http://www.debian.org/security/2003/dsa-262
DEBIAN:DSA-262
http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
GENTOO:GLSA-200303-11
http://www.securityfocus.com/archive/1/317145/30/25220/threaded
IMMUNIX:IMNX-2003-7+-003-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
MANDRAKE:MDKSA-2003:032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552
OVAL:oval:org.mitre.oval:def:552
http://www.redhat.com/support/errata/RHSA-2003-095.html
REDHAT:RHSA-2003:095
http://www.redhat.com/support/errata/RHSA-2003-096.html
REDHAT:RHSA-2003:096
http://secunia.com/advisories/8299
SECUNIA:8299
http://secunia.com/advisories/8303
SECUNIA:8303
ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
SGI:20030302-01-I
http://www.novell.com/linux/security/advisories/2003_016_samba.html
SUSE:SuSE-SA:2003:016
CVE-2003-0086
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
2003-03-18
2018-10-19
CVE-2003-0086
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
APPLE:APPLE-SA-2003-03-24
http://www.securityfocus.com/bid/7107
BID:7107
http://marc.info/?l=bugtraq&m=104792646416629&w=2
BUGTRAQ:20030317 GLSA: samba (200303-11)
http://marc.info/?l=bugtraq&m=104801012929374&w=2
BUGTRAQ:20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
BUGTRAQ:20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
http://www.debian.org/security/2003/dsa-262
DEBIAN:DSA-262
http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
GENTOO:GLSA-200303-11
http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
MANDRAKE:MDKSA-2003:032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554
OVAL:oval:org.mitre.oval:def:554
http://www.redhat.com/support/errata/RHSA-2003-095.html
REDHAT:RHSA-2003:095
http://www.redhat.com/support/errata/RHSA-2003-096.html
REDHAT:RHSA-2003:096
http://secunia.com/advisories/8299
SECUNIA:8299
http://secunia.com/advisories/8303
SECUNIA:8303
ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
SGI:20030302-01-I
http://www.novell.com/linux/security/advisories/2003_016_samba.html
SUSE:SuSE-SA:2003:016
CVE-2003-0087
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.
2004-09-01
2004-08-17
CVE-2003-0087
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40307&apar=only
AIXAPAR:IY40307
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40317&apar=only
AIXAPAR:IY40317
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40320&apar=only
AIXAPAR:IY40320
http://www.securityfocus.com/bid/6840
BID:6840
http://marc.info/?l=bugtraq&m=104508375107938&w=2
BUGTRAQ:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
http://marc.info/?l=bugtraq&m=104508833214691&w=2
BUGTRAQ:20030212 libIM.a buffer overflow vulnerability
http://www.idefense.com/advisory/02.12.03.txt
MISC:http://www.idefense.com/advisory/02.12.03.txt
http://www.osvdb.org/7996
OSVDB:7996
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html
VULNWATCH:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
https://exchange.xforce.ibmcloud.com/vulnerabilities/11309
XF:aix-aixterm-libim-bo(11309)
CVE-2003-0088
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
2004-09-01
2007-11-12
CVE-2003-0088
http://www.atstake.com/research/advisories/2003/a021403-1.txt
ATSTAKE:A021403-1
http://www.securityfocus.com/bid/6859
BID:6859
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
http://www.iss.net/security_center/static/11332.php
XF:macos-trublueenvironment-gain-privileges(11332)
CVE-2003-0089
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.
2003-11-18
2017-10-09
CVE-2003-0089
http://www.securityfocus.com/bid/8986
BID:8986
http://marc.info/?l=bugtraq&m=106873965001431&w=2
BUGTRAQ:20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
http://www.securityfocus.com/advisories/6030
HP:HPSBUX0311-293
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5466
OVAL:oval:org.mitre.oval:def:5466
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0038.html
VULNWATCH:20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/13623
XF:hp-sd-utilities-bo(13623)
CVE-2003-0090
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-11-18
2003-11-21
CVE-2003-0090
CVE-2003-0091
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
2003-04-01
2018-10-19
CVE-2003-0091
http://www.securityfocus.com/archive/1/316957/30/25250/threaded
BUGTRAQ:20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability
http://www.ciac.org/ciac/bulletins/n-068.shtml
CIAC:N-068
http://packetstormsecurity.org/0304-advisories/sa2003-02.txt
MISC:http://packetstormsecurity.org/0304-advisories/sa2003-02.txt
http://www.nsfocus.com/english/homepage/sa2003-02.htm
MISC:http://www.nsfocus.com/english/homepage/sa2003-02.htm
http://www.osvdb.org/8713
OSVDB:8713
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4383
OVAL:oval:org.mitre.oval:def:4383
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52443-1
SUNALERT:52443
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0162.html
VULNWATCH:20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability
CVE-2003-0092
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
2003-04-01
2018-10-19
CVE-2003-0092
http://www.securityfocus.com/bid/7240
BID:7240
http://www.securityfocus.com/archive/1/316948/30/25250/threaded
BUGTRAQ:20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1905
OVAL:oval:org.mitre.oval:def:1905
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1
SUNALERT:52388
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html
VULNWATCH:20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
CVE-2003-0093
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.
2004-09-01
2007-11-12
CVE-2003-0093
http://www.debian.org/security/2003/dsa-261
DEBIAN:DSA-261
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
MANDRAKE:MDKSA-2003:027
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585
http://www.redhat.com/support/errata/RHSA-2003-032.html
REDHAT:RHSA-2003:032
http://www.redhat.com/support/errata/RHSA-2003-033.html
REDHAT:RHSA-2003:033
http://www.redhat.com/support/errata/RHSA-2003-214.html
REDHAT:RHSA-2003:214
https://exchange.xforce.ibmcloud.com/vulnerabilities/11324
XF:tcpdump-radius-decoder-dos(11324)
CVE-2003-0094
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
2004-09-01
2004-08-10
CVE-2003-0094
http://www.securityfocus.com/bid/6855
BID:6855
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016
MANDRAKE:MDKSA-2003:016
https://exchange.xforce.ibmcloud.com/vulnerabilities/11318
XF:utillinux-mcookie-cookie-predictable(11318)
CVE-2003-0095
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
2004-09-01
2007-10-17
CVE-2003-0095
http://www.securityfocus.com/bid/6849
BID:6849
http://marc.info/?l=bugtraq&m=104549693426042&w=2
BUGTRAQ:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
http://www.cert.org/advisories/CA-2003-05.html
CERT:CA-2003-05
http://www.kb.cert.org/vuls/id/953746
CERT-VN:VU#953746
http://www.ciac.org/ciac/bulletins/n-046.shtml
CIAC:N-046
http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
http://www.osvdb.org/6319
OSVDB:6319
VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
http://www.iss.net/security_center/static/11328.php
XF:oracle-username-bo(11328)
CVE-2003-0096
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
2003-02-21
2016-11-17
CVE-2003-0096
http://www.securityfocus.com/bid/6847
BID:6847
http://www.securityfocus.com/bid/6848
BID:6848
http://www.securityfocus.com/bid/6850
BID:6850
http://marc.info/?l=bugtraq&m=104549743326864&w=2
BUGTRAQ:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
http://marc.info/?l=bugtraq&m=104549782327321&w=2
BUGTRAQ:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
http://marc.info/?l=bugtraq&m=104550346303295&w=2
BUGTRAQ:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
http://www.cert.org/advisories/CA-2003-05.html
CERT:CA-2003-05
http://www.kb.cert.org/vuls/id/663786
CERT-VN:VU#663786
http://www.kb.cert.org/vuls/id/743954
CERT-VN:VU#743954
http://www.kb.cert.org/vuls/id/840666
CERT-VN:VU#840666
http://www.ciac.org/ciac/bulletins/n-046.shtml
CIAC:N-046
http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
http://www.nextgenss.com/advisories/ora-bfilebo.txt
MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt
http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
http://www.nextgenss.com/advisories/ora-tzofstbo.txt
MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html
VULNWATCH:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html
VULNWATCH:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html
VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
http://www.iss.net/security_center/static/11325.php
XF:oracle-bfilename-directory-bo(11325)
http://www.iss.net/security_center/static/11327.php
XF:oracle-totimestamptz-bo(11327)
http://www.iss.net/security_center/static/11326.php
XF:oracle-tzoffset-bo(11326)
CVE-2003-0097
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
2004-09-01
2004-08-10
CVE-2003-0097
http://www.securityfocus.com/bid/6875
BID:6875
http://marc.info/?l=bugtraq&m=104550977011668&w=2
BUGTRAQ:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
http://www.slackware.com/changelog/current.php?cpu=i386
CONFIRM:http://www.slackware.com/changelog/current.php?cpu=i386
http://marc.info/?l=bugtraq&m=104567042700840&w=2
GENTOO:GLSA-200302-09
http://marc.info/?l=bugtraq&m=104567137502557&w=2
GENTOO:GLSA-200302-09.1
VULNWATCH:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
http://www.iss.net/security_center/static/11343.php
XF:php-cgi-sapi-access(11343)
CVE-2003-0098
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
2003-02-26
2007-10-15
CVE-2003-0098
http://www.securityfocus.com/bid/6828
BID:6828
http://www.securityfocus.com/bid/7200
BID:7200
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
CALDERA:CSSA-2003-015.0
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
http://sourceforge.net/project/shownotes.php?release_id=137900
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
http://www.debian.org/security/2003/dsa-277
DEBIAN:DSA-277
http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
MANDRAKE:MDKSA-2003:018
http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
MISC:http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
http://securitytracker.com/id?1006108
SECTRACK:1006108
http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
SUSE:SuSE-SA:2003:022
http://www.iss.net/security_center/static/11334.php
XF:apcupsd-logevent-format-string(11334)
CVE-2003-0099
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.
2003-02-26
2016-11-17
CVE-2003-0099
http://www.securityfocus.com/bid/7200
BID:7200
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
CALDERA:CSSA-2003-015.0
http://sourceforge.net/project/shownotes.php?release_id=137892
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137892
http://sourceforge.net/project/shownotes.php?release_id=137900
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
http://www.debian.org/security/2003/dsa-277
DEBIAN:DSA-277
http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
MANDRAKE:MDKSA-2003:018
http://securitytracker.com/id?1006108
SECTRACK:1006108
http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
SUSE:SuSE-SA:2003:022
http://www.iss.net/security_center/static/11491.php
XF:apcupsd-vsprintf-multiple-bo(11491)
CVE-2003-0100
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
2004-09-01
2009-03-01
CVE-2003-0100
http://www.securityfocus.com/bid/6895
BID:6895
http://marc.info/?l=bugtraq&m=104576100719090&w=2
BUGTRAQ:20030220 Cisco IOS OSPF exploit
http://marc.info/?l=bugtraq&m=104587206702715&w=2
BUGTRAQ:20030221 Re: Cisco IOS OSPF exploit
http://www.iss.net/security_center/static/11373.php
XF:cisco-ios-ospf-bo(11373)
CVE-2003-0101
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
2003-02-26
2016-10-17
CVE-2003-0101
http://www.securityfocus.com/bid/6915
BID:6915
http://marc.info/?l=bugtraq&m=104610336226274&w=2
BUGTRAQ:20030224 GLSA: usermin (200302-14)
http://marc.info/?l=bugtraq&m=104610245624895&w=2
BUGTRAQ:20030224 Webmin 1.050 - 1.060 remote exploit
http://marc.info/?l=bugtraq&m=104610300325629&w=2
BUGTRAQ:20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
http://www.ciac.org/ciac/bulletins/n-058.shtml
CIAC:N-058
http://marc.info/?l=webmin-announce&m=104587858408101&w=2
CONFIRM:http://marc.info/?l=webmin-announce&m=104587858408101&w=2
http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
CONFIRM:http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
http://www.debian.org/security/2003/dsa-319
DEBIAN:DSA-319
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
ENGARDE:ESA-20030225-006
http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
HP:HPSBUX0303-250
http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
MANDRAKE:MDKSA-2003:025
http://www.lac.co.jp/security/english/snsadv_e/62_e.html
MISC:http://www.lac.co.jp/security/english/snsadv_e/62_e.html
http://www.securitytracker.com/id?1006160
SECTRACK:1006160
http://secunia.com/advisories/8115
SECUNIA:8115
http://secunia.com/advisories/8163
SECUNIA:8163
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
SGI:20030602-01-I
http://www.iss.net/security_center/static/11390.php
XF:webmin-usermin-root-access(11390)
CVE-2003-0102
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
2004-09-01
2007-11-28
CVE-2003-0102
http://www.securityfocus.com/bid/7008
BID:7008
BUGTRAQ:20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file)
http://marc.info/?l=bugtraq&m=104680706201721&w=2
BUGTRAQ:20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)
http://www.kb.cert.org/vuls/id/611865
CERT-VN:VU#611865
http://www.debian.org/security/2003/dsa-260
DEBIAN:DSA-260
http://lwn.net/Alerts/34908/
IMMUNIX:IMNX-2003-7+-012-01
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
MANDRAKE:MDKSA-2003:030
http://www.idefense.com/advisory/03.04.03.txt
MISC:http://www.idefense.com/advisory/03.04.03.txt
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
NETBSD:NetBSD-SA2003-003
http://www.redhat.com/support/errata/RHSA-2003-086.html
REDHAT:RHSA-2003:086
http://www.redhat.com/support/errata/RHSA-2003-087.html
REDHAT:RHSA-2003:087
http://www.novell.com/linux/security/advisories/2003_017_file.html
SUSE:SuSE-SA:2003:017
https://exchange.xforce.ibmcloud.com/vulnerabilities/11469
XF:file-afctr-read-bo(11469)
CVE-2003-0103
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
2004-09-01
2007-11-12
CVE-2003-0103
ATSTAKE:A022503-1
http://www.securityfocus.com/bid/6952
BID:6952
http://www.iss.net/security_center/static/11421.php
XF:nokia-6210-vcard-dos(11421)
CVE-2003-0104
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
2004-09-01
2004-08-10
CVE-2003-0104
http://www.securityfocus.com/bid/7053
BID:7053
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
ISS:20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability
http://www.iss.net/security_center/static/10962.php
XF:peoplesoft-schedulertransfer-create-files(10962)
CVE-2003-0105
ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.
2004-08-18
2017-07-10
CVE-2003-0105
http://marc.info/?l=bugtraq&m=109215441332682&w=2
BUGTRAQ:20040810 Corsaire Security Advisory - Port80 Software ServerMask inconsistencies
http://www.corsaire.com/advisories/c030224-001.txt
MISC:http://www.corsaire.com/advisories/c030224-001.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/16947
XF:servermask-header-obtain-info(16947)
CVE-2003-0106
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
2003-03-27
2016-10-17
CVE-2003-0106
http://www.securityfocus.com/bid/7196
BID:7196
http://marc.info/?l=bugtraq&m=104869513822233&w=2
BUGTRAQ:20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754
CONFIRM:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754
http://marc.info/?l=ntbugtraq&m=104868285106289&w=2
NTBUGTRAQ:20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0152.html
VULNWATCH:20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
CVE-2003-0107
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
2004-09-01
2008-02-06
CVE-2003-0107
http://www.securityfocus.com/bid/6913
BID:6913
http://online.securityfocus.com/archive/1/312869
BUGTRAQ:20030222 buffer overrun in zlib 1.1.4
http://marc.info/?l=bugtraq&m=104610337726297&w=2
BUGTRAQ:20030223 poc zlib sploit just for fun :)
http://marc.info/?l=bugtraq&m=104610536129508&w=2
BUGTRAQ:20030224 Re: buffer overrun in zlib 1.1.4
http://marc.info/?l=bugtraq&m=104620610427210&w=2
BUGTRAQ:20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
CALDERA:CSSA-2003-011.0
http://www.kb.cert.org/vuls/id/142121
CERT-VN:VU#142121
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
CONECTIVA:CLSA-2003:619
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
http://marc.info/?l=bugtraq&m=104887247624907&w=2
GENTOO:GLSA-200303-25
http://jvn.jp/en/jp/JVN78689801/index.html
JVN:JVN#78689801
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
JVNDB:JVNDB-2015-000066
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
MANDRAKE:MDKSA-2003:033
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
NETBSD:NetBSD-SA2003-004
http://www.osvdb.org/6599
OSVDB:6599
http://www.redhat.com/support/errata/RHSA-2003-079.html
REDHAT:RHSA-2003:079
http://www.redhat.com/support/errata/RHSA-2003-081.html
REDHAT:RHSA-2003:081
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
SUNALERT:57405
http://www.iss.net/security_center/static/11381.php
XF:zlib-gzprintf-bo(11381)
CVE-2003-0108
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
2004-09-01
2008-02-06
CVE-2003-0108
http://www.securityfocus.com/bid/6974
BID:6974
http://marc.info/?l=bugtraq&m=104637420104189&w=2
BUGTRAQ:20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin
http://marc.info/?l=bugtraq&m=104678787109030&w=2
BUGTRAQ:20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
CONECTIVA:CLA-2003:629
http://www.debian.org/security/2003/dsa-255
DEBIAN:DSA-255
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
MANDRAKE:MDKSA-2003:027
http://www.idefense.com/advisory/02.27.03.txt
MISC:http://www.idefense.com/advisory/02.27.03.txt
http://www.redhat.com/support/errata/RHSA-2003-032.html
REDHAT:RHSA-2003:032
http://www.redhat.com/support/errata/RHSA-2003-085.html
REDHAT:RHSA-2003:085
http://www.redhat.com/support/errata/RHSA-2003-214.html
REDHAT:RHSA-2003:214
http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html
SUSE:SuSE-SA:2003:0015
http://www.iss.net/security_center/static/11434.php
XF:tcpdump-isakmp-dos(11434)
CVE-2003-0109
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
2003-03-18
2018-10-12
CVE-2003-0109
http://www.securityfocus.com/bid/7116
BID:7116
http://marc.info/?l=bugtraq&m=104826476427372&w=2
BUGTRAQ:20030321 New attack vectors and a vulnerability dissection of MS03-007
http://marc.info/?l=bugtraq&m=104861839130254&w=2
BUGTRAQ:20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.
http://marc.info/?l=bugtraq&m=104869293619064&w=2
BUGTRAQ:20030326 WebDAV exploit: using wide character decoder scheme
http://marc.info/?l=bugtraq&m=104887148323552&w=2
BUGTRAQ:20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit
http://marc.info/?l=bugtraq&m=105768156625699&w=2
BUGTRAQ:20030708 WDAV exploit without netcat and with pretty magic number
http://www.cert.org/advisories/CA-2003-09.html
CERT:CA-2003-09
http://www.kb.cert.org/vuls/id/117394
CERT-VN:VU#117394
http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
CONFIRM:http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
ISS:20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
MISC:http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007
MS:MS03-007
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q815021
MSKB:Q815021
http://marc.info/?l=ntbugtraq&m=104826785731151&w=2
NTBUGTRAQ:20030321 New attack vectors and a vulnerability dissection of MS03-007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109
OVAL:oval:org.mitre.oval:def:109
VULNWATCH:20030317 Microsoft IIS 5.0 WebDAV remote buffer overflow
http://www.iss.net/security_center/static/11533.php
XF:http-webdav-long-request(11533)
CVE-2003-0110
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
2003-04-15
2018-10-12
CVE-2003-0110
http://marc.info/?l=bugtraq&m=104994487012027&w=2
BUGTRAQ:20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000
http://www.idefense.com/advisory/04.09.03.txt
MISC:http://www.idefense.com/advisory/04.09.03.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-012
MS:MS03-012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A406
OVAL:oval:org.mitre.oval:def:406
CVE-2003-0111
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
2003-04-15
2018-10-12
CVE-2003-0111
http://www.kb.cert.org/vuls/id/447569
CERT-VN:VU#447569
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-011
MS:MS03-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A136
OVAL:oval:org.mitre.oval:def:136
http://www.iss.net/security_center/static/11751.php
XF:msvm-bytecode-improper-validation(11751)
CVE-2003-0112
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
2003-04-26
2018-10-12
CVE-2003-0112
http://www.securityfocus.com/bid/7370
BID:7370
http://www.kb.cert.org/vuls/id/446338
CERT-VN:VU#446338
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-013
MS:MS03-013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1264
OVAL:oval:org.mitre.oval:def:1264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A142
OVAL:oval:org.mitre.oval:def:142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2022
OVAL:oval:org.mitre.oval:def:2022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2265
OVAL:oval:org.mitre.oval:def:2265
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A262
OVAL:oval:org.mitre.oval:def:262
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3145
OVAL:oval:org.mitre.oval:def:3145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A779
OVAL:oval:org.mitre.oval:def:779
https://exchange.xforce.ibmcloud.com/vulnerabilities/11803
XF:win-kernel-lpcrequestwaitreplyport-bo(11803)
CVE-2003-0113
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
2003-04-26
2018-10-12
CVE-2003-0113
http://marc.info/?l=bugtraq&m=105138417416900&w=2
BUGTRAQ:20030426 Buffer overflow in Internet Explorer's HTTP parsing code
http://marc.info/?l=bugtraq&m=105718285107246&w=2
BUGTRAQ:20030701 URLMON.DLL buffer overflow - technical details
http://www.kb.cert.org/vuls/id/169753
CERT-VN:VU#169753
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015
MS:MS03-015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926
OVAL:oval:org.mitre.oval:def:926
CVE-2003-0114
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
2003-04-26
2018-10-12
CVE-2003-0114
http://marc.info/?l=bugtraq&m=104429340817718&w=2
BUGTRAQ:20030203 internet explorer local file reading
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015
MS:MS03-015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963
OVAL:oval:org.mitre.oval:def:963
CVE-2003-0115
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
2003-05-02
2018-10-12
CVE-2003-0115
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015
MS:MS03-015
http://www.iss.net/security_center/static/11848.php
XF:ie-improper-thirdparty-rendering(11848)
CVE-2003-0116
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
2003-04-26
2018-10-12
CVE-2003-0116
http://www.securityfocus.com/bid/6306
BID:6306
http://www.securityfocus.com/archive/1/301945
BUGTRAQ:20021203 Poisonous Style for Dialog window turns the zone off.
http://www.kb.cert.org/vuls/id/244729
CERT-VN:VU#244729
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015
MS:MS03-015
CVE-2003-0117
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
2003-05-02
2018-10-12
CVE-2003-0117
http://marc.info/?l=bugtraq&m=105216866132289&w=2
BUGTRAQ:20030505 Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016
MS:MS03-016
CVE-2003-0118
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
2003-05-02
2018-10-12
CVE-2003-0118
http://marc.info/?l=bugtraq&m=105216839231951&w=2
BUGTRAQ:20030505 Microsoft Biztalk Server DTA vulnerable to SQL injection
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016
MS:MS03-016
CVE-2003-0119
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
2004-01-14
2007-11-15
CVE-2003-0119
AIXAPAR:IY40157
AIXAPAR:IY40228
AIXAPAR:IY40510
http://www.securityfocus.com/bid/7264
BID:7264
http://www.kb.cert.org/vuls/id/624713
CERT-VN:VU#624713
http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument
IBM:MSS-OAR-E01-2003:0245.1
http://secunia.com/advisories/8221
SECUNIA:8221
CVE-2003-0120
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
2004-09-01
2007-10-17
CVE-2003-0120
http://www.securityfocus.com/bid/6978
BID:6978
http://www.debian.org/security/2003/dsa-256
DEBIAN:DSA-256
http://www.iss.net/security_center/static/11439.php
XF:mhc-adb2mhc-insecure-tmp(11439)
CVE-2003-0121
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.
2003-03-13
2016-10-17
CVE-2003-0121
http://www.securityfocus.com/bid/7044
BID:7044
http://marc.info/?l=bugtraq&m=104716030503607&w=2
BUGTRAQ:20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
http://www.securityfocus.com/archive/1/316311
BUGTRAQ:20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
CVE-2003-0122
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
2004-09-01
2007-11-12
CVE-2003-0122
http://www.securityfocus.com/bid/7037
BID:7037
http://marc.info/?l=bugtraq&m=104757319829443&w=2
BUGTRAQ:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
http://www.cert.org/advisories/CA-2003-11.html
CERT:CA-2003-11
http://www.kb.cert.org/vuls/id/433489
CERT-VN:VU#433489
http://www.ciac.org/ciac/bulletins/n-065.shtml
CIAC:N-065
http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101
CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101
http://www.rapid7.com/advisories/R7-0010.html
MISC:http://www.rapid7.com/advisories/R7-0010.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html
VULNWATCH:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
https://exchange.xforce.ibmcloud.com/vulnerabilities/11526
XF:lotus-nrpc-bo(11526)
CVE-2003-0123
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
2004-09-01
2007-11-12
CVE-2003-0123
http://www.securityfocus.com/bid/7038
BID:7038
http://marc.info/?l=bugtraq&m=104757545500368&w=2
BUGTRAQ:20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow
http://www.cert.org/advisories/CA-2003-11.html
CERT:CA-2003-11
http://www.kb.cert.org/vuls/id/411489
CERT-VN:VU#411489
http://www.ciac.org/ciac/bulletins/n-065.shtml
CIAC:N-065
http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
http://www.rapid7.com/advisories/R7-0011.html
MISC:http://www.rapid7.com/advisories/R7-0011.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11525
XF:lotus-web-retriever-bo(11525)
CVE-2003-0124
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.
2004-09-01
2004-08-10
CVE-2003-0124
http://www.securityfocus.com/bid/7066
BID:7066
http://marc.info/?l=bugtraq&m=104740927915154&w=2
BUGTRAQ:20030311 Vulnerability in man < 1.5l
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620
CONECTIVA:CLSA-2003:620
http://marc.info/?l=bugtraq&m=104802285112752&w=2
GENTOO:GLSA-200303-13
http://www.redhat.com/support/errata/RHSA-2003-133.html
REDHAT:RHSA-2003:133
http://www.redhat.com/support/errata/RHSA-2003-134.html
REDHAT:RHSA-2003:134
https://exchange.xforce.ibmcloud.com/vulnerabilities/11512
XF:man-myxsprintf-code-execution(11512)
CVE-2003-0125
Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.
2004-09-01
2004-08-10
CVE-2003-0125
http://www.securityfocus.com/bid/7067
BID:7067
ftp://ftp.multitech.com/Routers/RF550VPN.TXT
CONFIRM:ftp://ftp.multitech.com/Routers/RF550VPN.TXT
http://www.krusesecurity.dk/advisories/routefind550bof.txt
MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/11514
XF:routefinder-vpn-options-bo(11514)
CVE-2003-0126
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.
2003-03-13
2003-03-18
CVE-2003-0126
http://www.krusesecurity.dk/advisories/routefind550bof.txt
MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow
CVE-2003-0127
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
2003-03-18
2017-10-09
CVE-2003-0127
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
CALDERA:CSSA-2003-020.0
http://www.kb.cert.org/vuls/id/628849
CERT-VN:VU#628849
http://www.debian.org/security/2003/dsa-270
DEBIAN:DSA-270
http://www.debian.org/security/2003/dsa-276
DEBIAN:DSA-276
http://www.debian.org/security/2003/dsa-311
DEBIAN:DSA-311
http://www.debian.org/security/2003/dsa-312
DEBIAN:DSA-312
http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-332
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
http://www.debian.org/security/2004/dsa-495
DEBIAN:DSA-495
ENGARDE:ESA-20030318-009
http://marc.info/?l=bugtraq&m=105301461726555&w=2
ENGARDE:ESA-20030515-017
http://security.gentoo.org/glsa/glsa-200303-17.xml
GENTOO:GLSA-200303-17
http://www.mandriva.com/security/advisories?name=MDKSA-2003:038
MANDRAKE:MDKSA-2003:038
http://www.mandriva.com/security/advisories?name=MDKSA-2003:039
MANDRAKE:MDKSA-2003:039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254
OVAL:oval:org.mitre.oval:def:254
http://rhn.redhat.com/errata/RHSA-2003-088.html
REDHAT:RHSA-2003:088
http://rhn.redhat.com/errata/RHSA-2003-098.html
REDHAT:RHSA-2003:098
http://www.redhat.com/support/errata/RHSA-2003-103.html
REDHAT:RHSA-2003:103
http://www.redhat.com/support/errata/RHSA-2003-145.html
REDHAT:RHSA-2003:145
SUSE:SuSE-SA:2003:021
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
VULNWATCH:20030317 Fwd: Ptrace hole / Linux 2.2.25
CVE-2003-0128
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.
2003-03-21
2017-10-09
CVE-2003-0128
http://www.securityfocus.com/bid/7117
BID:7117
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
BUGTRAQ:20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
http://marc.info/?l=bugtraq&m=104826470527308&w=2
BUGTRAQ:20030321 GLSA: evolution (200303-18)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
CONECTIVA:CLA-2003:648
http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
GENTOO:GLSA-200303-18
http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
MANDRAKE:MDKSA-2003:045
http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107
OVAL:oval:org.mitre.oval:def:107
http://www.redhat.com/support/errata/RHSA-2003-108.html
REDHAT:RHSA-2003:108
CVE-2003-0129
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.
2003-03-21
2017-10-09
CVE-2003-0129
http://www.securityfocus.com/bid/7118
BID:7118
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
BUGTRAQ:20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
http://marc.info/?l=bugtraq&m=104826470527308&w=2
BUGTRAQ:20030321 GLSA: evolution (200303-18)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
CONECTIVA:CLA-2003:648
http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
GENTOO:GLSA-200303-18
http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
MANDRAKE:MDKSA-2003:045
http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A108
OVAL:oval:org.mitre.oval:def:108
http://www.redhat.com/support/errata/RHSA-2003-108.html
REDHAT:RHSA-2003:108
CVE-2003-0130
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
2003-03-21
2017-10-09
CVE-2003-0130
http://www.securityfocus.com/bid/7119
BID:7119
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
BUGTRAQ:20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
http://marc.info/?l=bugtraq&m=104826470527308&w=2
BUGTRAQ:20030321 GLSA: evolution (200303-18)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
CONECTIVA:CLA-2003:648
http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
GENTOO:GLSA-200303-18
http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
MANDRAKE:MDKSA-2003:045
http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A111
OVAL:oval:org.mitre.oval:def:111
http://www.redhat.com/support/errata/RHSA-2003-108.html
REDHAT:RHSA-2003:108
CVE-2003-0131
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
2003-03-21
2018-10-19
CVE-2003-0131
http://www.securityfocus.com/bid/7148
BID:7148
http://marc.info/?l=bugtraq&m=104811162730834&w=2
BUGTRAQ:20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
http://marc.info/?l=bugtraq&m=104852637112330&w=2
BUGTRAQ:20030324 GLSA: openssl (200303-20)
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
BUGTRAQ:20030327 Immunix Secured OS 7+ openssl update
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
CALDERA:CSSA-2003-014.0
http://www.kb.cert.org/vuls/id/888801
CERT-VN:VU#888801
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
CONECTIVA:CLA-2003:625
http://lists.apple.com/mhonarc/security-announce/msg00028.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
http://www.openssl.org/news/secadv_20030319.txt
CONFIRM:http://www.openssl.org/news/secadv_20030319.txt
http://www.debian.org/security/2003/dsa-288
DEBIAN:DSA-288
ENGARDE:ESA-20030320-010
FREEBSD:FreeBSD-SA-03:06
http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml
GENTOO:GLSA-200303-20
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
IMMUNIX:IMNX-2003-7+-001-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:035
MANDRAKE:MDKSA-2003:035
http://eprint.iacr.org/2003/052/
MISC:http://eprint.iacr.org/2003/052/
http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
MISC:http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc
NETBSD:NetBSD-SA2003-007
http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html
OPENPKG:OpenPKG-SA-2003.026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461
OVAL:oval:org.mitre.oval:def:461
http://www.redhat.com/support/errata/RHSA-2003-101.html
REDHAT:RHSA-2003:101
http://www.redhat.com/support/errata/RHSA-2003-102.html
REDHAT:RHSA-2003:102
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
SGI:20030501-01-I
https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html
SUSE:SuSE-SA:2003:024
http://marc.info/?l=bugtraq&m=104878215721135&w=2
TRUSTIX:2003-0013
https://exchange.xforce.ibmcloud.com/vulnerabilities/11586
XF:ssl-premaster-information-leak(11586)
CVE-2003-0132
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
2003-04-03
2021-06-06
CVE-2003-0132
http://marc.info/?l=bugtraq&m=104931360606484&w=2
BUGTRAQ:20030402 [ANNOUNCE] Apache 2.0.45 Released
http://marc.info/?l=bugtraq&m=104994309010974&w=2
BUGTRAQ:20030408 Exploit Code Released for Apache 2.x Memory Leak
http://marc.info/?l=bugtraq&m=104982175321731&w=2
BUGTRAQ:20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x
http://marc.info/?l=bugtraq&m=104994239010517&w=2
BUGTRAQ:20030409 GLSA: apache (200304-01)
http://marc.info/?l=bugtraq&m=105001663120995&w=2
BUGTRAQ:20030410 working apache <= 2.0.44 DoS exploit for linux.
http://marc.info/?l=bugtraq&m=105013378320711&w=2
BUGTRAQ:20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service
http://www.kb.cert.org/vuls/id/206537
CERT-VN:VU#206537
http://lists.apple.com/mhonarc/security-announce/msg00028.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147
MISC:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147
http://www.idefense.com/advisory/04.08.03.txt
MISC:http://www.idefense.com/advisory/04.08.03.txt
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156
OVAL:oval:org.mitre.oval:def:156
http://www.redhat.com/support/errata/RHSA-2003-139.html
REDHAT:RHSA-2003:139
http://secunia.com/advisories/34920
SECUNIA:34920
http://secunia.com/advisories/8499
SECUNIA:8499
http://www.vupen.com/english/advisories/2009/1233
VUPEN:ADV-2009-1233
CVE-2003-0133
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
2003-04-15
2017-10-09
CVE-2003-0133
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737
CONECTIVA:CLA-2003:737
http://www.mandriva.com/security/advisories?name=MDKSA-2003:046
MANDRAKE:MDKSA-2003:046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A138
OVAL:oval:org.mitre.oval:def:138
http://www.redhat.com/support/errata/RHSA-2003-126.html
REDHAT:RHSA-2003:126
CVE-2003-0134
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
2003-04-03
2021-06-06
CVE-2003-0134
http://marc.info/?l=bugtraq&m=104931360606484&w=2
BUGTRAQ:20030402 [ANNOUNCE] Apache 2.0.45 Released
http://marc.info/?l=bugtraq&m=105418115512559&w=2
BUGTRAQ:20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35
CONFIRM:http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
CVE-2003-0135
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
2003-04-03
2017-10-09
CVE-2003-0135
http://www.securityfocus.com/bid/7253
BID:7253
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A634
OVAL:oval:org.mitre.oval:def:634
http://www.redhat.com/support/errata/RHSA-2003-084.html
REDHAT:RHSA-2003:084
CVE-2003-0136
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
2003-04-15
2017-10-09
CVE-2003-0136
http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366
http://www.debian.org/security/2003/dsa-285
DEBIAN:DSA-285
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423
OVAL:oval:org.mitre.oval:def:423
http://www.redhat.com/support/errata/RHSA-2003-142.html
REDHAT:RHSA-2003:142
CVE-2003-0137
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
2003-03-14
2008-03-25
CVE-2003-0137
http://www.atstake.com/research/advisories/2003/a031303-2.txt
ATSTAKE:A031303-2
http://secunia.com/advisories/8301
SECUNIA:8301
CVE-2003-0138
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
2003-03-21
2018-10-19
CVE-2003-0138
http://www.securityfocus.com/bid/7113
BID:7113
http://marc.info/?l=bugtraq&m=104791775804776&w=2
BUGTRAQ:20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://www.kb.cert.org/vuls/id/623217
CERT-VN:VU#623217
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
http://www.debian.org/security/2003/dsa-266
DEBIAN:DSA-266
http://www.debian.org/security/2003/dsa-269
DEBIAN:DSA-269
http://www.debian.org/security/2003/dsa-273
DEBIAN:DSA-273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248
OVAL:oval:org.mitre.oval:def:248
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-091.html
REDHAT:RHSA-2003:091
CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
2003-03-21
2018-10-19
CVE-2003-0139
http://marc.info/?l=bugtraq&m=104791775804776&w=2
BUGTRAQ:20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4
http://www.securityfocus.com/archive/1/317130/30/25250/threaded
BUGTRAQ:20030330 GLSA: openafs (200303-26)
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://www.kb.cert.org/vuls/id/442569
CERT-VN:VU#442569
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
http://www.debian.org/security/2003/dsa-266
DEBIAN:DSA-266
http://www.debian.org/security/2003/dsa-273
DEBIAN:DSA-273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250
OVAL:oval:org.mitre.oval:def:250
http://www.redhat.com/support/errata/RHSA-2003-051.html
REDHAT:RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
REDHAT:RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-091.html
REDHAT:RHSA-2003:091
CVE-2003-0140
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
2003-03-21
2017-10-09
CVE-2003-0140
http://www.securityfocus.com/bid/7120
BID:7120
http://www.securityfocus.com/archive/1/315679
BUGTRAQ:20030319 mutt-1.4.1 fixes a buffer overflow.
http://marc.info/?l=bugtraq&m=104818814931378&w=2
BUGTRAQ:20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent
http://marc.info/?l=bugtraq&m=104817995421439&w=2
BUGTRAQ:20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)
http://marc.info/?l=bugtraq&m=104852190605988&w=2
BUGTRAQ:20030322 GLSA: mutt (200303-19)
http://marc.info/?l=bugtraq&m=105171507629573&w=2
BUGTRAQ:20030430 GLSA: balsa (200304-10)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626
CONECTIVA:CLA-2003:626
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630
CONECTIVA:CLA-2003:630
http://www.debian.org/security/2003/dsa-268
DEBIAN:DSA-268
http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml
GENTOO:GLSA-200303-19
http://www.mandriva.com/security/advisories?name=MDKSA-2003:041
MANDRAKE:MDKSA-2003:041
http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2
OVAL:oval:org.mitre.oval:def:2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434
OVAL:oval:org.mitre.oval:def:434
http://www.redhat.com/support/errata/RHSA-2003-109.html
REDHAT:RHSA-2003:109
http://www.novell.com/linux/security/advisories/2003_020_mutt.html
SUSE:SuSE-SA:2003:020
https://exchange.xforce.ibmcloud.com/vulnerabilities/11583
XF:mutt-folder-name-bo(11583)
CVE-2003-0141
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
2003-03-29
2016-10-17
CVE-2003-0141
http://www.securityfocus.com/bid/7177
BID:7177
http://marc.info/?l=bugtraq&m=104887465427579&w=2
BUGTRAQ:20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
http://www.kb.cert.org/vuls/id/705761
CERT-VN:VU#705761
http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html
VULNWATCH:20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
CVE-2003-0142
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.
2003-07-17
2005-05-11
CVE-2003-0142
http://www.securityfocus.com/archive/1/328224
BUGTRAQ:20030708 Adobe Acrobat and PDF security: no improvements for 2 years
http://www.kb.cert.org/vuls/id/689835
CERT-VN:VU#689835
CVE-2003-0143
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.
2004-09-01
2004-08-10
CVE-2003-0143
http://www.securityfocus.com/bid/7058
BID:7058
http://marc.info/?l=bugtraq&m=104739841223916&w=2
BUGTRAQ:20030310 QPopper 4.0.x buffer overflow vulnerability
http://marc.info/?l=bugtraq&m=104748775900481&w=2
BUGTRAQ:20030312 Re: QPopper 4.0.x buffer overflow vulnerability
http://marc.info/?l=bugtraq&m=104768137314397&w=2
BUGTRAQ:20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)
http://www.debian.org/security/2003/dsa-259
DEBIAN:DSA-259
http://marc.info/?l=bugtraq&m=104792541215354&w=2
GENTOO:GLSA-200303-12
http://www.novell.com/linux/security/advisories/2003_018_qpopper.html
SUSE:SuSE-SA:2003:018
https://exchange.xforce.ibmcloud.com/vulnerabilities/11516
XF:qpopper-popmsg-macroname-bo(11516)
CVE-2003-0144
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
2003-03-14
2017-07-10
CVE-2003-0144
http://www.securityfocus.com/bid/7025
BID:7025
http://marc.info/?l=bugtraq&m=104690434504429&w=2
BUGTRAQ:20030305 potential buffer overflow in lprm (fwd)
http://marc.info/?l=bugtraq&m=104714441925019&w=2
BUGTRAQ:20030308 OpenBSD lprm(1) exploit
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
http://www.debian.org/security/2003/dsa-267
DEBIAN:DSA-267
http://www.debian.org/security/2003/dsa-275
DEBIAN:DSA-275
http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
MANDRAKE:MDKSA-2003:059
http://secunia.com/advisories/8293
SECUNIA:8293
ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
SGI:20030406-02-P
http://www.novell.com/linux/security/advisories/2003_014_lprold.html
SUSE:SuSE-SA:2003:0014
https://exchange.xforce.ibmcloud.com/vulnerabilities/11473
XF:lprm-bo(11473)
CVE-2003-0145
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
2004-09-01
2004-08-17
CVE-2003-0145
http://www.tcpdump.org/tcpdump-changes.txt
CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt
http://www.debian.org/security/2003/dsa-261
DEBIAN:DSA-261
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
MANDRAKE:MDKSA-2003:027
http://www.redhat.com/support/errata/RHSA-2003-032.html
REDHAT:RHSA-2003:032
http://www.redhat.com/support/errata/RHSA-2003-151.html
REDHAT:RHSA-2003:151
http://www.redhat.com/support/errata/RHSA-2003-214.html
REDHAT:RHSA-2003:214
https://exchange.xforce.ibmcloud.com/vulnerabilities/11857
XF:tcpdump-radius-attribute-dos(11857)
CVE-2003-0146
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
2003-03-18
2017-07-10
CVE-2003-0146
http://www.securityfocus.com/bid/6979
BID:6979
http://marc.info/?l=bugtraq&m=104644687816522&w=2
BUGTRAQ:20030228 NetPBM, multiple vulnerabilities
http://www.kb.cert.org/vuls/id/630433
CERT-VN:VU#630433
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656
CONECTIVA:CLSA-2003:656
http://www.debian.org/security/2003/dsa-263
DEBIAN:DSA-263
http://www.redhat.com/support/errata/RHSA-2003-060.html
REDHAT:RHSA-2003:060
https://exchange.xforce.ibmcloud.com/vulnerabilities/11463
XF:netpbm-multiple-bo(11463)
CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
2003-03-18
2018-10-19
CVE-2003-0147
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
APPLE:APPLE-SA-2003-03-24
http://marc.info/?l=bugtraq&m=104766550528628&w=2
BUGTRAQ:20030313 Vulnerability in OpenSSL
http://marc.info/?l=bugtraq&m=104792570615648&w=2
BUGTRAQ:20030317 [ADVISORY] Timing Attack on OpenSSL
http://marc.info/?l=bugtraq&m=104819602408063&w=2
BUGTRAQ:20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
BUGTRAQ:20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
BUGTRAQ:20030327 Immunix Secured OS 7+ openssl update
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
CALDERA:CSSA-2003-014.0
http://www.kb.cert.org/vuls/id/997481
CERT-VN:VU#997481
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
CONECTIVA:CLA-2003:625
http://www.openssl.org/news/secadv_20030317.txt
CONFIRM:http://www.openssl.org/news/secadv_20030317.txt
http://www.debian.org/security/2003/dsa-288
DEBIAN:DSA-288
ENGARDE:ESA-20030320-010
FREEBSD:FreeBSD-SA-03:06
http://marc.info/?l=bugtraq&m=104829040921835&w=2
GENTOO:GLSA-200303-15
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
GENTOO:GLSA-200303-23
http://marc.info/?l=bugtraq&m=104861762028637&w=2
GENTOO:GLSA-200303-24
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
IMMUNIX:IMNX-2003-7+-001-01
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
MANDRAKE:MDKSA-2003:035
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
MISC:http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
OPENPKG:OpenPKG-SA-2003.019
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
OVAL:oval:org.mitre.oval:def:466
http://www.redhat.com/support/errata/RHSA-2003-101.html
REDHAT:RHSA-2003:101
http://www.redhat.com/support/errata/RHSA-2003-102.html
REDHAT:RHSA-2003:102
REDHAT:RHSA-2003:205
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
SGI:20030501-01-I
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
VULNWATCH:20030313 OpenSSL Private Key Disclosure
CVE-2003-0148
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.
2003-08-01
2021-06-15
CVE-2003-0148
http://www.atstake.com/research/advisories/2003/a073103-1.txt
ATSTAKE:A073103-1
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CVE-2003-0149
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.
2003-08-01
2021-06-15
CVE-2003-0149
http://www.atstake.com/research/advisories/2003/a073103-1.txt
ATSTAKE:A073103-1
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CVE-2003-0150
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
2003-03-21
2017-10-09
CVE-2003-0150
http://www.securityfocus.com/bid/7052
BID:7052
http://marc.info/?l=bugtraq&m=104715840202315&w=2
BUGTRAQ:20030308 MySQL_user_can_be_changed_to_root?
http://marc.info/?l=bugtraq&m=104739810523433&w=2
BUGTRAQ:20030310 Re: MySQL user can be changed to root
http://marc.info/?l=bugtraq&m=104802285012750&w=2
BUGTRAQ:20030318 GLSA: mysql (200303-14)
http://marc.info/?l=bugtraq&m=104800948128630&w=2
BUGTRAQ:20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)
http://www.kb.cert.org/vuls/id/203897
CERT-VN:VU#203897
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
CONECTIVA:CLA-2003:743
http://www.debian.org/security/2003/dsa-303
DEBIAN:DSA-303
http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html
ENGARDE:ESA-20030324-012
http://www.mandriva.com/security/advisories?name=MDKSA-2003:057
MANDRAKE:MDKSA-2003:057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442
OVAL:oval:org.mitre.oval:def:442
http://www.redhat.com/support/errata/RHSA-2003-093.html
REDHAT:RHSA-2003:093
http://rhn.redhat.com/errata/RHSA-2003-094.html
REDHAT:RHSA-2003:094
https://exchange.xforce.ibmcloud.com/vulnerabilities/11510
XF:mysql-datadir-root-privileges(11510)
CVE-2003-0151
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
2003-03-21
2016-10-17
CVE-2003-0151
http://www.securityfocus.com/bid/7122
BID:7122
http://www.securityfocus.com/bid/7124
BID:7124
http://marc.info/?l=bugtraq&m=104792544515384&w=2
BUGTRAQ:20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server
http://marc.info/?l=bugtraq&m=104792477914620&w=2
BUGTRAQ:20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
http://www.s21sec.com/en/avisos/s21sec-011-en.txt
MISC:http://www.s21sec.com/en/avisos/s21sec-011-en.txt
CVE-2003-0152
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
2003-03-26
2007-11-15
CVE-2003-0152
http://www.securityfocus.com/bid/7162
BID:7162
http://www.debian.org/security/2003/dsa-265
DEBIAN:DSA-265
CVE-2003-0153
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
2003-03-26
2017-07-10
CVE-2003-0153
http://www.securityfocus.com/bid/5517
BID:5517
http://marc.info/?l=bugtraq&m=102980129101054&w=2
BUGTRAQ:20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
http://bugzilla.mozilla.org/show_bug.cgi?id=187230
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=187230
http://www.debian.org/security/2003/dsa-265
DEBIAN:DSA-265
https://exchange.xforce.ibmcloud.com/vulnerabilities/9921
XF:bonsai-path-disclosure(9921)
CVE-2003-0154
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
2003-03-26
2016-10-17
CVE-2003-0154
http://www.securityfocus.com/bid/5516
BID:5516
http://marc.info/?l=bugtraq&m=102980129101054&w=2
BUGTRAQ:20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
http://bugzilla.mozilla.org/show_bug.cgi?id=163573
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163573
http://www.debian.org/security/2003/dsa-265
DEBIAN:DSA-265
http://bugzilla.mozilla.org/show_bug.cgi?id=146244
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=146244
http://www.iss.net/security_center/static/9920.php
XF:bonsai-error-message-xss(9920)
CVE-2003-0155
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
2003-03-26
2007-11-15
CVE-2003-0155
http://www.securityfocus.com/bid/7163
BID:7163
http://www.debian.org/security/2003/dsa-265
DEBIAN:DSA-265
CVE-2003-0156
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.
2003-03-21
2016-10-17
CVE-2003-0156
http://www.securityfocus.com/bid/7062
BID:7062
http://marc.info/?l=bugtraq&m=104739747222492&w=2
BUGTRAQ:20030311 Cross-Referencing Linux vulnerability
http://www.debian.org/security/2003/dsa-264
DEBIAN:DSA-264
CVE-2003-0157
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0138. Reason: This candidate is a reservation duplicate of CVE-2003-0138 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0138 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-03-21
2005-02-06
CVE-2003-0157
CVE-2003-0158
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0139. Reason: This candidate is a reservation duplicate of CVE-2003-0139 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-03-21
2005-02-06
CVE-2003-0158
CVE-2003-0159
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2003-03-26
2017-10-09
CVE-2003-0159
http://www.securityfocus.com/bid/7050
BID:7050
http://marc.info/?l=bugtraq&m=104741640924709&w=2
BUGTRAQ:20030309 GLSA: ethereal (200303-10)
http://www.ethereal.com/appnotes/enpa-sa-00008.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:051
MANDRAKE:MDKSA-2003:051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55
OVAL:oval:org.mitre.oval:def:55
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
SUSE:SuSE-SA:2003:019
CVE-2003-0160
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
2003-03-26
2017-10-09
CVE-2003-0160
http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988
CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614
OVAL:oval:org.mitre.oval:def:614
http://www.redhat.com/support/errata/RHSA-2003-112.html
REDHAT:RHSA-2003:112
CVE-2003-0161
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
2003-04-01
2018-10-19
CVE-2003-0161
http://www.securityfocus.com/bid/7230
BID:7230
http://marc.info/?l=bugtraq&m=104897487512238&w=2
BUGTRAQ:20030329 Sendmail: -1 gone wild
http://marc.info/?l=bugtraq&m=104896621106790&w=2
BUGTRAQ:20030329 sendmail 8.12.9 available
http://marc.info/?l=bugtraq&m=104914999806315&w=2
BUGTRAQ:20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)
http://www.securityfocus.com/archive/1/316961/30/25250/threaded
BUGTRAQ:20030331 GLSA: sendmail (200303-27)
http://www.securityfocus.com/archive/1/317135/30/25220/threaded
BUGTRAQ:20030401 Immunix Secured OS 7+ openssl update
http://www.securityfocus.com/archive/1/321997
BUGTRAQ:20030520 [Fwd: 127 Research and Development: 127 Day!]
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt
CALDERA:CSSA-2003-016.0
http://www.cert.org/advisories/CA-2003-12.html
CERT:CA-2003-12
http://www.kb.cert.org/vuls/id/897604
CERT-VN:VU#897604
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614
CONECTIVA:CLA-2003:614
http://lists.apple.com/mhonarc/security-announce/msg00028.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
http://www.debian.org/security/2003/dsa-278
DEBIAN:DSA-278
http://www.debian.org/security/2003/dsa-290
DEBIAN:DSA-290
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc
FREEBSD:FreeBSD-SA-03:07
http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html
FULLDISC:20030329 Sendmail: -1 gone wild
http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml
GENTOO:GLSA-200303-27
HP:SSRT3531
http://www.securityfocus.com/archive/1/317135/30/25220/threaded
IMMUNIX:IMNX-2003-7+-002-01
http://www.redhat.com/support/errata/RHSA-2003-120.html
REDHAT:RHSA-2003:120
http://www.redhat.com/support/errata/RHSA-2003-121.html
REDHAT:RHSA-2003:121
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
SCO:SCOSA-2004.11
ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P
SGI:20030401-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1
SUNALERT:1001088
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1
SUNALERT:52620
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1
SUNALERT:52700
SUSE:SuSE-SA:2003:023
CVE-2003-0162
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.
2003-03-26
2017-07-10
CVE-2003-0162
http://www.securityfocus.com/bid/6971
BID:6971
http://marc.info/?l=bugtraq&m=104636153214262&w=2
BUGTRAQ:20030227 Ecardis Password Reseting Vulnerability
http://marc.info/?l=bugtraq&m=104673407728323&w=2
BUGTRAQ:20030303 Re: Ecardis Password Reseting Vulnerability
http://www.debian.org/security/2003/dsa-271
DEBIAN:DSA-271
https://exchange.xforce.ibmcloud.com/vulnerabilities/11431
XF:ecartis-password-reset(11431)
CVE-2003-0163
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
2003-04-15
2016-10-17
CVE-2003-0163
http://www.securityfocus.com/bid/7182
BID:7182
http://marc.info/?l=bugtraq&m=105013281120352&w=2
BUGTRAQ:20030412 R7-0013: Heap Corruption in Gaim-Encryption Plugin
http://www.rapid7.com/advisories/R7-0013.html
MISC:http://www.rapid7.com/advisories/R7-0013.html
CVE-2003-0164
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0164
CVE-2003-0165
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
2003-03-29
2017-10-09
CVE-2003-0165
http://www.securityfocus.com/bid/7121
BID:7121
http://marc.info/?l=bugtraq&m=104887189724146&w=2
BUGTRAQ:20030328 CORE-2003-0304-03: Vulnerability in GNOME's Eye of Gnome
http://www.kb.cert.org/vuls/id/363001
CERT-VN:VU#363001
http://www.mandriva.com/security/advisories?name=MDKSA-2003:048
MANDRAKE:MDKSA-2003:048
http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A52
OVAL:oval:org.mitre.oval:def:52
http://www.redhat.com/support/errata/RHSA-2003-128.html
REDHAT:RHSA-2003:128
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0157.html
VULNWATCH:20030328 Vulnerability in GNOME's Eye of Gnome
CVE-2003-0166
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
2003-03-27
2016-10-17
CVE-2003-0166
http://www.securityfocus.com/bid/7197
BID:7197
http://www.securityfocus.com/bid/7198
BID:7198
http://marc.info/?l=bugtraq&m=104869828526885&w=2
BUGTRAQ:20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
http://marc.info/?l=bugtraq&m=104878100719467&w=2
BUGTRAQ:20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
http://marc.info/?l=bugtraq&m=104931415307111&w=2
BUGTRAQ:20030402 Inaccurate Reports Concerning PHP Vulnerabilities
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
CONECTIVA:CLSA-2003:691
SCO:CSSA-2003-SCO.28
CVE-2003-0167
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
2003-03-29
2003-05-08
CVE-2003-0167
http://www.securityfocus.com/bid/7229
BID:7229
http://www.debian.org/security/2003/dsa-274
DEBIAN:DSA-274
http://www.debian.org/security/2003/dsa-300
DEBIAN:DSA-300
CVE-2003-0168
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
2003-04-01
2018-10-19
CVE-2003-0168
http://www.securityfocus.com/archive/1/317141/30/25220/threaded
APPLE:APPLE-SA-2003-03-31
http://www.securityfocus.com/bid/7247
BID:7247
http://www.securityfocus.com/archive/1/317141/30/25220/threaded
BUGTRAQ:20030401 Fwd: QuickTime 6.1 for Windows is available
http://www.securityfocus.com/archive/1/317148/30/25220/threaded
BUGTRAQ:20030401 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
http://www.kb.cert.org/vuls/id/112553
CERT-VN:VU#112553
http://lists.apple.com/mhonarc/security-announce/msg00027.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00027.html
http://www.idefense.com/advisory/03.31.03.txt
MISC:http://www.idefense.com/advisory/03.31.03.txt
http://www.osvdb.org/10561
OSVDB:10561
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html
VULNWATCH:20030331 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
https://exchange.xforce.ibmcloud.com/vulnerabilities/11671
XF:quicktime-url-bo(11671)
CVE-2003-0169
hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.
2003-04-01
2016-10-17
CVE-2003-0169
http://www.securityfocus.com/bid/7246
BID:7246
http://marc.info/?l=bugtraq&m=104914959705949&w=2
BUGTRAQ:20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html
VULNWATCH:20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools
CVE-2003-0170
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
2004-03-10
2017-07-10
CVE-2003-0170
http://www-1.ibm.com/support/docview.wss?uid=isg1IY42424
AIXAPAR:IY42424
http://www.securityfocus.com/bid/7346
BID:7346
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0469.1
IBM:MSS-OAR-E01-2003.0469.1
http://www.osvdb.org/4878
OSVDB:4878
https://exchange.xforce.ibmcloud.com/vulnerabilities/11823
XF:aix-ftpd-gain-access(11823)
CVE-2003-0171
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
2003-04-15
2021-06-15
CVE-2003-0171
http://www.atstake.com/research/advisories/2003/a041003-1.txt
ATSTAKE:A041003-1
http://lists.apple.com/mhonarc/security-announce/msg00028.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
CVE-2003-0172
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
2003-03-29
2017-07-10
CVE-2003-0172
http://www.securityfocus.com/bid/7210
BID:7210
http://marc.info/?l=bugtraq&m=104878149020152&w=2
BUGTRAQ:20030327 @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
http://www.securityfocus.com/archive/1/316583
BUGTRAQ:20030327 Re: @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
http://marc.info/?l=bugtraq&m=104931415307111&w=2
BUGTRAQ:20030402 Inaccurate Reports Concerning PHP Vulnerabilities
http://www.securityfocus.com/archive/1/385238
BUGTRAQ:20041222 PHP v4.3.x exploit for Windows.
http://www.osvdb.org/2113
OSVDB:2113
https://exchange.xforce.ibmcloud.com/vulnerabilities/11637
XF:php-openlog-stack-bo(11637)
CVE-2003-0173
xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.
2003-04-15
2003-04-26
CVE-2003-0173
http://www.kb.cert.org/vuls/id/111673
CERT-VN:VU#111673
http://www.debian.org/security/2003/dsa-283
DEBIAN:DSA-283
http://www.mandriva.com/security/advisories?name=MDKSA-2003:047
MANDRAKE:MDKSA-2003:047
ftp://patches.sgi.com/support/free/security/advisories/20030404-01-P
SGI:20030404-01-P
CVE-2003-0174
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
2003-04-29
2017-07-10
CVE-2003-0174
http://www.securityfocus.com/bid/7442
BID:7442
http://www.ciac.org/ciac/bulletins/n-084.shtml
CIAC:N-084
ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P
SGI:20030407-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/11860
XF:irix-ldap-authentication-bypass(11860)
CVE-2003-0175
SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.
2004-01-14
2017-07-10
CVE-2003-0175
http://www.securityfocus.com/bid/7868
BID:7868
http://www.kb.cert.org/vuls/id/142228
CERT-VN:VU#142228
http://www.securitytracker.com/id?1008770
SECTRACK:1008770
ftp://patches.sgi.com/support/free/security/advisories/20030603-01-P
SGI:20030603-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/12241
XF:irix-piocswatch-ioctl-dos(12241)
CVE-2003-0176
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.
2003-08-18
CVE-2003-0176
ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
SGI:20030701-01-P
CVE-2003-0177
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently.
2003-08-18
CVE-2003-0177
ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
SGI:20030701-01-P
CVE-2003-0178
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
2003-03-29
2017-07-10
CVE-2003-0178
http://www.securityfocus.com/bid/6870
BID:6870
http://www.securityfocus.com/bid/6871
BID:6871
http://marc.info/?l=bugtraq&m=104550335103136&w=2
BUGTRAQ:20030217 Domino Advisories UPDATE
http://marc.info/?l=bugtraq&m=104550063431463&w=2
BUGTRAQ:20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
http://marc.info/?l=bugtraq&m=104550063431461&w=2
BUGTRAQ:20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
http://www.cert.org/advisories/CA-2003-11.html
CERT:CA-2003-11
http://www.kb.cert.org/vuls/id/206361
CERT-VN:VU#206361
http://www.kb.cert.org/vuls/id/542873
CERT-VN:VU#542873
http://www.kb.cert.org/vuls/id/772817
CERT-VN:VU#772817
http://www.ciac.org/ciac/bulletins/n-065.shtml
CIAC:N-065
http://www.nextgenss.com/advisories/lotus-hostlocbo.txt
MISC:http://www.nextgenss.com/advisories/lotus-hostlocbo.txt
http://www.nextgenss.com/advisories/lotus-inotesoflow.txt
MISC:http://www.nextgenss.com/advisories/lotus-inotesoflow.txt
http://marc.info/?l=ntbugtraq&m=104558778331387&w=2
NTBUGTRAQ:20030217 Domino Advisories UPDATE
http://marc.info/?l=ntbugtraq&m=104558777331345&w=2
NTBUGTRAQ:20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
http://marc.info/?l=ntbugtraq&m=104558777531350&w=2
NTBUGTRAQ:20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html
VULNWATCH:20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html
VULNWATCH:20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html
VULNWATCH:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11337
XF:lotus-domino-hostname-bo(11337)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11336
XF:lotus-domino-inotes-bo(11336)
CVE-2003-0179
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.
2003-03-29
2017-07-10
CVE-2003-0179
http://www.securityfocus.com/bid/6872
BID:6872
http://marc.info/?l=bugtraq&m=104550335103136&w=2
BUGTRAQ:20030217 Domino Advisories UPDATE
http://marc.info/?l=bugtraq&m=104550124032513&w=2
BUGTRAQ:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
http://www.cert.org/advisories/CA-2003-11.html
CERT:CA-2003-11
http://www.kb.cert.org/vuls/id/571297
CERT-VN:VU#571297
http://www.ciac.org/ciac/bulletins/n-065.shtml
CIAC:N-065
http://www-1.ibm.com/support/docview.wss?uid=swg21104543
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104543
http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt
MISC:http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt
http://marc.info/?l=ntbugtraq&m=104558778331387&w=2
NTBUGTRAQ:20030217 Domino Advisories UPDATE
http://marc.info/?l=ntbugtraq&m=104558778131373&w=2
NTBUGTRAQ:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html
VULNWATCH:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11339
XF:lotus-notes-activex-bo(11339)
CVE-2003-0180
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
2003-03-29
2017-07-10
CVE-2003-0180
http://www.securityfocus.com/bid/6951
BID:6951
http://www.cert.org/advisories/CA-2003-11.html
CERT:CA-2003-11
http://www.kb.cert.org/vuls/id/355169
CERT-VN:VU#355169
http://www.ciac.org/ciac/bulletins/n-065.shtml
CIAC:N-065
http://www-1.ibm.com/support/docview.wss?uid=swg21104528
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104528
http://www.nextgenss.com/advisories/lotus-60dos.txt
MISC:http://www.nextgenss.com/advisories/lotus-60dos.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
VULNWATCH:20030218 More Lotus Domino Advisories
https://exchange.xforce.ibmcloud.com/vulnerabilities/11360
XF:lotus-incomplete-post-dos(11360)
CVE-2003-0181
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
2003-03-29
2017-07-10
CVE-2003-0181
http://www.securityfocus.com/bid/6951
BID:6951
http://www.cert.org/advisories/CA-2003-11.html
CERT:CA-2003-11
http://www-1.ibm.com/support/docview.wss?uid=swg21104528
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104528
http://www.nextgenss.com/advisories/lotus-60dos.txt
MISC:http://www.nextgenss.com/advisories/lotus-60dos.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
VULNWATCH:20030218 More Lotus Domino Advisories
https://exchange.xforce.ibmcloud.com/vulnerabilities/11361
XF:lotus-invalid-field-dos(11361)
CVE-2003-0182
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0182
CVE-2003-0183
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0183
CVE-2003-0184
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0184
CVE-2003-0185
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0185
CVE-2003-0186
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0186
CVE-2003-0187
The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.
2003-08-05
2017-10-09
CVE-2003-0187
http://marc.info/?l=bugtraq&m=105986028426824&w=2
BUGTRAQ:20030802 [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A260
OVAL:oval:org.mitre.oval:def:260
CVE-2003-0188
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
2003-05-17
2017-10-09
CVE-2003-0188
http://www.debian.org/security/2003/dsa-304
DEBIAN:DSA-304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A430
OVAL:oval:org.mitre.oval:def:430
http://www.redhat.com/support/errata/RHSA-2003-167.html
REDHAT:RHSA-2003:167
http://www.redhat.com/support/errata/RHSA-2003-169.html
REDHAT:RHSA-2003:169
http://www.turbolinux.com/security/TLSA-2003-35.txt
TURBO:TLSA-2003-35
CVE-2003-0189
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
2003-05-30
2021-06-06
CVE-2003-0189
http://www.securityfocus.com/bid/7725
BID:7725
http://marc.info/?l=bugtraq&m=105418115512559&w=2
BUGTRAQ:20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
http://www.kb.cert.org/vuls/id/479268
CERT-VN:VU#479268
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661
CONECTIVA:CLA-2003:661
http://www.apache.org/dist/httpd/Announcement2.html
CONFIRM:http://www.apache.org/dist/httpd/Announcement2.html
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.redhat.com/support/errata/RHSA-2003-186.html
REDHAT:RHSA-2003:186
http://secunia.com/advisories/8881
SECUNIA:8881
https://exchange.xforce.ibmcloud.com/vulnerabilities/12091
XF:apache-aprpasswordvalidate-dos(12091)
CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
2003-05-02
2022-12-13
CVE-2003-0190
http://www.securityfocus.com/bid/7467
BID:7467
http://marc.info/?l=bugtraq&m=105172058404810&w=2
BUGTRAQ:20030430 OpenSSH/PAM timing attack allows remote users identification
http://marc.info/?l=bugtraq&m=106018677302607&w=2
BUGTRAQ:20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html
FULLDISC:20030430 OpenSSH/PAM timing attack allows remote users identification
http://lab.mediaservice.net/advisory/2003-01-openssh.txt
MISC:http://lab.mediaservice.net/advisory/2003-01-openssh.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445
OVAL:oval:org.mitre.oval:def:445
http://www.redhat.com/support/errata/RHSA-2003-222.html
REDHAT:RHSA-2003:222
http://www.redhat.com/support/errata/RHSA-2003-224.html
REDHAT:RHSA-2003:224
http://www.turbolinux.com/security/TLSA-2003-31.txt
TURBO:TLSA-2003-31
CVE-2003-0192
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
2003-07-10
2021-06-06
CVE-2003-0192
http://marc.info/?l=bugtraq&m=105776593602600&w=2
BUGTRAQ:20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
MANDRAKE:MDKSA-2003:075
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A169
OVAL:oval:org.mitre.oval:def:169
http://www.redhat.com/support/errata/RHSA-2003-240.html
REDHAT:RHSA-2003:240
http://www.redhat.com/support/errata/RHSA-2003-243.html
REDHAT:RHSA-2003:243
http://www.redhat.com/support/errata/RHSA-2003-244.html
REDHAT:RHSA-2003:244
SCO:CSSA-2003-SCO.28
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
SCO:SCOSA-2004.6
CVE-2003-0193
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").
2004-06-03
2017-07-10
CVE-2003-0193
http://www.securityfocus.com/bid/11560
BID:11560
http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525
http://www.debian.org/security/2004/dsa-575
DEBIAN:DSA-575
http://www.osvdb.org/11193
OSVDB:11193
http://secunia.com/advisories/13021/
SECUNIA:13021
http://secunia.com/advisories/13022/
SECUNIA:13022
https://exchange.xforce.ibmcloud.com/vulnerabilities/16335
XF:catdoc-xlsview-symlink(16335)
CVE-2003-0194
tcpdump does not properly drop privileges to the pcap user when starting up.
2003-05-17
2003-06-10
CVE-2003-0194
http://www.redhat.com/support/errata/RHSA-2003-151.html
REDHAT:RHSA-2003:151
http://www.redhat.com/support/errata/RHSA-2003-174.html
REDHAT:RHSA-2003:174
CVE-2003-0195
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
2003-06-05
2017-10-09
CVE-2003-0195
http://www.securityfocus.com/bid/7637
BID:7637
http://marc.info/?l=bugtraq&m=105427288724449&w=2
BUGTRAQ:20030529 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000678
CONECTIVA:CLSA-2003:678
http://www.debian.org/security/2003/dsa-317
DEBIAN:DSA-317
http://www.mandriva.com/security/advisories?name=MDKSA-2003:062
MANDRAKE:MDKSA-2003:062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6
OVAL:oval:org.mitre.oval:def:6
http://www.redhat.com/support/errata/RHSA-2003-171.html
REDHAT:RHSA-2003:171
http://www.novell.com/linux/security/advisories/2003_028.html
SUSE:SuSE-SA:2003:028
http://www.turbolinux.com/security/TLSA-2003-33.txt
TURBO:TLSA-2003-33
CVE-2003-0196
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
2003-04-15
2017-10-09
CVE-2003-0196
http://marc.info/?l=bugtraq&m=104974612519064&w=2
BUGTRAQ:20030407 Immunix Secured OS 7+ samba update
http://marc.info/?l=bugtraq&m=104973186901597&w=2
BUGTRAQ:20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)
http://www.debian.org/security/2003/dsa-280
DEBIAN:DSA-280
http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
MANDRAKE:MDKSA-2003:044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564
OVAL:oval:org.mitre.oval:def:564
http://www.redhat.com/support/errata/RHSA-2003-137.html
REDHAT:RHSA-2003:137
CVE-2003-0197
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
2003-04-08
2016-10-17
CVE-2003-0197
http://marc.info/?l=bugtraq&m=104940730819887&w=2
BUGTRAQ:20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt
MISC:http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html
VULNWATCH:20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
CVE-2003-0198
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
2003-04-15
2021-06-15
CVE-2003-0198
http://lists.apple.com/mhonarc/security-announce/msg00028.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
CVE-2003-0199
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0199
CVE-2003-0200
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0200
CVE-2003-0201
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
2003-04-15
2017-10-09
CVE-2003-0201
http://www.securityfocus.com/bid/7294
BID:7294
http://marc.info/?l=bugtraq&m=104974612519064&w=2
BUGTRAQ:20030407 Immunix Secured OS 7+ samba update
http://marc.info/?l=bugtraq&m=104972664226781&w=2
BUGTRAQ:20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise
http://marc.info/?l=bugtraq&m=104981682014565&w=2
BUGTRAQ:20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08
http://marc.info/?l=bugtraq&m=104994564212488&w=2
BUGTRAQ:20030409 GLSA: samba (200304-02)
http://www.kb.cert.org/vuls/id/267873
CERT-VN:VU#267873
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624
CONECTIVA:CLA-2003:624
http://www.debian.org/security/2003/dsa-280
DEBIAN:DSA-280
http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
MANDRAKE:MDKSA-2003:044
http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
MISC:http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163
OVAL:oval:org.mitre.oval:def:2163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567
OVAL:oval:org.mitre.oval:def:567
http://www.redhat.com/support/errata/RHSA-2003-137.html
REDHAT:RHSA-2003:137
ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P
SGI:20030403-01-P
http://www.novell.com/linux/security/advisories/2003_025_samba.html
SUSE:SuSE-SA:2003:025
CVE-2003-0202
The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
2004-03-16
2017-07-10
CVE-2003-0202
http://www.securityfocus.com/bid/7293
BID:7293
http://www.debian.org/security/2003/dsa-279
DEBIAN:DSA-279
https://exchange.xforce.ibmcloud.com/vulnerabilities/11734
XF:metrics-tmpfile-symlink(11734)
CVE-2003-0203
Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.
2003-04-08
2017-07-10
CVE-2003-0203
http://www.securityfocus.com/bid/6921
BID:6921
http://marc.info/?l=bugtraq&m=104610380126860&w=2
BUGTRAQ:20030223 moxftp arbitrary code execution poc/advisory
http://www.debian.org/security/2003/dsa-281
DEBIAN:DSA-281
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-02/0338.html
FULLDISC:20030223 moxftp arbitrary code execution poc/advisory
http://www.securitytracker.com/id?1006156
SECTRACK:1006156
http://secunia.com/advisories/8136
SECUNIA:8136
https://exchange.xforce.ibmcloud.com/vulnerabilities/11399
XF:moxftp-welcome-banner-bo(11399)
CVE-2003-0204
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
2003-04-15
2016-10-17
CVE-2003-0204
http://marc.info/?l=bugtraq&m=105001557020141&w=2
BUGTRAQ:20030410 GLSA: kde-3.x (200304-04)
http://marc.info/?l=bugtraq&m=105012994719099&w=2
BUGTRAQ:20030411 GLSA: kde-2.x (200304-05)
http://marc.info/?l=bugtraq&m=105017403010459&w=2
BUGTRAQ:20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12
http://marc.info/?l=bugtraq&m=105034222521369&w=2
BUGTRAQ:20030414 GLSA: kde-2.x (200304-05.1)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
CONECTIVA:CLA-2003:668
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
CONECTIVA:CLA-2003:747
http://bugs.kde.org/show_bug.cgi?id=53343
CONFIRM:http://bugs.kde.org/show_bug.cgi?id=53343
http://bugs.kde.org/show_bug.cgi?id=56808
CONFIRM:http://bugs.kde.org/show_bug.cgi?id=56808
http://www.kde.org/info/security/advisory-20030409-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20030409-1.txt
http://www.debian.org/security/2003/dsa-284
DEBIAN:DSA-284
http://www.debian.org/security/2003/dsa-293
DEBIAN:DSA-293
http://www.debian.org/security/2003/dsa-296
DEBIAN:DSA-296
http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
MANDRAKE:MDKSA-2003:049
http://www.redhat.com/support/errata/RHSA-2003-002.html
REDHAT:RHSA-2003:002
CVE-2003-0205
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI.
2003-04-26
2016-10-17
CVE-2003-0205
http://marc.info/?l=bugtraq&m=105111327000755&w=2
BUGTRAQ:20030423 Security problems in gkrellm-newsticker
http://www.debian.org/security/2003/dsa-294
DEBIAN:DSA-294
CVE-2003-0206
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines.
2003-04-26
2016-10-17
CVE-2003-0206
http://marc.info/?l=bugtraq&m=105111327000755&w=2
BUGTRAQ:20030423 Security problems in gkrellm-newsticker
http://www.debian.org/security/2003/dsa-294
DEBIAN:DSA-294
CVE-2003-0207
ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.
2003-04-15
CVE-2003-0207
http://www.debian.org/security/2003/dsa-286
DEBIAN:DSA-286
CVE-2003-0208
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
2003-04-15
2016-10-17
CVE-2003-0208
http://marc.info/?l=bugtraq&m=105033712615013&w=2
BUGTRAQ:20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm
http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004514.html
FULLDISC:20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
http://www.securiteam.com/securitynews/5XP0B0U9PE.html
MISC:http://www.securiteam.com/securitynews/5XP0B0U9PE.html
VULNWATCH:20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
CVE-2003-0209
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
2003-04-16
2016-10-17
CVE-2003-0209
http://www.securityfocus.com/bid/7178
BID:7178
http://marc.info/?l=bugtraq&m=105043563016235&w=2
BUGTRAQ:20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability
http://marc.info/?l=bugtraq&m=105103586927007&w=2
BUGTRAQ:20030422 GLSA: snort (200304-05)
http://marc.info/?l=bugtraq&m=105111217731583&w=2
BUGTRAQ:20030423 Snort <=1.9.1 exploit
http://marc.info/?l=bugtraq&m=105154530427824&w=2
BUGTRAQ:20030428 GLSA: snort (200304-06)
http://www.cert.org/advisories/CA-2003-13.html
CERT:CA-2003-13
http://www.kb.cert.org/vuls/id/139129
CERT-VN:VU#139129
http://www.debian.org/security/2003/dsa-297
DEBIAN:DSA-297
http://marc.info/?l=bugtraq&m=105172790914107&w=2
ENGARDE:ESA-20030430-013
http://www.mandriva.com/security/advisories?name=MDKSA-2003:052
MANDRAKE:MDKSA-2003:052
http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
VULNWATCH:20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability
CVE-2003-0210
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
2003-04-26
2016-10-17
CVE-2003-0210
http://marc.info/?l=bugtraq&m=105120066126196&w=2
BUGTRAQ:20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
http://www.kb.cert.org/vuls/id/697049
CERT-VN:VU#697049
http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml
CISCO:20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability
http://marc.info/?l=ntbugtraq&m=105118056332344&w=2
NTBUGTRAQ:20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
CVE-2003-0211
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
2003-04-16
2017-10-09
CVE-2003-0211
http://marc.info/?l=bugtraq&m=105068673220605&w=2
BUGTRAQ:20030418 Xinetd 2.3.10 Memory Leaks
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782
CONECTIVA:CLA-2003:782
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537
http://www.mandriva.com/security/advisories?name=MDKSA-2003:056
MANDRAKE:MDKSA-2003:056
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657
OVAL:oval:org.mitre.oval:def:657
http://www.redhat.com/support/errata/RHSA-2003-160.html
REDHAT:RHSA-2003:160
CVE-2003-0212
handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.
2003-04-26
2016-10-17
CVE-2003-0212
http://marc.info/?l=bugtraq&m=105059298502830&w=2
BUGTRAQ:20030417 Vulnerability in rinetd
http://www.debian.org/security/2003/dsa-289
DEBIAN:DSA-289
CVE-2003-0213
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
2003-04-26
2016-10-17
CVE-2003-0213
http://www.securityfocus.com/bid/7316
BID:7316
http://www.securityfocus.com/archive/1/317995
BUGTRAQ:20030409 PoPToP PPTP server remotely exploitable buffer overflow
http://marc.info/?l=bugtraq&m=105068728421160&w=2
BUGTRAQ:20030418 Exploit for PoPToP PPTP server
http://www.securityfocus.com/archive/1/319428
BUGTRAQ:20030422 Re: Exploit for PoPToP PPTP server - Linux version
http://marc.info/?l=bugtraq&m=105154539727967&w=2
BUGTRAQ:20030428 GLSA: pptpd (200304-08)
http://www.kb.cert.org/vuls/id/673993
CERT-VN:VU#673993
http://sourceforge.net/project/shownotes.php?release_id=138437
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=138437
http://www.debian.org/security/2003/dsa-295
DEBIAN:DSA-295
http://www.novell.com/linux/security/advisories/2003_029.html
SUSE:SuSE-SA:2003:029
CVE-2003-0214
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2003-04-26
CVE-2003-0214
http://www.debian.org/security/2003/dsa-292
DEBIAN:DSA-292
CVE-2003-0215
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
2003-04-26
2016-10-17
CVE-2003-0215
http://marc.info/?l=bugtraq&m=105120052725940&w=2
BUGTRAQ:20030424 SQL injection in BttlxeForum
http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812
CONFIRM:http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812
http://securitytracker.com/id?1006632
SECTRACK:1006632
CVE-2003-0216
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
2003-04-26
2005-03-11
CVE-2003-0216
http://www.kb.cert.org/vuls/id/443257
CERT-VN:VU#443257
http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml.
CISCO:20030424 Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability
CVE-2003-0217
Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script.
2003-05-14
2016-10-17
CVE-2003-0217
http://marc.info/?l=bugtraq&m=105283833617480&w=2
BUGTRAQ:20030513 XSS In Neoteris IVE Allows Session Hijacking
CVE-2003-0218
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
2003-04-29
2016-10-17
CVE-2003-0218
http://www.securityfocus.com/bid/7202
BID:7202
http://marc.info/?l=bugtraq&m=105094204204166&w=2
BUGTRAQ:20030420 Monkey HTTPd Remote Buffer Overflow
http://marc.info/?l=bugtraq&m=105154473526898&w=2
BUGTRAQ:20030428 GLSA: monkeyd (200304-07.1)
http://monkeyd.sourceforge.net/Changelog.txt
CONFIRM:http://monkeyd.sourceforge.net/Changelog.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0029.html
VULNWATCH:20030420 Monkey HTTPd Remote Buffer Overflow
CVE-2003-0219
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server.
2003-04-29
2016-10-17
CVE-2003-0219
http://www.securityfocus.com/bid/7179
BID:7179
http://marc.info/?l=bugtraq&m=105155734411836&w=2
BUGTRAQ:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
http://www.kb.cert.org/vuls/id/641012
CERT-VN:VU#641012
http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
VULNWATCH:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
CVE-2003-0220
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
2003-04-29
2016-10-17
CVE-2003-0220
http://www.securityfocus.com/bid/7180
BID:7180
http://marc.info/?l=bugtraq&m=105155734411836&w=2
BUGTRAQ:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
http://www.kb.cert.org/vuls/id/454716
CERT-VN:VU#454716
http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
VULNWATCH:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
CVE-2003-0221
The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.
2003-04-29
2017-07-10
CVE-2003-0221
http://www.securityfocus.com/bid/7452
BID:7452
CIAC:N-086
http://www.ciac.org/ciac/bulletins/n-086.shtml
HP:SSRT3471
https://exchange.xforce.ibmcloud.com/vulnerabilities/11892
XF:tru64-dupatch-setld-symlink(11892)
CVE-2003-0222
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
2003-04-30
2017-07-10
CVE-2003-0222
http://www.securityfocus.com/bid/7453
BID:7453
http://marc.info/?l=bugtraq&m=105162831008176&w=2
BUGTRAQ:20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
http://www.ciac.org/ciac/bulletins/n-085.shtml
CIAC:N-085
http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
http://marc.info/?l=ntbugtraq&m=105163376015735&w=2
NTBUGTRAQ:20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11885
XF:oracle-database-link-bo(11885)
CVE-2003-0223
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
2003-05-30
2018-10-12
CVE-2003-0223
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018
MS:MS03-018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66
OVAL:oval:org.mitre.oval:def:66
CVE-2003-0224
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
2003-05-30
2018-10-12
CVE-2003-0224
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018
MS:MS03-018
http://marc.info/?l=ntbugtraq&m=105431767100944&w=2
NTBUGTRAQ:20030530 NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A483
OVAL:oval:org.mitre.oval:def:483
CVE-2003-0225
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
2003-05-30
2018-10-12
CVE-2003-0225
http://www.aqtronix.com/Advisories/AQ-2003-01.txt
MISC:http://www.aqtronix.com/Advisories/AQ-2003-01.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018
MS:MS03-018
http://marc.info/?l=ntbugtraq&m=105110606122772&w=2
NTBUGTRAQ:20030418 Microsoft Active Server Pages DoS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A373
OVAL:oval:org.mitre.oval:def:373
CVE-2003-0226
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
2003-05-30
2018-10-12
CVE-2003-0226
http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html
BUGTRAQ:20030528 Internet Information Services 5.0 Denial of service
http://marc.info/?l=bugtraq&m=105427362724860&w=2
BUGTRAQ:20030529 IIS WEBDAV Denial of Service attacks
http://www.spidynamics.com/iis_alert.html
MISC:http://www.spidynamics.com/iis_alert.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018
MS:MS03-018
http://marc.info/?l=ntbugtraq&m=105421243732552&w=2
NTBUGTRAQ:20030528 Internet Information Services 5.0 Denial of service
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A933
OVAL:oval:org.mitre.oval:def:933
CVE-2003-0227
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
2003-05-30
2018-10-12
CVE-2003-0227
http://marc.info/?l=bugtraq&m=105427615626177&w=2
BUGTRAQ:20030528 RE: Alert: MS03-019, Microsoft... wrong, again.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-019
MS:MS03-019
http://marc.info/?l=ntbugtraq&m=105421176432011&w=2
NTBUGTRAQ:20030528 MS03-019: DoS or Code of Choice
http://marc.info/?l=ntbugtraq&m=105421127531558&w=2
NTBUGTRAQ:20030528 Re: Alert: MS03-019, Microsoft... wrong, again.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A936
OVAL:oval:org.mitre.oval:def:936
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A966
OVAL:oval:org.mitre.oval:def:966
CVE-2003-0228
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
2003-05-08
2018-10-12
CVE-2003-0228
http://www.securityfocus.com/bid/7517
BID:7517
http://marc.info/?l=bugtraq&m=105232913516488&w=2
BUGTRAQ:20030507 Windows Media Player directory traversal vulnerability
http://marc.info/?l=bugtraq&m=105240528419389&w=2
BUGTRAQ:20030508 why i love xs4all + mediaplayer thingie
http://www.kb.cert.org/vuls/id/384932
CERT-VN:VU#384932
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-017
MS:MS03-017
http://marc.info/?l=ntbugtraq&m=105233960728901&w=2
NTBUGTRAQ:20030507 Windows Media Player directory traversal vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A321
OVAL:oval:org.mitre.oval:def:321
https://exchange.xforce.ibmcloud.com/vulnerabilities/11953
XF:mediaplayer-skin-code-execution(11953)
CVE-2003-0229
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0229
CVE-2003-0230
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
2003-07-25
2018-10-12
CVE-2003-0230
http://www.kb.cert.org/vuls/id/556356
CERT-VN:VU#556356
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031
MS:MS03-031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235
OVAL:oval:org.mitre.oval:def:235
CVE-2003-0231
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
2003-07-25
2018-10-12
CVE-2003-0231
http://www.atstake.com/research/advisories/2003/a072303-2.txt
ATSTAKE:A072303-2
http://www.kb.cert.org/vuls/id/918652
CERT-VN:VU#918652
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031
MS:MS03-031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299
OVAL:oval:org.mitre.oval:def:299
CVE-2003-0232
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
2003-07-25
2018-10-12
CVE-2003-0232
http://www.atstake.com/research/advisories/2003/a072303-3.txt
ATSTAKE:A072303-3
http://www.kb.cert.org/vuls/id/584868
CERT-VN:VU#584868
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031
MS:MS03-031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303
OVAL:oval:org.mitre.oval:def:303
CVE-2003-0233
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
2003-05-02
2018-10-12
CVE-2003-0233
http://marc.info/?l=bugtraq&m=105120164927952&w=2
BUGTRAQ:20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015
MS:MS03-015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094
OVAL:oval:org.mitre.oval:def:1094
http://www.iss.net/security_center/static/11854.php
XF:ie-plugin-load-bo(11854)
CVE-2003-0234
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0234
CVE-2003-0235
Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.
2003-05-07
2017-07-10
CVE-2003-0235
http://www.securityfocus.com/bid/7461
BID:7461
http://marc.info/?l=bugtraq&m=105216842131995&w=2
BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
https://exchange.xforce.ibmcloud.com/vulnerabilities/11938
XF:icq-pop3-format-string(11938)
CVE-2003-0236
Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
2003-05-07
2017-07-10
CVE-2003-0236
http://www.securityfocus.com/bid/7462
BID:7462
http://www.securityfocus.com/bid/7463
BID:7463
http://marc.info/?l=bugtraq&m=105216842131995&w=2
BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
https://exchange.xforce.ibmcloud.com/vulnerabilities/11939
XF:icq-pop3-email-bo(11939)
CVE-2003-0237
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
2003-05-07
2017-07-10
CVE-2003-0237
http://www.securityfocus.com/bid/7464
BID:7464
http://marc.info/?l=bugtraq&m=105216842131995&w=2
BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
https://exchange.xforce.ibmcloud.com/vulnerabilities/11944
XF:icq-features-no-auth(11944)
CVE-2003-0238
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
2003-05-07
2017-07-10
CVE-2003-0238
http://www.securityfocus.com/bid/7465
BID:7465
http://marc.info/?l=bugtraq&m=105216842131995&w=2
BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
https://exchange.xforce.ibmcloud.com/vulnerabilities/11947
XF:icq-table-tag-dos(11947)
CVE-2003-0239
icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
2003-05-07
2017-07-10
CVE-2003-0239
http://www.securityfocus.com/bid/7466
BID:7466
http://marc.info/?l=bugtraq&m=105216842131995&w=2
BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
https://exchange.xforce.ibmcloud.com/vulnerabilities/11948
XF:icq-gif89a-header-dos(11948)
CVE-2003-0240
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
2003-05-30
2017-07-10
CVE-2003-0240
http://www.securityfocus.com/bid/7652
BID:7652
http://marc.info/?l=bugtraq&m=105406374731579&w=2
BUGTRAQ:20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass
http://www.kb.cert.org/vuls/id/799060
CERT-VN:VU#799060
http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
http://www.osvdb.org/4804
OSVDB:4804
http://securitytracker.com/id?1006854
SECTRACK:1006854
http://secunia.com/advisories/8876
SECUNIA:8876
https://exchange.xforce.ibmcloud.com/vulnerabilities/12104
XF:axis-admin-authentication-bypass(12104)
CVE-2003-0241
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
2003-05-30
2021-06-15
CVE-2003-0241
http://www.secnap.net/security/gm001.html
MISC:http://www.secnap.net/security/gm001.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.html
VULNWATCH:20030528 SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)
CVE-2003-0242
IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.
2003-05-17
2017-07-10
CVE-2003-0242
http://www.securityfocus.com/bid/7628
BID:7628
http://www.kb.cert.org/vuls/id/869548
CERT-VN:VU#869548
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://securitytracker.com/id?1006796
SECTRACK:1006796
http://secunia.com/advisories/8798
SECUNIA:8798
https://exchange.xforce.ibmcloud.com/vulnerabilities/12027
XF:macos-ipsec-acl-bypass(12027)
CVE-2003-0243
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.
2003-05-09
2005-06-02
CVE-2003-0243
http://securitytracker.com/id?1006707
SECTRACK:1006707
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0058.html
VULNWATCH:20030507 Happymall E-Commerce Remote Command Execution
CVE-2003-0244
The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.
2003-05-08
2017-10-09
CVE-2003-0244
http://www.securityfocus.com/bid/7601
BID:7601
http://marc.info/?l=bugtraq&m=105595901923063&w=2
BUGTRAQ:20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
http://www.debian.org/security/2003/dsa-311
DEBIAN:DSA-311
http://www.debian.org/security/2003/dsa-312
DEBIAN:DSA-312
http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-332
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
http://marc.info/?l=bugtraq&m=105301461726555&w=2
ENGARDE:ESA-20030515-017
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
MANDRAKE:MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
MANDRAKE:MDKSA-2003:074
http://marc.info/?l=linux-kernel&m=104956079213417
MISC:http://marc.info/?l=linux-kernel&m=104956079213417
http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A261
OVAL:oval:org.mitre.oval:def:261
http://www.redhat.com/support/errata/RHSA-2003-145.html
REDHAT:RHSA-2003:145
http://www.redhat.com/support/errata/RHSA-2003-147.html
REDHAT:RHSA-2003:147
http://www.redhat.com/support/errata/RHSA-2003-172.html
REDHAT:RHSA-2003:172
http://www.secunia.com/advisories/8786/
SECUNIA:8786
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
VULNWATCH:20030517 Algorithmic Complexity Attacks and the Linux Networking Code
https://exchange.xforce.ibmcloud.com/vulnerabilities/15382
XF:data-algorithmic-complexity-dos(15382)
CVE-2003-0245
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
2003-05-30
2021-06-06
CVE-2003-0245
http://www.securityfocus.com/bid/7723
BID:7723
http://marc.info/?l=bugtraq&m=105418115512559&w=2
BUGTRAQ:20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
http://www.kb.cert.org/vuls/id/757612
CERT-VN:VU#757612
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661
CONECTIVA:CLA-2003:661
http://www.apache.org/dist/httpd/Announcement2.html
CONFIRM:http://www.apache.org/dist/httpd/Announcement2.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:063
MANDRAKE:MDKSA-2003:063
http://www.idefense.com/advisory/05.30.03.txt
MISC:http://www.idefense.com/advisory/05.30.03.txt
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.redhat.com/support/errata/RHSA-2003-186.html
REDHAT:RHSA-2003:186
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0095.html
VULNWATCH:20030530 iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/12090
XF:apache-aprpsprintf-code-execution(12090)
CVE-2003-0246
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
2003-05-15
2017-10-09
CVE-2003-0246
http://www.debian.org/security/2003/dsa-311
DEBIAN:DSA-311
http://www.debian.org/security/2003/dsa-312
DEBIAN:DSA-312
http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-332
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
http://marc.info/?l=bugtraq&m=105301461726555&w=2
ENGARDE:ESA-20030515-017
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
MANDRAKE:MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
MANDRAKE:MDKSA-2003:074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A278
OVAL:oval:org.mitre.oval:def:278
http://www.redhat.com/support/errata/RHSA-2003-147.html
REDHAT:RHSA-2003:147
http://www.redhat.com/support/errata/RHSA-2003-172.html
REDHAT:RHSA-2003:172
http://www.turbolinux.com/security/TLSA-2003-41.txt
TURBO:TLSA-2003-41
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln
CVE-2003-0247
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
2003-06-05
2017-10-09
CVE-2003-0247
http://www.debian.org/security/2003/dsa-311
DEBIAN:DSA-311
http://www.debian.org/security/2003/dsa-312
DEBIAN:DSA-312
http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-332
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
MANDRAKE:MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
MANDRAKE:MDKSA-2003:074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A284
OVAL:oval:org.mitre.oval:def:284
http://www.redhat.com/support/errata/RHSA-2003-187.html
REDHAT:RHSA-2003:187
http://www.redhat.com/support/errata/RHSA-2003-195.html
REDHAT:RHSA-2003:195
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.turbolinux.com/security/TLSA-2003-41.txt
TURBO:TLSA-2003-41
CVE-2003-0248
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
2003-06-05
2017-10-09
CVE-2003-0248
http://www.debian.org/security/2003/dsa-311
DEBIAN:DSA-311
http://www.debian.org/security/2003/dsa-312
DEBIAN:DSA-312
http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-332
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
MANDRAKE:MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
MANDRAKE:MDKSA-2003:074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A292
OVAL:oval:org.mitre.oval:def:292
http://www.redhat.com/support/errata/RHSA-2003-187.html
REDHAT:RHSA-2003:187
http://www.redhat.com/support/errata/RHSA-2003-195.html
REDHAT:RHSA-2003:195
http://www.turbolinux.com/security/TLSA-2003-41.txt
TURBO:TLSA-2003-41
CVE-2003-0249
** DISPUTED **
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
2006-02-27
CVE-2003-0249
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=97
IDEFENSE:20030625 PHP/Apache .htaccess Authentication Bypass Vulnerability
CVE-2003-0250
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0250
CVE-2003-0251
ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.
2003-06-28
2018-10-19
CVE-2003-0251
http://www.securityfocus.com/bid/8031
BID:8031
http://www.securityfocus.com/archive/1/440454/100/0/threaded
HP:HPSBTU02132
http://www.securityfocus.com/archive/1/440454/100/0/threaded
HP:SSRT061154
http://www.mandriva.com/security/advisories?name=MDKSA-2003:072
MANDRAKE:MDKSA-2003:072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A667
OVAL:oval:org.mitre.oval:def:667
http://www.redhat.com/support/errata/RHSA-2003-173.html
REDHAT:RHSA-2003:173
http://www.redhat.com/support/errata/RHSA-2003-201.html
REDHAT:RHSA-2003:201
http://securitytracker.com/id?1016517
SECTRACK:1016517
http://secunia.com/advisories/21112
SECUNIA:21112
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55600&zone_32=category%3Asecurity
SUNALERT:55600
http://www.turbolinux.com/security/TLSA-2003-43.txt
TURBO:TLSA-2003-43
http://www.vupen.com/english/advisories/2006/2873
VUPEN:ADV-2006-2873
CVE-2003-0252
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
2003-07-15
2017-10-09
CVE-2003-0252
http://www.securityfocus.com/bid/8179
BID:8179
http://marc.info/?l=bugtraq&m=105820223707191&w=2
BUGTRAQ:20030714 Linux nfs-utils xlog() off-by-one bug
http://marc.info/?l=bugtraq&m=105830921519513&w=2
BUGTRAQ:20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)
http://marc.info/?l=bugtraq&m=105839032403325&w=2
BUGTRAQ:20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq
http://www.kb.cert.org/vuls/id/258564
CERT-VN:VU#258564
http://www.debian.org/security/2003/dsa-349
DEBIAN:DSA-349
http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
MANDRAKE:MDKSA-2003:076
http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
MISC:http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443
OVAL:oval:org.mitre.oval:def:443
http://www.redhat.com/support/errata/RHSA-2003-206.html
REDHAT:RHSA-2003:206
http://www.redhat.com/support/errata/RHSA-2003-207.html
REDHAT:RHSA-2003:207
SCO:CSSA-2003-037.0
http://securitytracker.com/id?1007187
SECTRACK:1007187
http://secunia.com/advisories/9259
SECUNIA:9259
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1
SUNALERT:1001262
http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
SUSE:SuSE-SA:2003:031
http://www.turbolinux.com/security/TLSA-2003-44.txt
TURBO:TLSA-2003-44
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
VULNWATCH:20030714 Linux nfs-utils xlog() off-by-one bug
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
VULNWATCH:20030714 Reality of the rpc.mountd bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/12600
XF:nfs-utils-offbyone-bo(12600)
CVE-2003-0253
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
2003-07-10
2021-06-06
CVE-2003-0253
http://marc.info/?l=bugtraq&m=105776593602600&w=2
BUGTRAQ:20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
MANDRAKE:MDKSA-2003:075
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A173
OVAL:oval:org.mitre.oval:def:173
http://www.redhat.com/support/errata/RHSA-2003-240.html
REDHAT:RHSA-2003:240
CVE-2003-0254
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
2003-07-10
2021-06-06
CVE-2003-0254
http://marc.info/?l=bugtraq&m=105776593602600&w=2
BUGTRAQ:20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
MANDRAKE:MDKSA-2003:075
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A183
OVAL:oval:org.mitre.oval:def:183
http://www.redhat.com/support/errata/RHSA-2003-240.html
REDHAT:RHSA-2003:240
CVE-2003-0255
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
2003-05-07
2017-10-09
CVE-2003-0255
http://www.securityfocus.com/bid/7497
BID:7497
http://marc.info/?l=bugtraq&m=105215110111174&w=2
BUGTRAQ:20030504 Key validity bug in GnuPG 1.2.1 and earlier
http://marc.info/?l=bugtraq&m=105311804129104&w=2
BUGTRAQ:20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)
http://marc.info/?l=bugtraq&m=105362224514081&w=2
BUGTRAQ:20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)
http://www.kb.cert.org/vuls/id/397604
CERT-VN:VU#397604
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
CONECTIVA:CLA-2003:694
http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
ENGARDE:20030515-016
http://marc.info/?l=bugtraq&m=105301357425157&w=2
ENGARDE:ESA-20030515-016
http://www.mandriva.com/security/advisories?name=MDKSA-2003:061
MANDRAKE:MDKSA-2003:061
http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
MISC:http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
http://www.osvdb.org/4947
OSVDB:4947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135
OVAL:oval:org.mitre.oval:def:135
http://www.redhat.com/support/errata/RHSA-2003-175.html
REDHAT:RHSA-2003:175
http://www.redhat.com/support/errata/RHSA-2003-176.html
REDHAT:RHSA-2003:176
SCO:CSSA-2003-034.0
http://www.turbolinux.com/security/TLSA-2003-34.txt
TURBO:TLSA200334
https://exchange.xforce.ibmcloud.com/vulnerabilities/11930
XF:gnupg-invalid-key-acceptance(11930)
CVE-2003-0256
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
2003-05-09
2003-06-28
CVE-2003-0256
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000665
CONECTIVA:CLA-2003:665
http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2
CONFIRM:http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:055
MANDRAKE:MDKSA-2003:055
CVE-2003-0257
Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.
2004-03-16
2017-07-10
CVE-2003-0257
AIXAPAR:IY42089
AIXAPAR:IY42090
AIXAPAR:IY42091
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1
IBM:MSS-OAR-E01-2003:0660.1
https://exchange.xforce.ibmcloud.com/vulnerabilities/12000
XF:aix-print-format-string(12000)
CVE-2003-0258
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
2003-05-08
2017-07-10
CVE-2003-0258
http://www.kb.cert.org/vuls/id/727780
CERT-VN:VU#727780
http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
CISCO:20030507 Cisco VPN 3000 Concentrator Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11954
XF:cisco-vpn-unauth-access(11954)
CVE-2003-0259
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
2003-05-08
2017-07-10
CVE-2003-0259
http://www.kb.cert.org/vuls/id/317348
CERT-VN:VU#317348
http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
CISCO:20030507 Cisco VPN 3000 Concentrator Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11955
XF:cisco-vpn-ssh-dos(11955)
CVE-2003-0260
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
2003-05-08
2017-07-10
CVE-2003-0260
http://www.kb.cert.org/vuls/id/221164
CERT-VN:VU#221164
http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
CISCO:20030507 Cisco VPN 3000 Concentrator Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11956
XF:cisco-vpn-icmp-dos(11956)
CVE-2003-0261
fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.
2003-05-08
CVE-2003-0261
http://www.debian.org/security/2003/dsa-302
DEBIAN:DSA-302
CVE-2003-0262
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.
2003-05-08
2017-07-10
CVE-2003-0262
http://www.securityfocus.com/bid/7505
BID:7505
http://www.debian.org/security/2003/dsa-299
DEBIAN:DSA-299
https://exchange.xforce.ibmcloud.com/vulnerabilities/11945
XF:kataxwr-gain-privileges(11945)
CVE-2003-0263
Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
2003-05-08
2017-07-10
CVE-2003-0263
http://www.securityfocus.com/bid/7506
BID:7506
http://www.securityfocus.com/bid/7508
BID:7508
http://marc.info/?l=bugtraq&m=105223471822836&w=2
BUGTRAQ:20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0052.html
VULNWATCH:20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11951
XF:ftgate-mailfrom-rcptto-bo(11951)
CVE-2003-0264
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.
2003-05-08
2021-02-24
CVE-2003-0264
http://marc.info/?l=bugtraq&m=105232506011335&w=2
BUGTRAQ:20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
http://packetstormsecurity.com/files/161526/SLMail-5.1.0.4420-Remote-Code-Execution.html
MISC:http://packetstormsecurity.com/files/161526/SLMail-5.1.0.4420-Remote-Code-Execution.html
http://www.nextgenss.com/advisories/slmail-vulns.txt
MISC:http://www.nextgenss.com/advisories/slmail-vulns.txt
http://marc.info/?l=ntbugtraq&m=105233360321895&w=2
NTBUGTRAQ:20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
CVE-2003-0265
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
2003-05-08
2016-10-17
CVE-2003-0265
http://www.securityfocus.com/bid/7421
BID:7421
http://marc.info/?l=bugtraq&m=105232424810097&w=2
BUGTRAQ:20030507 SAP database local root vulnerability during installation. (fwd)
CVE-2003-0266
Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.
2003-05-08
2016-10-17
CVE-2003-0266
http://marc.info/?l=bugtraq&m=105232436210273&w=2
BUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
http://www.nextgenss.com/advisories/slwebmail-vulns.txt
MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
http://marc.info/?l=ntbugtraq&m=105233363721919&w=2
NTBUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
CVE-2003-0267
ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.
2003-05-08
2016-10-17
CVE-2003-0267
http://marc.info/?l=bugtraq&m=105232436210273&w=2
BUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
http://www.nextgenss.com/advisories/slwebmail-vulns.txt
MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
http://marc.info/?l=ntbugtraq&m=105233363721919&w=2
NTBUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
CVE-2003-0268
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.
2003-05-08
2016-10-17
CVE-2003-0268
http://marc.info/?l=bugtraq&m=105232436210273&w=2
BUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
http://www.nextgenss.com/advisories/slwebmail-vulns.txt
MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
http://marc.info/?l=ntbugtraq&m=105233363721919&w=2
NTBUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
CVE-2003-0269
Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.
2003-05-08
2017-07-10
CVE-2003-0269
http://www.securityfocus.com/bid/7503
BID:7503
http://marc.info/?l=bugtraq&m=105223947528794&w=2
BUGTRAQ:20030506 youbin local root exploit + advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004892.html
FULLDISC:20030506 youbin local root exploit + advisory
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0053.html
VULNWATCH:20030506 youbin local root exploit + advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11949
XF:youbin-home-bo(11949)
CVE-2003-0270
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
2003-05-14
2017-07-10
CVE-2003-0270
http://www.atstake.com/research/advisories/2003/a051203-1.txt
ATSTAKE:A051203-1
http://www.securityfocus.com/bid/7554
BID:7554
http://securitytracker.com/id?1006742
SECTRACK:1006742
http://secunia.com/advisories/8773
SECUNIA:8773
https://exchange.xforce.ibmcloud.com/vulnerabilities/11980
XF:airport-auth-credentials-disclosure(11980)
CVE-2003-0271
Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.
2003-05-09
2016-10-17
CVE-2003-0271
http://www.securityfocus.com/archive/1/316958
BUGTRAQ:20030331 Personal FTP Server
http://marc.info/?l=bugtraq&m=105240469318622&w=2
BUGTRAQ:20030508 Remote Stack Overflow exploit for Personal FTPD
http://security.nnov.ru/search/document.asp?docid=4309
MISC:http://security.nnov.ru/search/document.asp?docid=4309
CVE-2003-0272
admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.
2003-05-09
2016-10-17
CVE-2003-0272
http://marc.info/?l=bugtraq&m=105240907024660&w=2
BUGTRAQ:20030508 miniPortail (PHP) : Admin Access
http://www.frog-man.org/tutos/miniPortail.txt
MISC:http://www.frog-man.org/tutos/miniPortail.txt
CVE-2003-0273
Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.
2003-05-09
2016-10-17
CVE-2003-0273
http://marc.info/?l=bugtraq&m=105240947225275&w=2
BUGTRAQ:20030508 Fw: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks
http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html
CONFIRM:http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html
CVE-2003-0274
Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value.
2003-05-09
2016-10-17
CVE-2003-0274
http://marc.info/?l=bugtraq&m=105241224228693&w=2
BUGTRAQ:20030508 SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow
CVE-2003-0275
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.
2003-05-14
2016-10-17
CVE-2003-0275
http://marc.info/?l=bugtraq&m=105249980809988&w=2
BUGTRAQ:20030509 II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)
CVE-2003-0276
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
2003-05-14
2017-07-10
CVE-2003-0276
http://www.securityfocus.com/bid/7555
BID:7555
http://marc.info/?l=bugtraq&m=105155818012718&w=2
BUGTRAQ:20030428 Pi3Web 2.0.1 DoS
http://marc.info/?l=bugtraq&m=105275789410250&w=2
BUGTRAQ:20030512 Unix Version of the Pi3web DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/11889
XF:pi3web-get-request-bo(11889)
CVE-2003-0277
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter.
2003-05-14
2017-07-10
CVE-2003-0277
http://www.securityfocus.com/bid/7559
BID:7559
http://marc.info/?l=bugtraq&m=105276130814262&w=2
BUGTRAQ:20030512 One more flaw in Happymall
https://exchange.xforce.ibmcloud.com/vulnerabilities/11987
XF:happymall-dotdot-directory-traversal(11987)
CVE-2003-0278
Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter.
2003-05-14
2017-07-10
CVE-2003-0278
http://www.securityfocus.com/bid/7557
BID:7557
http://marc.info/?l=bugtraq&m=105276130814262&w=2
BUGTRAQ:20030512 One more flaw in Happymall
https://exchange.xforce.ibmcloud.com/vulnerabilities/11988
XF:happymall-normalhtml-xss(11988)
CVE-2003-0279
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
2003-05-14
2017-07-10
CVE-2003-0279
http://www.securityfocus.com/bid/7558
BID:7558
http://www.securityfocus.com/bid/7588
BID:7588
http://marc.info/?l=bugtraq&m=105276019312980&w=2
BUGTRAQ:20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
BUGTRAQ:20030513 More and More SQL injection on PHP-Nuke 6.5.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984
XF:phpnuke-web-sql-injection(11984)
CVE-2003-0280
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
2003-05-14
2017-07-10
CVE-2003-0280
http://www.securityfocus.com/bid/7547
BID:7547
http://www.securityfocus.com/bid/7548
BID:7548
http://marc.info/?l=bugtraq&m=105258772101349&w=2
BUGTRAQ:20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0062.html
VULNWATCH:20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/11975
XF:cmailserver-smtp-bo(11975)
CVE-2003-0281
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
2003-05-14
2017-07-10
CVE-2003-0281
http://www.securityfocus.com/bid/7546
BID:7546
http://seclists.org/lists/bugtraq/2002/Jun/0212.html
BUGTRAQ:20020617 Interbase 6.0 malloc() issues
http://marc.info/?l=bugtraq&m=105259012802997&w=2
BUGTRAQ:20030509 Firebird Local exploit
http://security.gentoo.org/glsa/glsa-200405-18.xml
GENTOO:GLSA-200405-18
http://secunia.com/advisories/8758
SECUNIA:8758
https://exchange.xforce.ibmcloud.com/vulnerabilities/11977
XF:firebird-interbase-bo(11977)
CVE-2003-0282
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
2003-05-14
2017-10-09
CVE-2003-0282
http://www.securityfocus.com/bid/7550
BID:7550
http://marc.info/?l=bugtraq&m=105259038503175&w=2
BUGTRAQ:20030509 unzip directory traversal revisited
http://marc.info/?l=bugtraq&m=105786446329347&w=2
BUGTRAQ:20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip)
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
CALDERA:CSSA-2003-031.0
http://www.ciac.org/ciac/bulletins/n-111.shtml
CIAC:N-111
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672
CONECTIVA:CLA-2003:672
http://www.info-zip.org/FAQ.html
CONFIRM:http://www.info-zip.org/FAQ.html
http://www.debian.org/security/2003/dsa-344
DEBIAN:DSA-344
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01
IMMUNIX:IMNX-2003-7+-017-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:073
MANDRAKE:MDKSA-2003:073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619
OVAL:oval:org.mitre.oval:def:619
http://www.redhat.com/support/errata/RHSA-2003-199.html
REDHAT:RHSA-2003:199
http://www.redhat.com/support/errata/RHSA-2003-200.html
REDHAT:RHSA-2003:200
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
SCO:CSSA-2003-031.0
http://www.turbolinux.com/security/TLSA-2003-42.txt
TURBO:TLSA-2003-42
https://exchange.xforce.ibmcloud.com/vulnerabilities/12004
XF:unzip-dotdot-directory-traversal(12004)
CVE-2003-0283
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
2003-05-14
2017-07-10
CVE-2003-0283
http://www.securityfocus.com/bid/7545
BID:7545
http://marc.info/?l=bugtraq&m=105251043821533&w=2
BUGTRAQ:20030509 A Phorum's bug...
http://marc.info/?l=bugtraq&m=105251421925394&w=2
BUGTRAQ:20030509 Re: A Phorum's bug...
https://exchange.xforce.ibmcloud.com/vulnerabilities/11974
XF:phorum-message-html-injection(11974)
CVE-2003-0284
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.
2003-05-14
2021-06-15
CVE-2003-0284
http://www.kb.cert.org/vuls/id/184820
CERT-VN:VU#184820
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121
CONFIRM:http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121
CVE-2003-0285
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
2003-05-14
2017-07-10
CVE-2003-0285
http://www.securityfocus.com/bid/7580
BID:7580
http://marc.info/?l=bugtraq&m=105284689228961&w=2
BUGTRAQ:20030513 AIX sendmail open relay
http://www.kb.cert.org/vuls/id/814617
CERT-VN:VU#814617
http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt
MISC:http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/11993
XF:aix-sendmail-mail-relay(11993)
CVE-2003-0286
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
2003-05-14
2017-07-10
CVE-2003-0286
http://www.securityfocus.com/bid/35764
BID:35764
http://www.securityfocus.com/bid/7549
BID:7549
http://marc.info/?l=bugtraq&m=105277599131134&w=2
BUGTRAQ:20030513 Snitz Forum 3.3.03 Remote Command Execution
http://packetstormsecurity.org/0305-exploits/snitz_exec.txt
MISC:http://packetstormsecurity.org/0305-exploits/snitz_exec.txt
http://osvdb.org/56166
OSVDB:56166
http://secunia.com/advisories/35733
SECUNIA:35733
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html
VULNWATCH:20030512 Snitz Forum 3.3.03 Remote Command Execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/11981
XF:snitz-register-sql-injection(11981)
CVE-2003-0287
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
2003-05-14
2017-07-10
CVE-2003-0287
http://www.securityfocus.com/bid/7560
BID:7560
http://marc.info/?l=bugtraq&m=105276879622636&w=2
BUGTRAQ:20030512 CSS found in Movable Type
http://marc.info/?l=bugtraq&m=105277690132079&w=2
BUGTRAQ:20030512 Re: CSS found in Movable Type
http://marc.info/?l=bugtraq&m=105284589927655&w=2
BUGTRAQ:20030513 Re: CSS found in Movable Type -- Nope
https://exchange.xforce.ibmcloud.com/vulnerabilities/12003
XF:movable-type-comment-xss(12003)
CVE-2003-0288
Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file.
2003-05-14
2017-07-10
CVE-2003-0288
http://www.securityfocus.com/bid/7566
BID:7566
http://marc.info/?l=bugtraq&m=105283843417610&w=2
BUGTRAQ:20030513 [SNS Advisory No.64] IP Messenger for Win Buffer Overflow Vulnerability
http://www.lac.co.jp/security/english/snsadv_e/64_e.html
MISC:http://www.lac.co.jp/security/english/snsadv_e/64_e.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11986
XF:ip-messenger-filename-bo(11986)
CVE-2003-0289
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
2003-05-14
2017-07-10
CVE-2003-0289
http://www.securityfocus.com/bid/7565
BID:7565
http://marc.info/?l=bugtraq&m=105286031812533&w=2
BUGTRAQ:20030513 Cdrecord_local_root_exploit.
http://marc.info/?l=bugtraq&m=105285564307225&w=2
BUGTRAQ:20030513 cdrtools2.0 Format String Vulnerability
ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz
CONFIRM:ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz
http://forums.gentoo.org/viewtopic.php?t=54904
GENTOO:200305-06
http://www.mandriva.com/security/advisories?name=MDKSA-2003:058
MANDRAKE:MDKSA-2003:058
http://www.securiteam.com/exploits/5ZP0C2AAAC.html
MISC:http://www.securiteam.com/exploits/5ZP0C2AAAC.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/12007
XF:cdrtools-scsiopen-format-string(12007)
CVE-2003-0290
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
2003-05-14
2017-07-10
CVE-2003-0290
http://www.securityfocus.com/bid/7552
BID:7552
http://marc.info/?l=bugtraq&m=105284630228137&w=2
BUGTRAQ:20030511 eServ Memory Leak Enables Denial of Service Attacks
http://marc.info/?l=bugtraq&m=105284631428187&w=2
BUGTRAQ:20030513 eServ Memory Leak Solution
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0064.html
VULNWATCH:20030511 eServ Memory Leak Enables Denial of Service Attacks
https://exchange.xforce.ibmcloud.com/vulnerabilities/11973
XF:eserv-multiple-connections-dos(11973)
CVE-2003-0291
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
2003-05-15
2017-07-10
CVE-2003-0291
http://www.securityfocus.com/bid/7592
BID:7592
http://marc.info/?l=bugtraq&m=105292451702516&w=2
BUGTRAQ:20030514 Memory leak in 3COM 812 DSL routers
http://marc.info/?l=bugtraq&m=105301488426951&w=2
BUGTRAQ:20030515 RE : Memory leak in 3COM DSL routers
http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm
MISC:http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/11999
XF:3com-officeconnect-memory-leak(11999)
CVE-2003-0292
Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
2003-05-15
2016-10-17
CVE-2003-0292
http://www.securityfocus.com/bid/7596
BID:7596
http://marc.info/?l=bugtraq&m=105292750807005&w=2
BUGTRAQ:20030514 Inktomi Traffic-Server XSS: man-in-the-middle XSS !
CVE-2003-0293
PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets.
2003-05-15
2016-10-17
CVE-2003-0293
http://marc.info/?l=bugtraq&m=105293128612131&w=2
BUGTRAQ:20030514 PalmOS ICMP flood DoS.
CVE-2003-0294
autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation.
2003-05-15
2016-10-17
CVE-2003-0294
http://marc.info/?l=bugtraq&m=105293834421549&w=2
BUGTRAQ:20030514 php-proxima Remote File Access Vulnerability
CVE-2003-0295
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
2003-05-15
2016-10-17
CVE-2003-0295
http://marc.info/?l=bugtraq&m=105293890422210&w=2
BUGTRAQ:20030514 Re: VBulletin Preview Message - XSS Vuln
http://marc.info/?l=bugtraq&m=105292832607981&w=2
BUGTRAQ:20030514 VBulletin Preview Message - XSS Vuln
CVE-2003-0296
The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
2003-05-15
2016-10-17
CVE-2003-0296
http://marc.info/?l=bugtraq&m=105294024124163&w=2
BUGTRAQ:20030514 Buffer overflows in multiple IMAP clients
CVE-2003-0297
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
2003-05-15
2018-10-19
CVE-2003-0297
http://marc.info/?l=bugtraq&m=105294024124163&w=2
BUGTRAQ:20030514 Buffer overflows in multiple IMAP clients
http://www.securityfocus.com/archive/1/430302/100/0/threaded
FEDORA:FLSA:184074
http://www.redhat.com/support/errata/RHSA-2005-015.html
REDHAT:RHSA-2005:015
http://www.redhat.com/support/errata/RHSA-2005-114.html
REDHAT:RHSA-2005:114
CVE-2003-0298
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
2003-05-15
2016-10-17
CVE-2003-0298
http://marc.info/?l=bugtraq&m=105294024124163&w=2
BUGTRAQ:20030514 Buffer overflows in multiple IMAP clients
CVE-2003-0299
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.
2003-05-15
2016-10-17
CVE-2003-0299
http://marc.info/?l=bugtraq&m=105294024124163&w=2
BUGTRAQ:20030514 Buffer overflows in multiple IMAP clients
CVE-2003-0300
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
2003-05-15
2016-10-17
CVE-2003-0300
http://marc.info/?l=bugtraq&m=105294024124163&w=2
BUGTRAQ:20030514 Buffer overflows in multiple IMAP clients
CVE-2003-0301
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
2003-05-15
2016-10-17
CVE-2003-0301
http://marc.info/?l=bugtraq&m=105294024124163&w=2
BUGTRAQ:20030514 Buffer overflows in multiple IMAP clients
CVE-2003-0302
The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
2003-05-15
2016-10-17
CVE-2003-0302
http://marc.info/?l=bugtraq&m=105294024124163&w=2
BUGTRAQ:20030514 Buffer overflows in multiple IMAP clients
CVE-2003-0303
SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter.
2003-05-17
2016-10-17
CVE-2003-0303
http://www.securityfocus.com/bid/7609
BID:7609
http://marc.info/?l=bugtraq&m=105302025601231&w=2
BUGTRAQ:20030515 OneOrZero Security Problems (PHP)
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html
VULNWATCH:20030515 OneOrZero Security Problems (PHP)
CVE-2003-0304
one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script.
2003-05-17
2016-10-17
CVE-2003-0304
http://marc.info/?l=bugtraq&m=105302025601231&w=2
BUGTRAQ:20030515 OneOrZero Security Problems (PHP)
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html
VULNWATCH:20030515 OneOrZero Security Problems (PHP)
CVE-2003-0305
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
2003-05-17
2017-10-09
CVE-2003-0305
http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml
CISCO:20030515 Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5608
OVAL:oval:org.mitre.oval:def:5608
CVE-2003-0306
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
2003-05-17
2018-10-12
CVE-2003-0306
http://marc.info/?l=bugtraq&m=105284486526310&w=2
BUGTRAQ:20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1
http://marc.info/?l=bugtraq&m=105301349925036&w=2
BUGTRAQ:20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027
MS:MS03-027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095
OVAL:oval:org.mitre.oval:def:3095
http://marc.info/?l=vuln-dev&m=105241032526289&w=2
VULN-DEV:20030507 Buffer overflow in Explorer.exe
CVE-2003-0307
Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field.
2003-05-17
2016-10-17
CVE-2003-0307
http://marc.info/?l=bugtraq&m=105295155004969&w=2
BUGTRAQ:20030514 [VULNERABILITY] PHP 'poster version.two'
CVE-2003-0308
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
2003-05-17
2008-11-11
CVE-2003-0308
http://bugs.debian.org/496408
CONFIRM:http://bugs.debian.org/496408
http://dev.gentoo.org/~rbu/security/debiantemp/sendmail-base
CONFIRM:http://dev.gentoo.org/~rbu/security/debiantemp/sendmail-base
https://bugs.gentoo.org/show_bug.cgi?id=235770
CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=235770
http://www.debian.org/security/2003/dsa-305
DEBIAN:DSA-305
http://www.openwall.com/lists/oss-security/2008/10/30/2
MLIST:[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire
CVE-2003-0309
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
2003-05-17
2018-10-15
CVE-2003-0309
http://www.securityfocus.com/bid/7539
BID:7539
http://marc.info/?l=bugtraq&m=105249399103214&w=2
BUGTRAQ:20030508 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
http://marc.info/?l=bugtraq&m=105294081325040&w=2
BUGTRAQ:20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
http://www.kb.cert.org/vuls/id/251788
CERT-VN:VU#251788
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020
MS:MS03-020
http://marc.info/?l=ntbugtraq&m=105294162726096&w=2
NTBUGTRAQ:20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A948
OVAL:oval:org.mitre.oval:def:948
http://secunia.com/advisories/8807
SECUNIA:8807
https://exchange.xforce.ibmcloud.com/vulnerabilities/12019
XF:ie-frame-restrictions-bypass(12019)
CVE-2003-0310
Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
2003-05-17
2016-10-17
CVE-2003-0310
http://marc.info/?l=bugtraq&m=105310013606680&w=2
BUGTRAQ:20030516 EzPublish Directory XSS Vulnerability
CVE-2003-0311
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0311
CVE-2003-0312
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
2003-05-17
2016-10-17
CVE-2003-0312
http://marc.info/?l=bugtraq&m=105311719128173&w=2
BUGTRAQ:20030516 Snowblind Web Server: multiple issues
CVE-2003-0313
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request.
2003-05-17
2016-10-17
CVE-2003-0313
http://marc.info/?l=bugtraq&m=105311719128173&w=2
BUGTRAQ:20030516 Snowblind Web Server: multiple issues
CVE-2003-0314
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence.
2003-05-17
2016-10-17
CVE-2003-0314
http://marc.info/?l=bugtraq&m=105311719128173&w=2
BUGTRAQ:20030516 Snowblind Web Server: multiple issues
CVE-2003-0315
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow.
2003-05-17
2016-10-17
CVE-2003-0315
http://marc.info/?l=bugtraq&m=105311719128173&w=2
BUGTRAQ:20030516 Snowblind Web Server: multiple issues
CVE-2003-0316
Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.
2003-05-17
2021-06-15
CVE-2003-0316
http://archives.neohapsis.com/archives/bugtraq/2003-05/0188.html
BUGTRAQ:20030516 Venturi Client 2.1 confirmed as open relay [Verizon Wireless Mobile Office]
http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm
MISC:http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm
CVE-2003-0317
iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters.
2003-05-23
2008-10-03
CVE-2003-0317
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=25
IDEFENSE:20030522 Authentication Bypass in iisPROTECT
CVE-2003-0318
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
2003-05-22
2016-10-17
CVE-2003-0318
http://marc.info/?l=bugtraq&m=105319538308834&w=2
BUGTRAQ:20030517 PHP-Nuke code injection in Yearly Stats at Statistics module
CVE-2003-0319
Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command.
2003-05-22
2016-10-17
CVE-2003-0319
http://marc.info/?l=bugtraq&m=105319299407291&w=2
BUGTRAQ:20030517 Buffer overflow vulnerability found in MailMax version 5
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0072.html
VULNWATCH:20030517 Buffer overflow vulnerability found in MailMax version 5
CVE-2003-0320
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.
2003-05-22
2016-10-17
CVE-2003-0320
http://marc.info/?l=bugtraq&m=105320172212990&w=2
BUGTRAQ:20030517 Remote code execution in ttCMS <=v2.3
CVE-2003-0321
Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it.
2003-05-22
2016-10-17
CVE-2003-0321
http://www.securityfocus.com/bid/7096
BID:7096
http://www.securityfocus.com/bid/7097
BID:7097
http://www.securityfocus.com/bid/7099
BID:7099
http://www.securityfocus.com/bid/7100
BID:7100
http://marc.info/?l=bugtraq&m=104766521328322&w=2
BUGTRAQ:20030313 Buffer overflows in ircII-based clients
http://marc.info/?l=bugtraq&m=104852615211913&w=2
BUGTRAQ:20030324 GLSA: bitchx (200303-21)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655
CONECTIVA:CLA-2003:655
http://www.debian.org/security/2003/dsa-306
DEBIAN:DSA-306
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
MISC:http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
CVE-2003-0322
Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash).
2003-05-22
2021-06-15
CVE-2003-0322
http://www.debian.org/security/2003/dsa-306
DEBIAN:DSA-306
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
MISC:http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
CVE-2003-0323
Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
2003-05-22
2016-10-17
CVE-2003-0323
http://www.securityfocus.com/bid/7098
BID:7098
http://marc.info/?l=bugtraq&m=104766521328322&w=2
BUGTRAQ:20030313 Buffer overflows in ircII-based clients
http://marc.info/?l=bugtraq&m=104808915402926&w=2
BUGTRAQ:20030319 [OpenPKG-SA-2003.024] OpenPKG Security Advisory (ircii)
http://www.debian.org/security/2003/dsa-291
DEBIAN:DSA-291
http://www.debian.org/security/2003/dsa-298
DEBIAN:DSA-298
CVE-2003-0324
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.
2003-05-22
2016-10-17
CVE-2003-0324
http://www.securityfocus.com/bid/7091
BID:7091
http://marc.info/?l=bugtraq&m=104766521328322&w=2
BUGTRAQ:20030313 Buffer overflows in ircII-based clients
http://www.debian.org/security/2003/dsa-287
DEBIAN:DSA-287
CVE-2003-0325
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
2003-05-22
2016-10-17
CVE-2003-0325
http://marc.info/?l=bugtraq&m=105337792703887&w=2
BUGTRAQ:20030518 Maelstrom Buffer Overflow
http://marc.info/?l=bugtraq&m=105344501331344&w=2
BUGTRAQ:20030519 Maelstrom exploit
http://marc.info/?l=bugtraq&m=105346309123217&w=2
BUGTRAQ:20030520 Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition
CVE-2003-0326
Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to malloc.
2003-05-22
2016-10-17
CVE-2003-0326
http://www.securityfocus.com/bid/7629
BID:7629
http://marc.info/?l=bugtraq&m=105337692202626&w=2
BUGTRAQ:20030519 bazarr slocate
CVE-2003-0327
Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow.
2003-12-10
2017-07-10
CVE-2003-0327
http://marc.info/?l=bugtraq&m=106936096103805&w=2
BUGTRAQ:20031120 R7-0016: Sybase ASE 12.5 Remote Password Array Denial of Service
http://www.rapid7.com/advisories/R7-0016.html
MISC:http://www.rapid7.com/advisories/R7-0016.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13800
XF:sybase-passwordarray-bo(13800)
CVE-2003-0328
EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.
2003-05-22
2003-05-23
CVE-2003-0328
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1
CONFIRM:ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1
http://www.debian.org/security/2003/dsa-306
DEBIAN:DSA-306
http://www.debian.org/security/2003/dsa-399
DEBIAN:DSA-399
http://www.redhat.com/support/errata/RHSA-2003-342.html
REDHAT:RHSA-2003:342
CVE-2003-0329
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges.
2003-05-22
2016-10-17
CVE-2003-0329
http://marc.info/?l=bugtraq&m=105344578100315&w=2
BUGTRAQ:20030520 Plaintext Password in Settings.ini of CesarFTP
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0074.html
VULNWATCH:20030520 Plaintext Password in Settings.ini of CesarFTP
CVE-2003-0330
Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument.
2003-05-22
2016-10-17
CVE-2003-0330
http://marc.info/?l=bugtraq&m=105344891005369&w=2
BUGTRAQ:20030520 Maelstrom Local Buffer Overflow Exploit
http://www.securitytracker.com/id?1008832
SECTRACK:1008832
CVE-2003-0331
SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page.
2003-05-22
2016-10-17
CVE-2003-0331
http://marc.info/?l=bugtraq&m=105345273210334&w=2
BUGTRAQ:20030520 More vulnerabilities in ttForum/ttCMS -> SQL injection
CVE-2003-0332
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
2003-05-22
2016-10-17
CVE-2003-0332
http://marc.info/?l=bugtraq&m=105346382524169&w=2
BUGTRAQ:20030520 BadBlue Remote Administrative Interface Access Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html
VULNWATCH:20030520 BadBlue Remote Administrative Interface Access Vulnerability
CVE-2003-0333
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.
2003-05-23
2017-07-10
CVE-2003-0333
http://www.securityfocus.com/bid/7627
BID:7627
http://marc.info/?l=bugtraq&m=105189670912220&w=2
BUGTRAQ:20030502 HP-UX 11.0 /usr/bin/kermit
http://marc.info/?l=bugtraq&m=105190667523456&w=2
BUGTRAQ:20030502 Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd)
http://www.kb.cert.org/vuls/id/971364
CERT-VN:VU#971364
http://archives.neohapsis.com/archives/hp/current/0044.html
HP:HPSBUX0305-259
https://exchange.xforce.ibmcloud.com/vulnerabilities/11929
XF:hp-ckermit-bo(11929)
CVE-2003-0334
BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.
2003-05-23
2017-07-10
CVE-2003-0334
http://www.securityfocus.com/bid/7551
BID:7551
http://marc.info/?l=bugtraq&m=105259643606984&w=2
BUGTRAQ:20030510 BitchX: Crash when channel modes change
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655
CONECTIVA:CLA-2003:655
http://www.mandriva.com/security/advisories?name=MDKSA-2003:069
MANDRAKE:MDKSA-2003:069
https://exchange.xforce.ibmcloud.com/vulnerabilities/12008
XF:bitchx-mode-change-dos(12008)
CVE-2003-0335
rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.
2003-05-23
2016-10-17
CVE-2003-0335
http://marc.info/?l=bugtraq&m=105361968110719&w=2
BUGTRAQ:20030522 [slackware-security] quotacheck security fix in rc.M (SSA:2003-141-06)
CVE-2003-0336
Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.
2003-05-23
2016-10-17
CVE-2003-0336
http://marc.info/?l=bugtraq&m=105362278914731&w=2
BUGTRAQ:20030522 Eudora 5.2.1 attachment spoof
CVE-2003-0337
The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes.
2003-05-23
2016-10-17
CVE-2003-0337
http://marc.info/?l=bugtraq&m=105361879109409&w=2
BUGTRAQ:20030522 Security advisory: LSF 5.1 local root exploit
CVE-2003-0338
Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.
2003-05-23
2016-10-17
CVE-2003-0338
http://marc.info/?l=bugtraq&m=105353168619211&w=2
BUGTRAQ:20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0077.html
VULNWATCH:20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability
CVE-2003-0339
Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests.
2003-05-23
2016-10-17
CVE-2003-0339
http://marc.info/?l=bugtraq&m=105353178019353&w=2
BUGTRAQ:20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.
http://marc.info/?l=bugtraq&m=105361764807746&w=2
BUGTRAQ:20030522 WsMp3d remote exploit.
http://marc.info/?l=bugtraq&m=105353178019353&w=2
VULNWATCH:20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.
CVE-2003-0340
Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.
2003-05-23
CVE-2003-0340
http://archives.neohapsis.com/archives/bugtraq/2003-05/0230.html
BUGTRAQ:20030521 Demarc Puresecure v1.6 - Plaintext password issue -
CVE-2003-0341
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.
2003-05-23
2016-10-17
CVE-2003-0341
http://marc.info/?l=bugtraq&m=105353266220520&w=2
BUGTRAQ:20030521 [AP] Owl Intranet Engine CSS Bug
CVE-2003-0342
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges.
2003-05-23
2016-10-17
CVE-2003-0342
http://marc.info/?l=bugtraq&m=105353283720837&w=2
BUGTRAQ:20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration
CVE-2003-0343
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
2003-05-23
2016-10-17
CVE-2003-0343
http://marc.info/?l=bugtraq&m=105353283720837&w=2
BUGTRAQ:20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration
CVE-2003-0344
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
2003-06-06
2018-10-12
CVE-2003-0344
http://marc.info/?l=bugtraq&m=105476381609135&w=2
BUGTRAQ:20030604 Internet Explorer Object Type Property Overflow
http://www.kb.cert.org/vuls/id/679556
CERT-VN:VU#679556
http://www.eeye.com/html/Research/Advisories/AD20030604.html
EEYE:AD20030604
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html
FULLDISC:20030709 IE Object Type Overflow Exploit
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020
MS:MS03-020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922
OVAL:oval:org.mitre.oval:def:922
http://secunia.com/advisories/8943
SECUNIA:8943
CVE-2003-0345
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
2003-07-10
2018-10-12
CVE-2003-0345
http://www.securityfocus.com/bid/8152
BID:8152
http://www.kb.cert.org/vuls/id/337764
CERT-VN:VU#337764
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-024
MS:MS03-024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A118
OVAL:oval:org.mitre.oval:def:118
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A146
OVAL:oval:org.mitre.oval:def:146
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3391
OVAL:oval:org.mitre.oval:def:3391
http://securitytracker.com/id?1007154
SECTRACK:1007154
http://secunia.com/advisories/9225
SECUNIA:9225
https://exchange.xforce.ibmcloud.com/vulnerabilities/12544
XF:win-smb-bo(12544)
CVE-2003-0346
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
2003-07-25
2018-10-12
CVE-2003-0346
http://marc.info/?l=bugtraq&m=105899759824008&w=2
BUGTRAQ:20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption
http://www.cert.org/advisories/CA-2003-18.html
CERT:CA-2003-18
http://www.kb.cert.org/vuls/id/265232
CERT-VN:VU#265232
http://www.kb.cert.org/vuls/id/561284
CERT-VN:VU#561284
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030
MS:MS03-030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095
OVAL:oval:org.mitre.oval:def:1095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104
OVAL:oval:org.mitre.oval:def:1104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218
OVAL:oval:org.mitre.oval:def:218
CVE-2003-0347
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
2003-09-04
2018-10-12
CVE-2003-0347
http://www.securityfocus.com/bid/8534
BID:8534
http://marc.info/?l=bugtraq&m=106262077829157&w=2
BUGTRAQ:20030903 EEYE: VBE Document Property Buffer Overflow
http://www.kb.cert.org/vuls/id/804780
CERT-VN:VU#804780
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037
MS:MS03-037
http://secunia.com/advisories/9666
SECUNIA:9666
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
VULNWATCH:20030903 EEYE: VBE Document Property Buffer Overflow
CVE-2003-0348
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
2003-06-28
2018-10-12
CVE-2003-0348
http://www.securityfocus.com/bid/8034
BID:8034
http://www.kb.cert.org/vuls/id/320516
CERT-VN:VU#320516
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-021
MS:MS03-021
https://exchange.xforce.ibmcloud.com/vulnerabilities/12440
XF:mediaplayer-activex-obtain-information(12440)
CVE-2003-0349
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
2003-06-28
2018-10-12
CVE-2003-0349
http://marc.info/?l=bugtraq&m=105665030925504&w=2
BUGTRAQ:20030626 Windows Media Services Remote Command Execution #2
http://www.kb.cert.org/vuls/id/113716
CERT-VN:VU#113716
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022
MS:MS03-022
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563
NTBUGTRAQ:20030626 Windows Media Services Remote Command Execution #2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938
OVAL:oval:org.mitre.oval:def:938
http://securitytracker.com/id?1007059
SECTRACK:1007059
http://secunia.com/advisories/9115
SECUNIA:9115
CVE-2003-0350
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
2003-07-10
2018-10-12
CVE-2003-0350
http://www.securityfocus.com/bid/8154
BID:8154
http://marc.info/?l=bugtraq&m=105777681615939&w=2
BUGTRAQ:20030709 Microsoft Utility Manager Local Privilege Escalation
http://www.ngssoftware.com/advisories/utilitymanager.txt
MISC:http://www.ngssoftware.com/advisories/utilitymanager.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025
MS:MS03-025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451
OVAL:oval:org.mitre.oval:def:451
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html
VULNWATCH:20030709 Microsoft Utility Manager Local Privilege Escalation
https://exchange.xforce.ibmcloud.com/vulnerabilities/12543
XF:win2k-accessibility-gain-privileges(12543)
CVE-2003-0351
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2004-08-20
2004-08-20
CVE-2003-0351
CVE-2003-0352
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
2003-07-17
2018-10-12
CVE-2003-0352
http://www.securityfocus.com/bid/8205
BID:8205
http://marc.info/?l=bugtraq&m=105838687731618&w=2
BUGTRAQ:20030716 [LSD] Critical security vulnerability in Microsoft Operating Systems
http://marc.info/?l=bugtraq&m=105914789527294&w=2
BUGTRAQ:20030725 The Analysis of LSD's Buffer Overrun in Windows RPC Interface(code revised )
http://www.cert.org/advisories/CA-2003-16.html
CERT:CA-2003-16
http://www.cert.org/advisories/CA-2003-19.html
CERT:CA-2003-19
http://www.kb.cert.org/vuls/id/568148
CERT-VN:VU#568148
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
FULLDISC:20030726 Re: The French BUGTRAQ (New Win RPC Exploit)
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
FULLDISC:20030730 rpcdcom Universal offsets
http://www.xfocus.org/documents/200307/2.html
MISC:http://www.xfocus.org/documents/200307/2.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
MS:MS03-026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
OVAL:oval:org.mitre.oval:def:194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
OVAL:oval:org.mitre.oval:def:2343
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
OVAL:oval:org.mitre.oval:def:296
https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
XF:win-rpc-dcom-bo(12629)
CVE-2003-0353
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
2003-08-21
2018-10-12
CVE-2003-0353
http://www.securityfocus.com/bid/8455
BID:8455
http://marc.info/?l=bugtraq&m=106149556627778&w=2
BUGTRAQ:20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-033
MS:MS03-033
http://marc.info/?l=ntbugtraq&m=106251069107953&w=2
NTBUGTRAQ:20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1039
OVAL:oval:org.mitre.oval:def:1039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6954
OVAL:oval:org.mitre.oval:def:6954
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A961
OVAL:oval:org.mitre.oval:def:961
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A962
OVAL:oval:org.mitre.oval:def:962
CVE-2003-0354
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
2003-06-05
2017-10-09
CVE-2003-0354
http://marc.info/?l=bugtraq&m=105465818929172&w=2
BUGTRAQ:20030603 [OpenPKG-SA-2003.030] OpenPKG Security Advisory (ghostscript)
http://www.mandriva.com/security/advisories?name=MDKSA-2003:065
MANDRAKE:MDKSA-2003:065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A133
OVAL:oval:org.mitre.oval:def:133
http://www.redhat.com/support/errata/RHSA-2003-181.html
REDHAT:RHSA-2003:181
http://www.redhat.com/support/errata/RHSA-2003-182.html
REDHAT:RHSA-2003:182
CVE-2003-0355
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
2003-05-30
CVE-2003-0355
http://www.securityfocus.com/archive/1/320707
BUGTRAQ:20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.
CVE-2003-0356
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
2003-05-30
2017-10-09
CVE-2003-0356
http://www.kb.cert.org/vuls/id/641013
CERT-VN:VU#641013
http://www.ethereal.com/appnotes/enpa-sa-00009.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00009.html
http://www.debian.org/security/2003/dsa-313
DEBIAN:DSA-313
http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
MANDRAKE:MDKSA-2003:067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69
OVAL:oval:org.mitre.oval:def:69
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
CVE-2003-0357
Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.
2003-05-30
2017-10-09
CVE-2003-0357
http://www.securityfocus.com/bid/7494
BID:7494
http://www.securityfocus.com/bid/7495
BID:7495
http://www.kb.cert.org/vuls/id/232164
CERT-VN:VU#232164
http://www.kb.cert.org/vuls/id/361700
CERT-VN:VU#361700
http://www.ethereal.com/appnotes/enpa-sa-00009.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00009.html
http://www.debian.org/security/2003/dsa-313
DEBIAN:DSA-313
http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
MANDRAKE:MDKSA-2003:067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A73
OVAL:oval:org.mitre.oval:def:73
http://rhn.redhat.com/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
CVE-2003-0358
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
2003-05-30
2017-07-10
CVE-2003-0358
http://www.securityfocus.com/bid/6806
BID:6806
http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0
BUGTRAQ:20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow
http://nethack.sourceforge.net/v340/bugmore/secpatch.txt
CONFIRM:http://nethack.sourceforge.net/v340/bugmore/secpatch.txt
http://www.debian.org/security/2003/dsa-316
DEBIAN:DSA-316
http://www.debian.org/security/2003/dsa-350
DEBIAN:DSA-350
https://exchange.xforce.ibmcloud.com/vulnerabilities/11283
XF:nethack-s-command-bo(11283)
CVE-2003-0359
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
2003-06-18
CVE-2003-0359
http://www.debian.org/security/2003/dsa-316
DEBIAN:DSA-316
CVE-2003-0360
Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
2003-05-30
2021-06-15
CVE-2003-0360
http://gps.seul.org/changelog.html
CONFIRM:http://gps.seul.org/changelog.html
http://www.debian.org/security/2003/dsa-307
DEBIAN:DSA-307
CVE-2003-0361
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.
2003-05-30
2021-06-15
CVE-2003-0361
http://gps.seul.org/changelog.html
CONFIRM:http://gps.seul.org/changelog.html
http://www.debian.org/security/2003/dsa-307
DEBIAN:DSA-307
CVE-2003-0362
Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.
2003-05-30
2021-06-15
CVE-2003-0362
http://gps.seul.org/changelog.html
CONFIRM:http://gps.seul.org/changelog.html
http://www.debian.org/security/2003/dsa-307
DEBIAN:DSA-307
CVE-2003-0363
Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers.
2005-04-15
2021-06-15
CVE-2003-0363
http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf
MISC:http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf
CVE-2003-0364
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
2003-06-05
2017-10-09
CVE-2003-0364
http://www.debian.org/security/2003/dsa-311
DEBIAN:DSA-311
http://www.debian.org/security/2003/dsa-312
DEBIAN:DSA-312
http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-332
http://www.debian.org/security/2003/dsa-336
DEBIAN:DSA-336
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A295
OVAL:oval:org.mitre.oval:def:295
http://www.redhat.com/support/errata/RHSA-2003-187.html
REDHAT:RHSA-2003:187
http://www.redhat.com/support/errata/RHSA-2003-195.html
REDHAT:RHSA-2003:195
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.turbolinux.com/security/TLSA-2003-41.txt
TURBO:TLSA-2003-41
CVE-2003-0365
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs.
2003-06-05
2016-10-17
CVE-2003-0365
http://marc.info/?l=bugtraq&m=105427404625027&w=2
BUGTRAQ:20030529 ICQLite executable trojaning
CVE-2003-0366
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
2003-06-18
CVE-2003-0366
http://www.debian.org/security/2003/dsa-318
DEBIAN:DSA-318
CVE-2003-0367
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2003-06-10
2003-06-20
CVE-2003-0367
http://www.securityfocus.com/bid/7872
BID:7872
http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
CONFIRM:http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
http://www.debian.org/security/2003/dsa-308
DEBIAN:DSA-308
http://www.mandriva.com/security/advisories?name=MDKSA-2003:068
MANDRAKE:MDKSA-2003:068
http://www.turbolinux.com/security/TLSA-2003-38.txt
TURBO:TLSA-2003-38
CVE-2003-0368
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
2004-01-14
2017-07-10
CVE-2003-0368
http://www.atstake.com/research/advisories/2003/a060903-1.txt
ATSTAKE:A060903-1
http://www.securityfocus.com/bid/7854
BID:7854
http://www.kb.cert.org/vuls/id/924812
CERT-VN:VU#924812
https://exchange.xforce.ibmcloud.com/vulnerabilities/12221
XF:nokia-ggsn-ip-dos(12221)
CVE-2003-0369
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0369
CVE-2003-0370
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
2003-06-05
2003-06-06
CVE-2003-0370
http://www.securityfocus.com/bid/7520
BID:7520
http://www.securityfocus.com/archive/1/320707
BUGTRAQ:20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.
http://www.kde.org/info/security/advisory-20030602-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20030602-1.txt
http://www.debian.org/security/2003/dsa-361
DEBIAN:DSA-361
http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
FULLDISC:20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability
http://www.redhat.com/support/errata/RHSA-2003-192.html
REDHAT:RHSA-2003:192
http://www.redhat.com/support/errata/RHSA-2003-193.html
REDHAT:RHSA-2003:193
http://www.turbolinux.com/security/TLSA-2003-36.txt
TURBO:TLSA-2003-36
CVE-2003-0371
Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner.
2003-06-06
2016-10-17
CVE-2003-0371
http://marc.info/?l=bugtraq&m=105370592729044&w=2
BUGTRAQ:20030522 Prishtina FTP v.1.*: remote DoS
CVE-2003-0372
Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.
2003-06-06
2016-10-17
CVE-2003-0372
http://www.securityfocus.com/bid/7664
BID:7664
http://marc.info/?l=bugtraq&m=105364059803427&w=2
BUGTRAQ:20030522 Potential security vulnerability in Nessus
http://marc.info/?l=bugtraq&m=105369506714849&w=2
BUGTRAQ:20030523 nessus NASL scripting engine security issues
CVE-2003-0373
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function.
2003-06-06
2016-10-17
CVE-2003-0373
http://www.securityfocus.com/bid/7664
BID:7664
http://marc.info/?l=bugtraq&m=105364059803427&w=2
BUGTRAQ:20030522 Potential security vulnerability in Nessus
http://marc.info/?l=bugtraq&m=105369506714849&w=2
BUGTRAQ:20030523 nessus NASL scripting engine security issues
CVE-2003-0374
Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus."
2003-06-06
2016-10-17
CVE-2003-0374
http://www.securityfocus.com/bid/7664
BID:7664
http://marc.info/?l=bugtraq&m=105364059803427&w=2
BUGTRAQ:20030522 Potential security vulnerability in Nessus
CVE-2003-0375
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter.
2003-06-06
2021-04-29
CVE-2003-0375
http://www.securityfocus.com/bid/7662
BID:7662
http://marc.info/?l=bugtraq&m=105363936402228&w=2
BUGTRAQ:20030522 XMB 1.8 Partagium cross site scripting vulnerability
http://forums.xmbforum.com/viewthread.php?tid=773046
MISC:http://forums.xmbforum.com/viewthread.php?tid=773046
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
MISC:https://docs.xmbforum2.com/index.php?title=Security_Issue_History
CVE-2003-0376
Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . (dot) characters.
2003-06-06
2016-10-17
CVE-2003-0376
http://marc.info/?l=bugtraq&m=105370625529452&w=2
BUGTRAQ:20030523 Eudora 5.2.1 buffer overflow DoS
CVE-2003-0377
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
2003-06-06
2016-10-17
CVE-2003-0377
http://marc.info/?l=bugtraq&m=105370528728225&w=2
BUGTRAQ:20030523 iisPROTECT SQL injection in admin interface
CVE-2003-0378
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.
2003-06-06
2003-06-10
CVE-2003-0378
http://www.kb.cert.org/vuls/id/467828
CERT-VN:VU#467828
http://docs.info.apple.com/article.html?artnum=107579
CONFIRM:http://docs.info.apple.com/article.html?artnum=107579
CVE-2003-0379
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.
2003-06-18
2021-06-15
CVE-2003-0379
http://lists.apple.com/mhonarc/security-announce/msg00030.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00030.html
CVE-2003-0380
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
2003-06-10
2003-06-18
CVE-2003-0380
http://archives.neohapsis.com/archives/bugtraq/2003-06/0056.html
BUGTRAQ:20030606 atftpd bug
http://www.debian.org/security/2003/dsa-314
DEBIAN:DSA-314
http://www.securityfocus.com/archive/82/323886/2003-06-02/2003-06-08/0
VULN-DEV:20030604 possible remote buffer overflow in atftpd
CVE-2003-0381
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
2003-06-20
CVE-2003-0381
http://www.debian.org/security/2003/dsa-323
DEBIAN:DSA-323
CVE-2003-0382
Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.
2003-06-10
2016-10-17
CVE-2003-0382
http://www.securityfocus.com/bid/7708
BID:7708
http://marc.info/?l=bugtraq&m=105427580626001&w=2
BUGTRAQ:20030509 BAZARR CODE NINER PINK TEAM GO GO GO
http://www.debian.org/security/2003/dsa-309
DEBIAN:DSA-309
CVE-2003-0384
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0384
CVE-2003-0385
Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option.
2003-06-10
2016-10-17
CVE-2003-0385
http://marc.info/?l=bugtraq&m=105491469815197&w=2
BUGTRAQ:20030605 BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS
http://www.debian.org/security/2003/dsa-310
DEBIAN:DSA-310
CVE-2003-0386
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
2003-06-10
2017-10-09
CVE-2003-0386
http://www.securityfocus.com/bid/7831
BID:7831
http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0
BUGTRAQ:20030605 OpenSSH remote clent address restriction circumvention
http://www.kb.cert.org/vuls/id/978316
CERT-VN:VU#978316
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
CONFIRM:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894
OVAL:oval:org.mitre.oval:def:9894
http://www.redhat.com/support/errata/RHSA-2006-0298.html
REDHAT:RHSA-2006:0298
http://www.redhat.com/support/errata/RHSA-2006-0698.html
REDHAT:RHSA-2006:0698
http://secunia.com/advisories/21129
SECUNIA:21129
http://secunia.com/advisories/21262
SECUNIA:21262
http://secunia.com/advisories/21724
SECUNIA:21724
http://secunia.com/advisories/22196
SECUNIA:22196
http://secunia.com/advisories/23680
SECUNIA:23680
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
SGI:20060703-01-P
CVE-2003-0387
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0387
CVE-2003-0388
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
2003-06-18
2016-10-17
CVE-2003-0388
http://marc.info/?l=bugtraq&m=105577915506761&w=2
BUGTRAQ:20030616 FW: iDEFENSE Security Advisory 06.16.03: Linux-PAM getlogin() Spoofing
http://www.idefense.com/advisory/06.16.03.txt
MISC:http://www.idefense.com/advisory/06.16.03.txt
http://www.redhat.com/support/errata/RHSA-2004-304.html
REDHAT:RHSA-2004:304
CVE-2003-0389
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
2003-06-20
2021-06-15
CVE-2003-0389
http://www.rapid7.com/advisories/R7-0014.html
MISC:http://www.rapid7.com/advisories/R7-0014.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0112.html
VULNWATCH:20030619 R7-0014: RSA SecurID ACE Agent Cross Site Scripting
CVE-2003-0390
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
2003-06-10
2016-10-17
CVE-2003-0390
http://marc.info/?l=bugtraq&m=105121918523320&w=2
BUGTRAQ:20030424 SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.
http://marc.info/?l=bugtraq&m=105371246204866&w=2
BUGTRAQ:20030523 Re: Options Parsing Tool library buffer overflows.
http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz
CONFIRM:http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz
CVE-2003-0391
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.
2003-06-10
2016-10-17
CVE-2003-0391
http://marc.info/?l=bugtraq&m=105370528428222&w=2
BUGTRAQ:20030523 Magic Winmail Server
http://www.magicwinmail.net/changelog.asp
MISC:http://www.magicwinmail.net/changelog.asp
CVE-2003-0392
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).
2003-06-10
2016-10-17
CVE-2003-0392
http://marc.info/?l=bugtraq&m=105372353017778&w=2
BUGTRAQ:20030523 ST FTP Service v3.0: directory traversal
CVE-2003-0393
Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans.
2003-06-10
2016-10-17
CVE-2003-0393
http://www.securityfocus.com/bid/7700
BID:7700
http://marc.info/?l=bugtraq&m=105380229532320&w=2
BUGTRAQ:20030524 Some problems in Privatefirewall 3.0
CVE-2003-0394
objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site.
2003-06-10
2016-10-17
CVE-2003-0394
http://www.securityfocus.com/bid/7677
BID:7677
http://marc.info/?l=bugtraq&m=105379530927567&w=2
BUGTRAQ:20030524 PHP source code injection in BLNews
CVE-2003-0395
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
2003-06-10
2016-10-17
CVE-2003-0395
http://marc.info/?l=bugtraq&m=105379741528925&w=2
BUGTRAQ:20030524 UPB: Discussion Board/Web-Site Takeover
http://f0kp.iplus.ru/bz/024.en.txt
MISC:http://f0kp.iplus.ru/bz/024.en.txt
CVE-2003-0396
Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument.
2003-06-10
2017-07-10
CVE-2003-0396
http://www.securityfocus.com/bid/7437
BID:7437
http://marc.info/?l=bugtraq&m=105154433926396&w=2
BUGTRAQ:20030428 ATM on Linux Exploit Code Release (les, local)
http://marc.info/?l=bugtraq&m=105405560021979&w=2
BUGTRAQ:20030524 ATM on linux Exploit(les,local)
http://sourceforge.net/project/shownotes.php?release_id=156242
MISC:http://sourceforge.net/project/shownotes.php?release_id=156242
http://www.securiteam.com/exploits/5EP0M1P9PO.html
MISC:http://www.securiteam.com/exploits/5EP0M1P9PO.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11903
XF:atmonlinux-les-command-bo(11903)
CVE-2003-0397
Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 and possibly other versions and products, allows remote attackers to execute arbitrary code via a packet containing a large list of supernodes, aka "Packet 0' death."
2003-06-11
2016-10-17
CVE-2003-0397
http://www.securityfocus.com/bid/7680
BID:7680
http://marc.info/?l=bugtraq&m=105405708923565&w=2
BUGTRAQ:20030526 The PACKET 0' DEATH FastTrack network vulnerability
http://www.iss.net/security_center/static/12086.php
XF:fastrack-packet-0-bo(12086)
CVE-2003-0398
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.
2003-06-11
2016-10-17
CVE-2003-0398
http://www.securityfocus.com/bid/7685
BID:7685
http://marc.info/?l=bugtraq&m=105405734223874&w=2
BUGTRAQ:20030526 S21SEC-016 - Vignette SSI Injection
http://www.s21sec.com/es/avisos/s21sec-016-en.txt
MISC:http://www.s21sec.com/es/avisos/s21sec-016-en.txt
http://www.iss.net/security_center/static/12077.php
XF:vignette-ssi-command-execution(12077)
CVE-2003-0399
Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.
2003-06-11
2016-10-17
CVE-2003-0399
http://www.securityfocus.com/bid/7683
BID:7683
http://marc.info/?l=bugtraq&m=105405874325673&w=2
BUGTRAQ:20030526 S21SEC-017 - Vignette /vgn/legacy/save SQL access
http://www.s21sec.com/es/avisos/s21sec-017-en.txt
MISC:http://www.s21sec.com/es/avisos/s21sec-017-en.txt
http://www.iss.net/security_center/static/12076.php
XF:vignette-save-obtain-information(12076)
CVE-2003-0400
Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports.
2003-06-11
2016-10-17
CVE-2003-0400
http://www.securityfocus.com/bid/7684
BID:7684
http://marc.info/?l=bugtraq&m=105405985126857&w=2
BUGTRAQ:20030526 S21SEC-018 - Vignette memory leak AIX Platform
http://www.s21sec.com/es/avisos/s21sec-018-en.txt
MISC:http://www.s21sec.com/es/avisos/s21sec-018-en.txt
http://www.iss.net/security_center/static/12075.php
XF:vignette-memory-leak(12075)
CVE-2003-0401
Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template.
2003-06-11
2016-10-17
CVE-2003-0401
http://www.securityfocus.com/bid/7688
BID:7688
http://marc.info/?l=bugtraq&m=105405793324661&w=2
BUGTRAQ:20030526 S21SEC-019 - Vignette /vgn/style internal information leak
http://www.s21sec.com/es/avisos/s21sec-019-en.txt
MISC:http://www.s21sec.com/es/avisos/s21sec-019-en.txt
http://www.iss.net/security_center/static/12074.php
XF:vignette-style-info-disclosure(12074)
CVE-2003-0402
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks.
2003-06-11
2016-10-17
CVE-2003-0402
http://www.securityfocus.com/bid/7691
BID:7691
http://marc.info/?l=bugtraq&m=105405880325755&w=2
BUGTRAQ:20030526 S21SEC-020 - Vignette user enumeration
http://www.s21sec.com/en/avisos/s21sec-020-en.txt
MISC:http://www.s21sec.com/en/avisos/s21sec-020-en.txt
http://www.iss.net/security_center/static/12073.php
XF:vignette-login-account-bruteforce(12073)
CVE-2003-0403
Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template.
2003-06-11
2016-10-17
CVE-2003-0403
http://www.securityfocus.com/bid/7694
BID:7694
http://marc.info/?l=bugtraq&m=105405789924612&w=2
BUGTRAQ:20030526 S21SEC-021 - Vignette License access and modification
http://www.s21sec.com/es/avisos/s21sec-021-en.txt
MISC:http://www.s21sec.com/es/avisos/s21sec-021-en.txt
http://www.iss.net/security_center/static/12072.php
XF:vignette-license-modification(12072)
CVE-2003-0404
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
2003-06-11
2016-10-17
CVE-2003-0404
http://www.securityfocus.com/bid/7687
BID:7687
http://marc.info/?l=bugtraq&m=105406028027360&w=2
BUGTRAQ:20030526 S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities
http://www.s21sec.com/es/avisos/s21sec-023-en.txt
MISC:http://www.s21sec.com/es/avisos/s21sec-023-en.txt
http://www.iss.net/security_center/static/12071.php
XF:vignette-multiple-xss(12071)
CVE-2003-0405
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
2003-06-11
2016-10-17
CVE-2003-0405
http://www.securityfocus.com/bid/7690
BID:7690
http://www.securityfocus.com/bid/7692
BID:7692
http://marc.info/?l=bugtraq&m=105405922826197&w=2
BUGTRAQ:20030526 S21SEC-024 - Vignette TCL Injection
http://www.s21sec.com/es/avisos/s21sec-024-en.txt
MISC:http://www.s21sec.com/es/avisos/s21sec-024-en.txt
http://www.iss.net/security_center/static/12070.php
XF:vignette-tcl-code-execution(12070)
CVE-2003-0406
PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges.
2003-06-11
2016-10-17
CVE-2003-0406
http://www.securityfocus.com/bid/7696
BID:7696
http://marc.info/?l=bugtraq&m=105405691423389&w=2
BUGTRAQ:20030526 PalmVNC 1.40 Insecure Records
http://www.iss.net/security_center/static/12083.php
XF:palmvnc-plaintext-passwords(12083)
CVE-2003-0407
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
2003-06-11
2016-10-17
CVE-2003-0407
http://www.securityfocus.com/bid/7699
BID:7699
http://marc.info/?l=bugtraq&m=105405668423102&w=2
BUGTRAQ:20030526 [Priv8security_Advisory]_Batalla_Naval_remote_overflow
http://www.iss.net/security_center/static/12087.php
XF:batalla-naval-bo(12087)
CVE-2003-0408
Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument.
2003-06-11
2016-10-17
CVE-2003-0408
http://www.securityfocus.com/bid/7703
BID:7703
http://marc.info/?l=bugtraq&m=105405629622652&w=2
BUGTRAQ:20030527 NuxAcid#002 - Buffer Overflow in UpClient
http://www.iss.net/security_center/static/12131.php
XF:upclient-command-line-bo(12131)
CVE-2003-0409
Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.
2003-06-11
2016-10-17
CVE-2003-0409
http://www.securityfocus.com/bid/7695
BID:7695
http://marc.info/?l=bugtraq&m=105405836025160&w=2
BUGTRAQ:20030527 BRS WebWeaver: POST and HEAD Overflaws
http://www.iss.net/security_center/static/12107.php
XF:webweaver-head-post-bo(12107)
CVE-2003-0410
Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execute arbitrary code via a long URL to port 6588.
2003-06-11
2016-10-17
CVE-2003-0410
http://www.securityfocus.com/bid/7681
BID:7681
http://marc.info/?l=bugtraq&m=105406759403978&w=2
BUGTRAQ:20030526 NII Advisory - Buffer Overflow in Analogx Proxy
http://www.analogx.com/contents/download/network/proxy.htm
CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0082.html
VULNWATCH:20030526 NII Advisory - Buffer Overflow in Analogx Proxy
http://www.iss.net/security_center/static/12068.php
XF:analogx-proxy-url-bo(12068)
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
2003-06-11
2016-10-17
CVE-2003-0411
http://www.securityfocus.com/bid/7709
BID:7709
http://marc.info/?l=bugtraq&m=105409846029475&w=2
BUGTRAQ:20030526 Multiple Vulnerabilities in Sun-One Application Server
http://www.ciac.org/ciac/bulletins/n-103.shtml
CIAC:N-103
http://www.spidynamics.com/sunone_alert.html
MISC:http://www.spidynamics.com/sunone_alert.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
SUNALERT:1000610
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
SUNALERT:55221
http://www.iss.net/security_center/static/12093.php
XF:sunone-jsp-source-disclosure(12093)
CVE-2003-0412
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.
2003-06-11
2016-10-17
CVE-2003-0412
http://www.securityfocus.com/bid/7711
BID:7711
http://marc.info/?l=bugtraq&m=105409846029475&w=2
BUGTRAQ:20030526 Multiple Vulnerabilities in Sun-One Application Server
http://www.ciac.org/ciac/bulletins/n-103.shtml
CIAC:N-103
http://www.spidynamics.com/sunone_alert.html
MISC:http://www.spidynamics.com/sunone_alert.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
SUNALERT:1000610
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
SUNALERT:55221
CVE-2003-0413
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
2003-06-11
2016-10-17
CVE-2003-0413
http://www.securityfocus.com/bid/7710
BID:7710
http://marc.info/?l=bugtraq&m=105409846029475&w=2
BUGTRAQ:20030526 Multiple Vulnerabilities in Sun-One Application Server
http://www.ciac.org/ciac/bulletins/n-103.shtml
CIAC:N-103
http://www.spidynamics.com/sunone_alert.html
MISC:http://www.spidynamics.com/sunone_alert.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
SUNALERT:1000610
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201009-1
SUNALERT:201009
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
SUNALERT:55221
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57605
SUNALERT:57605
http://www.iss.net/security_center/static/12095.php
XF:sunone-http-error-xss(12095)
CVE-2003-0414
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.
2003-06-11
2016-10-17
CVE-2003-0414
http://www.securityfocus.com/bid/7712
BID:7712
http://marc.info/?l=bugtraq&m=105409846029475&w=2
BUGTRAQ:20030526 Multiple Vulnerabilities in Sun-One Application Server
http://www.ciac.org/ciac/bulletins/n-103.shtml
CIAC:N-103
http://www.spidynamics.com/sunone_alert.html
MISC:http://www.spidynamics.com/sunone_alert.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
SUNALERT:1000610
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
SUNALERT:55221
http://www.iss.net/security_center/static/12096.php
XF:sunone-insecure-file-permissions(12096)
CVE-2003-0415
Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server.
2003-06-11
2016-10-17
CVE-2003-0415
http://www.securityfocus.com/bid/7698
BID:7698
http://marc.info/?l=bugtraq&m=105417988811698&w=2
BUGTRAQ:20030528 Remote PC Access Server 2.2 Vulnerability
http://www.ytech.co.il/advisories/rpca/rpcaccess.htm
MISC:http://www.ytech.co.il/advisories/rpca/rpcaccess.htm
CVE-2003-0416
Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action.
2003-06-11
2016-10-17
CVE-2003-0416
http://www.securityfocus.com/bid/7729
BID:7729
http://marc.info/?l=bugtraq&m=105418152212771&w=2
BUGTRAQ:20030528 Bandmin 1.4 XSS Exploit
http://www.iss.net/security_center/static/12108.php
XF:bandmin-index-xss(12108)
CVE-2003-0417
Directory traversal vulnerability in Son hServer 0.2 allows remote attackers to read arbitrary files via ".|." (modified dot-dot) sequences.
2003-06-11
2016-10-17
CVE-2003-0417
http://www.securityfocus.com/bid/7717
BID:7717
http://marc.info/?l=bugtraq&m=105417983711685&w=2
BUGTRAQ:20030529 Son hServer v0.2: directory traversal
http://www.iss.net/security_center/static/12103.php
XF:sonhserver-pipe-directory-traversal(12103)
CVE-2003-0418
The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.
2003-06-18
2016-10-17
CVE-2003-0418
http://marc.info/?l=bugtraq&m=105519179005065&w=2
BUGTRAQ:20030609 Linux 2.0 remote info leak from too big icmp citation
http://www.kb.cert.org/vuls/id/471084
CERT-VN:VU#471084
http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
MISC:http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
CVE-2003-0419
SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface.
2003-06-18
2021-06-15
CVE-2003-0419
http://www.idefense.com/advisory/06.11.03.txt
MISC:http://www.idefense.com/advisory/06.11.03.txt
CVE-2003-0420
Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
2005-04-14
2017-07-10
CVE-2003-0420
http://www.auscert.org.au/render.html?it=3165
AUSCERT:ESB-2003.0415
http://www.securityfocus.com/bid/7894
BID:7894
http://www.kb.cert.org/vuls/id/JPLA-5NTL8E
MISC:http://www.kb.cert.org/vuls/id/JPLA-5NTL8E
http://secunia.com/advisories/9025/
SECUNIA:9025
https://exchange.xforce.ibmcloud.com/vulnerabilities/12342
XF:macos-dsimportexport-obtain-information(12342)
CVE-2003-0421
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
2003-07-25
2014-11-21
CVE-2003-0421
http://www.rapid7.com/advisories/R7-0015.html
MISC:http://www.rapid7.com/advisories/R7-0015.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
VULNWATCH:20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
CVE-2003-0422
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
2003-07-25
2014-11-21
CVE-2003-0422
http://www.rapid7.com/advisories/R7-0015.html
MISC:http://www.rapid7.com/advisories/R7-0015.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
VULNWATCH:20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
CVE-2003-0423
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
2003-07-25
2014-11-21
CVE-2003-0423
http://www.rapid7.com/advisories/R7-0015.html
MISC:http://www.rapid7.com/advisories/R7-0015.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
VULNWATCH:20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
CVE-2003-0424
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
2003-07-25
2014-11-21
CVE-2003-0424
http://www.rapid7.com/advisories/R7-0015.html
MISC:http://www.rapid7.com/advisories/R7-0015.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
VULNWATCH:20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
CVE-2003-0425
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
2003-07-25
2014-11-21
CVE-2003-0425
http://www.rapid7.com/advisories/R7-0015.html
MISC:http://www.rapid7.com/advisories/R7-0015.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
VULNWATCH:20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
CVE-2003-0426
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
2003-07-25
2014-11-21
CVE-2003-0426
http://www.rapid7.com/advisories/R7-0015.html
MISC:http://www.rapid7.com/advisories/R7-0015.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
VULNWATCH:20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
CVE-2003-0427
Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
2003-06-20
2017-10-09
CVE-2003-0427
http://www.debian.org/security/2003/dsa-320
DEBIAN:DSA-320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10194
OVAL:oval:org.mitre.oval:def:10194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A647
OVAL:oval:org.mitre.oval:def:647
http://www.redhat.com/support/errata/RHSA-2005-506.html
REDHAT:RHSA-2005:506
CVE-2003-0428
Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.
2003-06-18
2017-10-09
CVE-2003-0428
http://www.kb.cert.org/vuls/id/542540
CERT-VN:VU#542540
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
CONECTIVA:CLA-2003:662
http://www.ethereal.com/appnotes/enpa-sa-00010.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
http://www.debian.org/security/2003/dsa-324
DEBIAN:DSA-324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A75
OVAL:oval:org.mitre.oval:def:75
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
SCO:CSSA-2003-030.0
http://secunia.com/advisories/9007
SECUNIA:9007
CVE-2003-0429
The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.
2003-06-18
2017-10-09
CVE-2003-0429
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
CONECTIVA:CLA-2003:662
http://www.ethereal.com/appnotes/enpa-sa-00010.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
http://www.debian.org/security/2003/dsa-324
DEBIAN:DSA-324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A84
OVAL:oval:org.mitre.oval:def:84
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
SCO:CSSA-2003-030.0
http://secunia.com/advisories/9007
SECUNIA:9007
CVE-2003-0430
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.
2003-06-18
2017-10-09
CVE-2003-0430
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
CONECTIVA:CLA-2003:662
http://www.ethereal.com/appnotes/enpa-sa-00010.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A88
OVAL:oval:org.mitre.oval:def:88
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
SCO:CSSA-2003-030.0
http://secunia.com/advisories/9007
SECUNIA:9007
CVE-2003-0431
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.
2003-06-18
2017-10-09
CVE-2003-0431
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
CONECTIVA:CLA-2003:662
http://www.ethereal.com/appnotes/enpa-sa-00010.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
http://www.debian.org/security/2003/dsa-324
DEBIAN:DSA-324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A101
OVAL:oval:org.mitre.oval:def:101
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
SCO:CSSA-2003-030.0
http://secunia.com/advisories/9007
SECUNIA:9007
CVE-2003-0432
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.
2003-06-18
2017-10-09
CVE-2003-0432
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
CONECTIVA:CLA-2003:662
http://www.ethereal.com/appnotes/enpa-sa-00010.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
http://www.debian.org/security/2003/dsa-324
DEBIAN:DSA-324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106
OVAL:oval:org.mitre.oval:def:106
http://www.redhat.com/support/errata/RHSA-2003-077.html
REDHAT:RHSA-2003:077
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
SCO:CSSA-2003-030.0
http://secunia.com/advisories/9007
SECUNIA:9007
CVE-2003-0433
Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code.
2003-06-18
CVE-2003-0433
http://www.debian.org/security/2003/dsa-315
DEBIAN:DSA-315
CVE-2003-0434
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
2003-06-18
2017-10-09
CVE-2003-0434
http://marc.info/?l=bugtraq&m=105777963019186&w=2
BUGTRAQ:20030709 xpdf vulnerability - CAN-2003-0434
http://www.kb.cert.org/vuls/id/200132
CERT-VN:VU#200132
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
FULLDISC:20030613 -10Day CERT Advisory on PDF Files
http://www.mandriva.com/security/advisories?name=MDKSA-2003:071
MANDRAKE:MDKSA-2003:071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664
OVAL:oval:org.mitre.oval:def:664
http://www.redhat.com/support/errata/RHSA-2003-196.html
REDHAT:RHSA-2003:196
http://www.redhat.com/support/errata/RHSA-2003-197.html
REDHAT:RHSA-2003:197
http://secunia.com/advisories/9037
SECUNIA:9037
http://secunia.com/advisories/9038
SECUNIA:9038
CVE-2003-0435
Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code.
2003-06-18
2016-10-17
CVE-2003-0435
http://marc.info/?l=bugtraq&m=105553002105111&w=2
BUGTRAQ:20030612 BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU
http://www.debian.org/security/2003/dsa-322
DEBIAN:DSA-322
CVE-2003-0436
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
2003-06-20
2005-03-21
CVE-2003-0436
http://www.securityfocus.com/bid/7865
BID:7865
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html
FULLDISC:20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow
CVE-2003-0437
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.
2003-06-20
2005-03-21
CVE-2003-0437
http://www.securityfocus.com/bid/7866
BID:7866
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html
FULLDISC:20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow
CVE-2003-0438
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
2003-06-28
CVE-2003-0438
http://www.debian.org/security/2003/dsa-325
DEBIAN:DSA-325
CVE-2003-0439
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0439
CVE-2003-0440
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2003-07-10
2017-10-09
CVE-2003-0440
http://www.debian.org/security/2003/dsa-339
DEBIAN:DSA-339
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A569
OVAL:oval:org.mitre.oval:def:569
http://www.redhat.com/support/errata/RHSA-2003-231.html
REDHAT:RHSA-2003:231
http://www.redhat.com/support/errata/RHSA-2003-234.html
REDHAT:RHSA-2003:234
CVE-2003-0441
Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges.
2004-02-19
2017-07-10
CVE-2003-0441
http://www.securityfocus.com/bid/7988
BID:7988
http://www.debian.org/security/2003/dsa-326
DEBIAN:DSA-326
https://exchange.xforce.ibmcloud.com/vulnerabilities/12381
XF:orvillewrite-variables-bo(12381)
CVE-2003-0442
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
2003-06-20
2017-10-09
CVE-2003-0442
http://www.securityfocus.com/bid/7761
BID:7761
http://marc.info/?l=bugtraq&m=105449314612963&w=2
BUGTRAQ:20030530 PHP Trans SID XSS (Was: New php release with security fixes)
http://marc.info/?l=bugtraq&m=105760591228031&w=2
BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
http://www.ciac.org/ciac/bulletins/n-112.shtml
CIAC:N-112
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
CONECTIVA:CLSA-2003:691
http://www.debian.org/security/2003/dsa-351
DEBIAN:DSA-351
http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
MANDRAKE:MDKSA-2003:082
http://shh.thathost.com/secadv/2003-05-11-php.txt
MISC:http://shh.thathost.com/secadv/2003-05-11-php.txt
http://www.osvdb.org/4758
OSVDB:4758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485
OVAL:oval:org.mitre.oval:def:485
http://www.redhat.com/support/errata/RHSA-2003-204.html
REDHAT:RHSA-2003:204
SCO:CSSA-2003-SCO.28
http://www.securitytracker.com/id?1008653
SECTRACK:1008653
http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
TURBO:TLSA-2003-47
https://exchange.xforce.ibmcloud.com/vulnerabilities/12259
XF:php-session-id-xss(12259)
CVE-2003-0443
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0443
CVE-2003-0444
Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths.
2004-03-10
2017-07-10
CVE-2003-0444
http://www.securityfocus.com/bid/8061
BID:8061
http://www.debian.org/security/2003/dsa-337
DEBIAN:DSA-337
https://exchange.xforce.ibmcloud.com/vulnerabilities/12462
XF:gtksee-png-bo(12462)
CVE-2003-0445
Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.
2003-06-24
CVE-2003-0445
http://www.debian.org/security/2003/dsa-328
DEBIAN:DSA-328
CVE-2003-0446
Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.
2003-06-20
2017-07-10
CVE-2003-0446
http://www.securityfocus.com/bid/7938
BID:7938
http://marc.info/?l=bugtraq&m=105585986015421&w=2
BUGTRAQ:20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html
BUGTRAQ:20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
http://marc.info/?l=bugtraq&m=105595990924165&w=2
BUGTRAQ:20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html
FULLDISC:20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
http://security.greymagic.com/adv/gm013-ie/
MISC:http://security.greymagic.com/adv/gm013-ie/
http://marc.info/?l=ntbugtraq&m=105585001905002&w=2
NTBUGTRAQ:20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)
http://www.osvdb.org/3065
OSVDB:3065
http://secunia.com/advisories/9055
SECUNIA:9055
https://exchange.xforce.ibmcloud.com/vulnerabilities/12334
XF:ie-msxml-xss(12334)
CVE-2003-0447
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
2003-06-20
2016-10-17
CVE-2003-0447
http://marc.info/?l=bugtraq&m=105585933614773&w=2
BUGTRAQ:20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html
FULLDISC:20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
http://security.greymagic.com/adv/gm014-ie/
MISC:http://security.greymagic.com/adv/gm014-ie/
http://marc.info/?l=ntbugtraq&m=105585142406147&w=2
NTBUGTRAQ:20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)
CVE-2003-0448
Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.
2003-06-20
2016-10-17
CVE-2003-0448
http://marc.info/?l=bugtraq&m=105588111714856&w=2
BUGTRAQ:20030618 Portmon file arbitrary read/write access vulnerability
CVE-2003-0449
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
2003-06-20
2016-10-17
CVE-2003-0449
http://marc.info/?l=bugtraq&m=105561134624665&w=2
BUGTRAQ:20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue
http://marc.info/?l=bugtraq&m=105561189625082&w=2
BUGTRAQ:20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue
http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt
MISC:http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt
http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt
MISC:http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt
CVE-2003-0450
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
2003-06-20
2003-06-28
CVE-2003-0450
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000664
CONECTIVA:CLA-2003:664
http://www.debian.org/security/2003/dsa-321
DEBIAN:DSA-321
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063
MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063
http://www.novell.com/linux/security/advisories/2003_030_radiusd_cistron.html
SUSE:SuSE-SA:2003:030
http://www.turbolinux.com/security/TLSA-2003-40.txt
TURBO:TLSA-2003-40
CVE-2003-0451
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments.
2003-06-24
CVE-2003-0451
http://www.debian.org/security/2003/dsa-327
DEBIAN:DSA-327
CVE-2003-0452
Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections."
2003-06-24
CVE-2003-0452
http://www.debian.org/security/2003/dsa-329
DEBIAN:DSA-329
CVE-2003-0453
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
2003-06-24
2016-10-17
CVE-2003-0453
http://marc.info/?l=bugtraq&m=105613905425563&w=2
BUGTRAQ:20030620 BAZARR FAREWELL
http://www.debian.org/security/2003/dsa-348
DEBIAN:DSA-348
CVE-2003-0454
Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable.
2003-07-04
CVE-2003-0454
http://www.debian.org/security/2003/dsa-334
DEBIAN:DSA-334
CVE-2003-0455
The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.
2003-07-04
2016-10-17
CVE-2003-0455
http://marc.info/?l=bugtraq&m=105786393628728&w=2
BUGTRAQ:20030710 [OpenPKG-SA-2003.034] OpenPKG Security Advisory (imagemagick)
http://www.debian.org/security/2003/dsa-331
DEBIAN:DSA-331
http://www.redhat.com/support/errata/RHSA-2004-494.html
REDHAT:RHSA-2004:494
CVE-2003-0456
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
2003-07-15
2017-07-10
CVE-2003-0456
http://www.securityfocus.com/bid/8075
BID:8075
http://marc.info/?l=bugtraq&m=105733894003737&w=2
BUGTRAQ:20030701 VisNetic WebSite Path Disclosure Vulnerability
http://www.krusesecurity.dk/advisories/vis0103.txt
MISC:http://www.krusesecurity.dk/advisories/vis0103.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html
VULNWATCH:20030701 VisNetic WebSite Path Disclosure Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/12483
XF:visnetic-website-path-disclosure(12483)
CVE-2003-0457
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0457
CVE-2003-0458
Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges.
2003-07-17
CVE-2003-0458
http://www.securityfocus.com/bid/8080
BID:8080
http://www.securityfocus.com/advisories/5545
HP:SSRT3488
CVE-2003-0459
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
2003-08-01
2017-10-09
CVE-2003-0459
http://marc.info/?l=bugtraq&m=105986238428061&w=2
BUGTRAQ:20030802 [slackware-security] KDE packages updated (SSA:2003-213-01)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
CONECTIVA:CLA-2003:747
http://www.kde.org/info/security/advisory-20030729-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20030729-1.txt
http://www.debian.org/security/2003/dsa-361
DEBIAN:DSA-361
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
FULLDISC:20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak
http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
MANDRAKE:MDKSA-2003:079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411
OVAL:oval:org.mitre.oval:def:411
http://www.redhat.com/support/errata/RHSA-2003-235.html
REDHAT:RHSA-2003:235
http://www.redhat.com/support/errata/RHSA-2003-236.html
REDHAT:RHSA-2003:236
http://www.turbolinux.com/security/TLSA-2003-45.txt
TURBO:TLSA-2003-45
CVE-2003-0460
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
2003-07-25
2021-06-06
CVE-2003-0460
http://www.kb.cert.org/vuls/id/694428
CERT-VN:VU#694428
http://www.apache.org/dist/httpd/Announcement.html
CONFIRM:http://www.apache.org/dist/httpd/Announcement.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
CVE-2003-0461
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
2003-07-25
2017-10-09
CVE-2003-0461
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304
OVAL:oval:org.mitre.oval:def:304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330
OVAL:oval:org.mitre.oval:def:9330
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997
OVAL:oval:org.mitre.oval:def:997
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2004-188.html
REDHAT:RHSA-2004:188
CVE-2003-0462
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
2003-07-25
2017-10-09
CVE-2003-0462
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309
OVAL:oval:org.mitre.oval:def:309
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2003-239.html
REDHAT:RHSA-2003:239
CVE-2003-0463
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
2006-02-07
CVE-2003-0463
CVE-2003-0464
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.
2003-07-25
2017-10-09
CVE-2003-0464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311
OVAL:oval:org.mitre.oval:def:311
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
SUSE:SuSE-SA:2003:034
CVE-2003-0465
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
2003-07-15
2017-10-09
CVE-2003-0465
http://marc.info/?l=linux-kernel&m=105796021120436&w=2
CONFIRM:http://marc.info/?l=linux-kernel&m=105796021120436&w=2
http://marc.info/?l=linux-kernel&m=105796415223490&w=2
CONFIRM:http://marc.info/?l=linux-kernel&m=105796415223490&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285
OVAL:oval:org.mitre.oval:def:10285
http://www.redhat.com/support/errata/RHSA-2004-188.html
REDHAT:RHSA-2004:188
CVE-2003-0466
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
2003-08-01
2017-10-09
CVE-2003-0466
http://www.securityfocus.com/bid/8315
BID:8315
http://marc.info/?l=bugtraq&m=105967301604815&w=2
BUGTRAQ:20030731 wu-ftpd fb_realpath() off-by-one bug
http://marc.info/?l=bugtraq&m=106002488209129&w=2
BUGTRAQ:20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)
http://marc.info/?l=bugtraq&m=106001702232325&w=2
BUGTRAQ:20030804 wu-ftpd-2.6.2 off-by-one remote exploit.
http://www.securityfocus.com/archive/1/424852/100/0/threaded
BUGTRAQ:20060213 Latest wu-ftpd exploit :-s
http://www.securityfocus.com/archive/1/425061/100/0/threaded
BUGTRAQ:20060214 Re: Latest wu-ftpd exploit :-s
http://www.kb.cert.org/vuls/id/743092
CERT-VN:VU#743092
http://www.debian.org/security/2003/dsa-357
DEBIAN:DSA-357
http://marc.info/?l=bugtraq&m=106001410028809&w=2
FREEBSD:FreeBSD-SA-03:08
HP:SSRT3606
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01
IMMUNIX:IMNX-2003-7+-019-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:080
MANDRAKE:MDKSA-2003:080
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
MISC:http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc
NETBSD:NetBSD-SA2003-011.txt.asc
http://www.osvdb.org/6602
OSVDB:6602
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970
OVAL:oval:org.mitre.oval:def:1970
http://www.redhat.com/support/errata/RHSA-2003-245.html
REDHAT:RHSA-2003:245
http://www.redhat.com/support/errata/RHSA-2003-246.html
REDHAT:RHSA-2003:246
SCO:CSSA-2003-SCO.20
http://securitytracker.com/id?1007380
SECTRACK:1007380
http://secunia.com/advisories/9423
SECUNIA:9423
http://secunia.com/advisories/9446
SECUNIA:9446
http://secunia.com/advisories/9447
SECUNIA:9447
http://secunia.com/advisories/9535
SECUNIA:9535
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1
SUNALERT:1001257
http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html
SUSE:SuSE-SA:2003:032
http://www.turbolinux.com/security/TLSA-2003-46.txt
TURBO:TLSA-2003-46
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html
VULNWATCH:20030731 wu-ftpd fb_realpath() off-by-one bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/12785
XF:libc-realpath-offbyone-bo(12785)
CVE-2003-0467
Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error.
2003-08-05
2016-10-17
CVE-2003-0467
http://marc.info/?l=bugtraq&m=105985703724758&w=2
BUGTRAQ:20030802 [SECURITY] Netfilter Security Advisory: NAT Remote DOS (SACK mangle)
CVE-2003-0468
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
2003-08-05
2017-10-09
CVE-2003-0468
http://www.securityfocus.com/bid/8333
BID:8333
http://marc.info/?l=bugtraq&m=106001525130257&w=2
BUGTRAQ:20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
CONECTIVA:CLA-2003:717
http://www.debian.org/security/2003/dsa-363
DEBIAN:DSA-363
http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
MANDRAKE:MDKSA-2003:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522
OVAL:oval:org.mitre.oval:def:522
http://www.redhat.com/support/errata/RHSA-2003-251.html
REDHAT:RHSA-2003:251
http://secunia.com/advisories/9433
SECUNIA:9433
http://www.novell.com/linux/security/advisories/2003_033_postfix.html
SUSE:SuSE-SA:2003:033
CVE-2003-0469
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
2003-06-28
2018-10-12
CVE-2003-0469
http://www.securityfocus.com/bid/8016
BID:8016
http://marc.info/?l=bugtraq&m=105639925122961&w=2
BUGTRAQ:20030622 Internet Explorer >=5.0 : Buffer overflow
http://www.cert.org/advisories/CA-2003-14.html
CERT:CA-2003-14
http://www.kb.cert.org/vuls/id/823260
CERT-VN:VU#823260
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html
FULLDISC:20030625 Re: Internet Explorer >=5.0 : Buffer overflow
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html
FULLDISC:20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023
MS:MS03-023
CVE-2003-0470
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.
2003-06-28
2017-07-10
CVE-2003-0470
http://www.securityfocus.com/bid/8008
BID:8008
http://marc.info/?l=bugtraq&m=105647537823877&w=2
BUGTRAQ:20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow
http://www.kb.cert.org/vuls/id/527228
CERT-VN:VU#527228
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006014.html
FULLDISC:20030622 Symantec ActiveX control buffer overflow
http://securitytracker.com/id?1007029
SECTRACK:1007029
http://secunia.com/advisories/9091
SECUNIA:9091
https://exchange.xforce.ibmcloud.com/vulnerabilities/12423
XF:symantec-security-activex-bo(12423)
CVE-2003-0471
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.
2003-06-28
2016-10-17
CVE-2003-0471
http://www.securityfocus.com/bid/8024
BID:8024
http://marc.info/?l=bugtraq&m=105648385900792&w=2
BUGTRAQ:20030624 Re: WebAdmin from ALT-N remote exploit PoC
http://marc.info/?l=bugtraq&m=105647081418155&w=2
BUGTRAQ:20030624 Remote Buffer Overrun WebAdmin.exe
http://www.osvdb.org/2207
OSVDB:2207
CVE-2003-0472
The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning.
2003-06-28
2017-07-10
CVE-2003-0472
http://www.securityfocus.com/bid/8027
BID:8027
http://www.osvdb.org/8585
OSVDB:8585
ftp://patches.sgi.com/support/free/security/advisories/20030607-01-P
SGI:20030607-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/12676
XF:irix-inetd-portscan-dos(12676)
CVE-2003-0473
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications.
2003-06-28
2017-07-10
CVE-2003-0473
http://www.securityfocus.com/bid/8029
BID:8029
http://www.osvdb.org/8586
OSVDB:8586
ftp://patches.sgi.com/support/free/security/advisories/20030607-01-P
SGI:20030607-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/12677
XF:irix-snoop-gain-privileges(12677)
CVE-2003-0474
Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475.
2003-06-28
2016-10-17
CVE-2003-0474
http://marc.info/?l=bugtraq&m=105049794801319&w=2
BUGTRAQ:20030416 SFAD03-001: iWeb Mini Web Server Remote Directory Traversal
http://marc.info/?l=bugtraq&m=105673543626636&w=2
BUGTRAQ:20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server
CVE-2003-0475
Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474.
2003-06-28
2016-10-17
CVE-2003-0475
http://marc.info/?l=bugtraq&m=105640001823769&w=2
BUGTRAQ:20030623 TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2
http://marc.info/?l=bugtraq&m=105673543626636&w=2
BUGTRAQ:20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server
CVE-2003-0476
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
2003-06-28
2017-10-09
CVE-2003-0476
http://marc.info/?l=bugtraq&m=105664924024009&w=2
BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
MANDRAKE:MDKSA-2003:074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327
OVAL:oval:org.mitre.oval:def:327
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2003-368.html
REDHAT:RHSA-2003:368
http://www.redhat.com/support/errata/RHSA-2003-408.html
REDHAT:RHSA-2003:408
SUSE:SuSE-SA:2003:034
CVE-2003-0477
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.
2003-06-28
2016-10-17
CVE-2003-0477
http://marc.info/?l=bugtraq&m=105674242105302&w=2
BUGTRAQ:20030627 wzdftpd remote DoS
http://www.wzdftpd.net/changea.html
CONFIRM:http://www.wzdftpd.net/changea.html
CVE-2003-0478
Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.
2003-06-28
2016-10-17
CVE-2003-0478
http://marc.info/?l=bugtraq&m=105665996104723&w=2
BUGTRAQ:20030626 Bahamut IRCd <= 1.4.35 and several derived daemons
http://marc.info/?l=bugtraq&m=105673555726823&w=2
BUGTRAQ:20030627 Bahamut DoS
http://marc.info/?l=bugtraq&m=105673489525906&w=2
BUGTRAQ:20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons
CVE-2003-0479
Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields.
2003-06-28
2016-10-17
CVE-2003-0479
http://marc.info/?l=bugtraq&m=105673452325230&w=2
BUGTRAQ:20030627 WebBBS Guestbook : Cross Site Scripting
CVE-2003-0480
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
2003-06-28
2016-10-17
CVE-2003-0480
http://marc.info/?l=bugtraq&m=105673688529147&w=2
BUGTRAQ:20030627 VMware Workstation 4.0: Possible privilege escalation on the host
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019
CONFIRM:http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019
CVE-2003-0481
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.
2003-06-28
2016-10-17
CVE-2003-0481
http://marc.info/?l=bugtraq&m=105638743109781&w=2
BUGTRAQ:20030623 [KSA-001] Multiple vulnerabilities in Tutos
CVE-2003-0482
TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code.
2003-06-28
2016-10-17
CVE-2003-0482
http://marc.info/?l=bugtraq&m=105638743109781&w=2
BUGTRAQ:20030623 [KSA-001] Multiple vulnerabilities in Tutos
CVE-2003-0483
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php.
2003-06-28
2021-04-29
CVE-2003-0483
http://marc.info/?l=bugtraq&m=105638720409307&w=2
BUGTRAQ:20030623 Many XSS Vulnerabilities in XMB Forum.
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
MISC:https://docs.xmbforum2.com/index.php?title=Security_Issue_History
CVE-2003-0484
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
2003-06-28
2016-10-17
CVE-2003-0484
http://marc.info/?l=bugtraq&m=105639883722514&w=2
BUGTRAQ:20030621 XSS Exploit In phpBB viewtopic.php
CVE-2003-0485
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
2003-06-28
2016-10-17
CVE-2003-0485
http://www.securityfocus.com/bid/7997
BID:7997
http://marc.info/?l=bugtraq&m=105613243117155&w=2
BUGTRAQ:20030620 SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow
CVE-2003-0486
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
2003-06-28
2017-07-10
CVE-2003-0486
http://www.securityfocus.com/bid/7979
BID:7979
http://marc.info/?l=bugtraq&m=105607263130644&w=2
BUGTRAQ:20030619 phpBB password disclosure by sql injection
http://www.phpbb.com/phpBB/viewtopic.php?t=112052
CONFIRM:http://www.phpbb.com/phpBB/viewtopic.php?t=112052
https://exchange.xforce.ibmcloud.com/vulnerabilities/12366
XF:phpbb-viewtopic-sql-injection(12366)
CVE-2003-0487
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
2003-06-28
2017-07-10
CVE-2003-0487
http://www.securityfocus.com/bid/7967
BID:7967
http://marc.info/?l=bugtraq&m=105596982503760&w=2
BUGTRAQ:20030618 Multiple buffer overflows and XSS in Kerio MailServer
http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
MISC:http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/12368
XF:kerio-multiple-modules-bo(12368)
CVE-2003-0488
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
2003-06-28
2017-07-10
CVE-2003-0488
http://www.securityfocus.com/bid/7966
BID:7966
http://www.securityfocus.com/bid/7968
BID:7968
http://marc.info/?l=bugtraq&m=105596982503760&w=2
BUGTRAQ:20030618 Multiple buffer overflows and XSS in Kerio MailServer
http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
MISC:http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/12367
XF:kerio-multiple-modules-xss(12367)
CVE-2003-0489
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
2003-06-28
CVE-2003-0489
http://www.debian.org/security/2003/dsa-330
DEBIAN:DSA-330
CVE-2003-0490
The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
2003-06-28
2016-10-17
CVE-2003-0490
http://marc.info/?l=bugtraq&m=105579526026992&w=2
BUGTRAQ:20030616 Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues
CVE-2003-0491
The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
2003-06-28
2016-10-17
CVE-2003-0491
http://marc.info/?l=vuln-dev&m=105577873506147&w=2
BUGTRAQ:20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module "tutorials"
http://marc.info/?l=vuln-dev&m=105577873506147&w=2
VULN-DEV:20030614 Directory traversal vulnerability on Xoops/E-xoops CMS module "tutorials"
CVE-2003-0492
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.
2003-06-28
2017-07-10
CVE-2003-0492
http://www.securityfocus.com/bid/7922
BID:7922
http://marc.info/?l=bugtraq&m=105578322012128&w=2
BUGTRAQ:20030616 Multiple Vulnerabilities In Snitz Forums
https://exchange.xforce.ibmcloud.com/vulnerabilities/12325
XF:snitz-search-xss(12325)
CVE-2003-0493
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
2003-06-28
2016-10-17
CVE-2003-0493
http://www.securityfocus.com/bid/7924
BID:7924
http://marc.info/?l=bugtraq&m=105578322012128&w=2
BUGTRAQ:20030616 Multiple Vulnerabilities In Snitz Forums
CVE-2003-0494
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
2003-06-28
2017-07-10
CVE-2003-0494
http://www.securityfocus.com/bid/7925
BID:7925
http://marc.info/?l=bugtraq&m=105578322012128&w=2
BUGTRAQ:20030616 Multiple Vulnerabilities In Snitz Forums
https://exchange.xforce.ibmcloud.com/vulnerabilities/12326
XF:snitz-forums-password-reset(12326)
CVE-2003-0495
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item.
2003-06-28
2017-07-10
CVE-2003-0495
http://www.securityfocus.com/bid/7920
BID:7920
http://marc.info/?l=bugtraq&m=105578330812212&w=2
BUGTRAQ:20030615 XSS Vulnerability in LedNews (CGI/Perl) v0.7
https://exchange.xforce.ibmcloud.com/vulnerabilities/12304
XF:lednews-message-xss(12304)
CVE-2003-0496
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
2003-07-10
2016-10-17
CVE-2003-0496
http://www.atstake.com/research/advisories/2003/a070803-1.txt
ATSTAKE:A070803-1
http://marc.info/?l=bugtraq&m=105820282607865&w=2
BUGTRAQ:20030714 @stake named pipe exploit
http://marc.info/?l=bugtraq&m=105830986720243&w=2
BUGTRAQ:20030715 CreateFile exploit, (working)
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0013.html
VULNWATCH:20030709 Pipe Filename Local Privilege Escalation FAQ
CVE-2003-0497
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
2003-07-04
2018-05-05
CVE-2003-0497
https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/
CONFIRM:https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7
IDEFENSE:20030701 Caché Insecure Installation File and Directory Permissions
CVE-2003-0498
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
2003-07-04
2018-05-05
CVE-2003-0498
https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/
CONFIRM:https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7
IDEFENSE:20030701 Caché Insecure Installation File and Directory Permissions
CVE-2003-0499
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
2003-07-04
2016-12-06
CVE-2003-0499
https://www.debian.org/security/2003/dsa-335
DEBIAN:DSA-335
CVE-2003-0500
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
2003-07-04
2005-03-21
CVE-2003-0500
http://www.debian.org/security/2003/dsa-338
DEBIAN:DSA-338
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html
FULLDISC:20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql
CVE-2003-0501
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
2003-07-04
2017-10-09
CVE-2003-0501
http://marc.info/?l=bugtraq&m=105621758104242
BUGTRAQ:20030620 Linux /proc sensitive information disclosure
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328
OVAL:oval:org.mitre.oval:def:328
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2003-239.html
REDHAT:RHSA-2003:239
SUSE:SuSE-SA:2003:034
CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
2003-07-25
2014-11-21
CVE-2003-0502
http://www.rapid7.com/advisories/R7-0015.html
MISC:http://www.rapid7.com/advisories/R7-0015.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
VULNWATCH:20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server
CVE-2003-0503
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
2003-07-04
2016-10-17
CVE-2003-0503
http://marc.info/?l=bugtraq&m=105725489003575&w=2
BUGTRAQ:20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow
http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html
MISC:http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html
http://marc.info/?l=ntbugtraq&m=105724538222772&w=2
NTBUGTRAQ:20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow
CVE-2003-0504
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
2003-07-04
2016-10-17
CVE-2003-0504
http://marc.info/?l=bugtraq&m=105718361607981&w=2
BUGTRAQ:20030702 [KSA-003] Cross Site Scripting Vulnerability in Phpgroupware
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000697
CONECTIVA:CLA-2003:697
http://www.debian.org/security/2003/dsa-365
DEBIAN:DSA-365
http://www.mandriva.com/security/advisories?name=MDKSA-2003:077
MANDRAKE:MDKSA-2003:077
http://www.security-corporation.com/articles-20030702-005.html
MISC:http://www.security-corporation.com/articles-20030702-005.html
CVE-2003-0505
Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
2003-07-04
2016-10-17
CVE-2003-0505
http://www.securityfocus.com/bid/7931
BID:7931
http://marc.info/?l=bugtraq&m=105716650021546&w=2
BUGTRAQ:20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability
CVE-2003-0506
Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
2003-07-04
2016-10-17
CVE-2003-0506
http://marc.info/?l=bugtraq&m=105716650021546&w=2
BUGTRAQ:20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability
CVE-2003-0507
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
2003-07-04
2016-10-17
CVE-2003-0507
http://www.securityfocus.com/bid/7930
BID:7930
http://marc.info/?l=bugtraq&m=105716669921775&w=2
BUGTRAQ:20030702 CORE-2003-0305-03: Active Directory Stack Overflow
http://www.kb.cert.org/vuls/id/594108
CERT-VN:VU#594108
http://support.microsoft.com/default.aspx?kbid=319709
MSKB:Q319709
http://secunia.com/advisories/9171
SECUNIA:9171
CVE-2003-0508
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.
2003-07-04
2016-10-17
CVE-2003-0508
http://marc.info/?l=bugtraq&m=105709569312583&w=2
BUGTRAQ:20030701 [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow
http://marc.info/?l=bugtraq&m=105785749721291&w=2
BUGTRAQ:20030709 Acroread 5.0.7 buffer overflow
CVE-2003-0509
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
2003-07-04
2017-07-10
CVE-2003-0509
http://www.securityfocus.com/bid/14101
BID:14101
http://www.securityfocus.com/bid/14103
BID:14103
http://www.securityfocus.com/bid/14112
BID:14112
http://marc.info/?l=bugtraq&m=105709450711395&w=2
BUGTRAQ:20030701 CyberStrong Shopping Cart - Advisory & Exploit Code
http://www.osvdb.org/10098
OSVDB:10098
http://www.osvdb.org/10099
OSVDB:10099
http://www.osvdb.org/10100
OSVDB:10100
http://securitytracker.com/id?1007092
SECTRACK:1007092
http://secunia.com/advisories/9165
SECUNIA:9165
https://exchange.xforce.ibmcloud.com/vulnerabilities/12485
XF:cyberstrongeshop-multiple-sql-injection(12485)
CVE-2003-0510
Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command.
2003-07-04
2016-10-17
CVE-2003-0510
http://marc.info/?l=bugtraq&m=105709355110281&w=2
BUGTRAQ:20030701 ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.
http://druglord.freelsd.org/ezbounce/
CONFIRM:http://druglord.freelsd.org/ezbounce/
CVE-2003-0511
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
2003-07-29
2017-10-09
CVE-2003-0511
http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml
CISCO:20030728 HTTP GET Vulnerability in AP1x00
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm
MISC:http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5834
OVAL:oval:org.mitre.oval:def:5834
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0055.html
VULNWATCH:20030728 Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability
CVE-2003-0512
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
2003-07-29
2017-10-09
CVE-2003-0512
http://www.kb.cert.org/vuls/id/886796
CERT-VN:VU#886796
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
CISCO:20030724 Enumerating Locally Defined Users in Cisco IOS
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm
MISC:http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5824
OVAL:oval:org.mitre.oval:def:5824
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html
VULNWATCH:20030728 Cisco Aironet AP1100 Valid Account Disclosure Vulnerability
CVE-2003-0513
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
2004-03-16
2004-03-18
CVE-2003-0513
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html
FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html
VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
CVE-2003-0514
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
2004-03-16
2004-03-18
CVE-2003-0514
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html
FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html
VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
CVE-2003-0515
SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.
2003-07-10
CVE-2003-0515
http://www.debian.org/security/2003/dsa-347
DEBIAN:DSA-347
CVE-2003-0516
cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
2003-07-10
2021-06-15
CVE-2003-0516
ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz
CONFIRM:ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz
CVE-2003-0517
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
2003-07-10
2021-06-15
CVE-2003-0517
ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz
CONFIRM:ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz
CVE-2003-0518
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
2003-07-10
2021-06-15
CVE-2003-0518
http://archives.neohapsis.com/archives/bugtraq/2003-07/0034.html
BUGTRAQ:20030704 MacOSX - crash screensaver locked with password and get the desktop back
http://archives.neohapsis.com/archives/bugtraq/2003-07/0187.html
BUGTRAQ:20030715 FIXED: MacOSX - crash screensaver locked with password and get thedesktop back
http://docs.info.apple.com/article.html?artnum=120232
CONFIRM:http://docs.info.apple.com/article.html?artnum=120232
CVE-2003-0519
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.
2003-07-10
2003-07-15
CVE-2003-0519
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006286.html
FULLDISC:20030707 Internet Explorer 6 DoS Bug
CVE-2003-0520
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
2003-07-10
2016-10-17
CVE-2003-0520
http://www.securityfocus.com/bid/8107
BID:8107
http://marc.info/?l=bugtraq&m=105735714318026&w=2
BUGTRAQ:20030704 Trillian Remote DoS
CVE-2003-0521
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
2003-07-10
2016-10-17
CVE-2003-0521
http://marc.info/?l=bugtraq&m=105760556627616&w=2
BUGTRAQ:20030706 cPanel Malicious HTML Tags Injection Vulnerability
CVE-2003-0522
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.
2003-07-10
2016-10-17
CVE-2003-0522
http://marc.info/?l=bugtraq&m=105733145930031&w=2
BUGTRAQ:20030704 Another ProductCart SQL Injection Vulnerability
http://marc.info/?l=bugtraq&m=105760660928715&w=2
BUGTRAQ:20030705 Re: Another ProductCart SQL Injection Vulnerability
CVE-2003-0523
Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter.
2003-07-10
2016-10-17
CVE-2003-0523
http://marc.info/?l=bugtraq&m=105761696706800&w=2
BUGTRAQ:20030705 ProductCart XSS Vulnerability
CVE-2003-0524
Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory.
2003-07-10
2016-10-17
CVE-2003-0524
http://marc.info/?l=bugtraq&m=105769387706906&w=2
BUGTRAQ:20030708 Qt temporary files race condition in Knoppix 3.1
CVE-2003-0525
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
2003-07-25
2018-10-12
CVE-2003-0525
http://www.atstake.com/research/advisories/2003/a072303-1.txt
ATSTAKE:A072303-1
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-029
MS:MS03-029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A319
OVAL:oval:org.mitre.oval:def:319
https://exchange.xforce.ibmcloud.com/vulnerabilities/12701
XF:winnt-file-management-dos(12701)
CVE-2003-0526
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
2003-07-17
2018-10-12
CVE-2003-0526
http://marc.info/?l=bugtraq&m=105838862201266&w=2
BUGTRAQ:20030716 ISA Server - Error Page Cross Site Scripting
http://marc.info/?l=bugtraq&m=105838519729525&w=2
BUGTRAQ:20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
http://pivx.com/larholm/adv/TL006
MISC:http://pivx.com/larholm/adv/TL006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028
MS:MS03-028
http://marc.info/?l=ntbugtraq&m=105838590030409&w=2
NTBUGTRAQ:20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117
OVAL:oval:org.mitre.oval:def:117
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html
VULNWATCH:20030716 ISA Server - Error Page Cross Site Scripting
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html
VULNWATCH:20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
CVE-2003-0527
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0527
CVE-2003-0528
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
2003-09-12
2018-10-12
CVE-2003-0528
http://marc.info/?l=bugtraq&m=106407417011430&w=2
BUGTRAQ:20030920 The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows
http://www.cert.org/advisories/CA-2003-23.html
CERT:CA-2003-23
http://www.kb.cert.org/vuls/id/254236
CERT-VN:VU#254236
http://www.nsfocus.com/english/homepage/research/0306.htm
MISC:http://www.nsfocus.com/english/homepage/research/0306.htm
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039
MS:MS03-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A127
OVAL:oval:org.mitre.oval:def:127
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2884
OVAL:oval:org.mitre.oval:def:2884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2968
OVAL:oval:org.mitre.oval:def:2968
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3966
OVAL:oval:org.mitre.oval:def:3966
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0100.html
VULNWATCH:20030911 NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability
CVE-2003-0529
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0529
CVE-2003-0530
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
2003-08-22
2018-10-12
CVE-2003-0530
http://www.securityfocus.com/bid/8454
BID:8454
http://www.cert.org/advisories/CA-2003-22.html
CERT:CA-2003-22
http://www.kb.cert.org/vuls/id/548964
CERT-VN:VU#548964
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032
MS:MS03-032
http://securitytracker.com/id?1007538
SECTRACK:1007538
http://secunia.com/advisories/9580
SECUNIA:9580
https://exchange.xforce.ibmcloud.com/vulnerabilities/12962
XF:ie-br549-activex-bo(12962)
CVE-2003-0531
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
2003-08-22
2018-10-12
CVE-2003-0531
http://www.securityfocus.com/bid/8457
BID:8457
http://www.cert.org/advisories/CA-2003-22.html
CERT:CA-2003-22
http://www.kb.cert.org/vuls/id/205148
CERT-VN:VU#205148
http://www.lac.co.jp/security/english/snsadv_e/67_e.html
MISC:http://www.lac.co.jp/security/english/snsadv_e/67_e.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032
MS:MS03-032
http://secunia.com/advisories/9580
SECUNIA:9580
https://exchange.xforce.ibmcloud.com/vulnerabilities/12961
XF:ie-cache-script-injection(12961)
CVE-2003-0532
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
2003-08-22
2018-10-12
CVE-2003-0532
http://marc.info/?l=bugtraq&m=106149026621753&w=2
BUGTRAQ:20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability
http://www.kb.cert.org/vuls/id/865940
CERT-VN:VU#865940
http://www.eeye.com/html/Research/Advisories/AD20030820.html
MISC:http://www.eeye.com/html/Research/Advisories/AD20030820.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032
MS:MS03-032
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html
VULNWATCH:20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability
CVE-2003-0533
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
2004-04-16
2018-10-12
CVE-2003-0533
http://www.securityfocus.com/bid/10108
BID:10108
http://marc.info/?l=bugtraq&m=108325860431471&w=2
BUGTRAQ:20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/753212
CERT-VN:VU#753212
http://www.ciac.org/ciac/bulletins/o-114.shtml
CIAC:O-114
http://www.eeye.com/html/Research/Advisories/AD20040413C.html
EEYE:AD20040413C
http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html
FULLDISC:20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883
OVAL:oval:org.mitre.oval:def:883
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898
OVAL:oval:org.mitre.oval:def:898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919
OVAL:oval:org.mitre.oval:def:919
https://exchange.xforce.ibmcloud.com/vulnerabilities/15699
XF:win-lsass-bo(15699)
CVE-2003-0534
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0534
CVE-2003-0535
Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option.
2003-07-10
2005-03-21
CVE-2003-0535
http://www.debian.org/security/2003/dsa-345
DEBIAN:DSA-345
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006386.html
FULLDISC:20030708 Fwd: xbl vulnerabilty
CVE-2003-0536
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
2003-07-10
2016-10-17
CVE-2003-0536
http://marc.info/?l=bugtraq&m=105128606513226&w=2
BUGTRAQ:20030425 Unauthorized reading files on phpSysInfo
http://www.debian.org/security/2003/dsa-346
DEBIAN:DSA-346
http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015
MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015
CVE-2003-0537
The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.
2003-07-10
CVE-2003-0537
http://www.debian.org/security/2003/dsa-341
DEBIAN:DSA-341
CVE-2003-0538
The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.
2003-07-10
CVE-2003-0538
http://www.debian.org/security/2003/dsa-342
DEBIAN:DSA-342
CVE-2003-0539
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.
2003-07-10
2017-10-09
CVE-2003-0539
http://www.debian.org/security/2003/dsa-343
DEBIAN:DSA-343
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28
OVAL:oval:org.mitre.oval:def:28
http://www.redhat.com/support/errata/RHSA-2003-242.html
REDHAT:RHSA-2003:242
CVE-2003-0540
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
2003-08-05
2017-10-09
CVE-2003-0540
http://www.securityfocus.com/bid/8333
BID:8333
http://marc.info/?l=bugtraq&m=106001525130257&w=2
BUGTRAQ:20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
http://www.kb.cert.org/vuls/id/895508
CERT-VN:VU#895508
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717
CONECTIVA:CLA-2003:717
http://www.debian.org/security/2003/dsa-363
DEBIAN:DSA-363
http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html
ENGARDE:ESA-20030804-019
http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html
FULLDISC:20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
http://www.mandriva.com/security/advisories?name=MDKSA-2003:081
MANDRAKE:MDKSA-2003:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A544
OVAL:oval:org.mitre.oval:def:544
http://www.redhat.com/support/errata/RHSA-2003-251.html
REDHAT:RHSA-2003:251
http://secunia.com/advisories/9433
SECUNIA:9433
http://www.novell.com/linux/security/advisories/2003_033_postfix.html
SUSE:SuSE-SA:2003:033
http://marc.info/?l=bugtraq&m=106029188614704&w=2
TRUSTIX:2003-0029
CVE-2003-0541
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
2003-09-12
2017-10-09
CVE-2003-0541
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737
CONECTIVA:CLA-2003:737
http://www.debian.org/security/2005/dsa-710
DEBIAN:DSA-710
http://www.mandriva.com/security/advisories?name=MDKSA-2003:093
MANDRAKE:MDKSA-2003:093
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A148
OVAL:oval:org.mitre.oval:def:148
http://www.redhat.com/support/errata/RHSA-2003-264.html
REDHAT:RHSA-2003:264
CVE-2003-0542
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
2003-10-30
2021-06-06
CVE-2003-0542
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
APPLE:APPLE-SA-2004-01-26
http://www.securityfocus.com/bid/8911
BID:8911
http://www.securityfocus.com/bid/9504
BID:9504
http://www.securityfocus.com/archive/1/342674
BUGTRAQ:20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)
http://marc.info/?l=bugtraq&m=106761802305141&w=2
BUGTRAQ:20031031 GLSA: apache (200310-04)
http://www.kb.cert.org/vuls/id/434566
CERT-VN:VU#434566
http://www.kb.cert.org/vuls/id/549142
CERT-VN:VU#549142
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://httpd.apache.org/dist/httpd/Announcement2.html
CONFIRM:http://httpd.apache.org/dist/httpd/Announcement2.html
http://lists.apple.com/mhonarc/security-announce/msg00045.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP:HPSBOV02683
http://www.securityfocus.com/advisories/6079
HP:HPSBUX0311-301
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HP:SSRT090208
IMMUNIX:IMNX-2003-7+-025-01
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
MANDRAKE:MDKSA-2003:103
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799
OVAL:oval:org.mitre.oval:def:3799
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863
OVAL:oval:org.mitre.oval:def:863
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864
OVAL:oval:org.mitre.oval:def:864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458
OVAL:oval:org.mitre.oval:def:9458
http://www.redhat.com/support/errata/RHSA-2003-320.html
REDHAT:RHSA-2003:320
http://www.redhat.com/support/errata/RHSA-2003-360.html
REDHAT:RHSA-2003:360
http://www.redhat.com/support/errata/RHSA-2003-405.html
REDHAT:RHSA-2003:405
http://www.redhat.com/support/errata/RHSA-2004-015.html
REDHAT:RHSA-2004:015
http://www.redhat.com/support/errata/RHSA-2005-816.html
REDHAT:RHSA-2005:816
SCO:CSSA-2003-SCO.28
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
SCO:SCOSA-2004.6
http://secunia.com/advisories/10096
SECUNIA:10096
http://secunia.com/advisories/10098
SECUNIA:10098
http://secunia.com/advisories/10102
SECUNIA:10102
http://secunia.com/advisories/10112
SECUNIA:10112
http://secunia.com/advisories/10114
SECUNIA:10114
http://secunia.com/advisories/10153
SECUNIA:10153
http://secunia.com/advisories/10260
SECUNIA:10260
http://secunia.com/advisories/10264
SECUNIA:10264
http://secunia.com/advisories/10463
SECUNIA:10463
http://secunia.com/advisories/10580
SECUNIA:10580
http://secunia.com/advisories/10593
SECUNIA:10593
ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc
SGI:20031203-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1
SUNALERT:101444
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
SUNALERT:101841
https://exchange.xforce.ibmcloud.com/vulnerabilities/13400
XF:apache-modalias-modrewrite-bo(13400)
CVE-2003-0543
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
2003-10-01
2017-10-09
CVE-2003-0543
http://www.securityfocus.com/bid/8732
BID:8732
http://www.cert.org/advisories/CA-2003-26.html
CERT:CA-2003-26
http://www.kb.cert.org/vuls/id/255484
CERT-VN:VU#255484
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21247112
http://www.debian.org/security/2003/dsa-393
DEBIAN:DSA-393
http://www.debian.org/security/2003/dsa-394
DEBIAN:DSA-394
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
ENGARDE:ESA-20030930-027
FULLDISC:20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
MISC:http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254
OVAL:oval:org.mitre.oval:def:4254
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292
OVAL:oval:org.mitre.oval:def:5292
http://www.redhat.com/support/errata/RHSA-2003-291.html
REDHAT:RHSA-2003:291
http://www.redhat.com/support/errata/RHSA-2003-292.html
REDHAT:RHSA-2003:292
http://secunia.com/advisories/22249
SECUNIA:22249
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
SUNALERT:201029
VULNWATCH:20030929 Vulnerability Issues in OpenSSL
http://www.vupen.com/english/advisories/2006/3900
VUPEN:ADV-2006-3900
CVE-2003-0544
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
2003-10-01
2017-10-09
CVE-2003-0544
http://www.securityfocus.com/bid/8732
BID:8732
http://www.cert.org/advisories/CA-2003-26.html
CERT:CA-2003-26
http://www.kb.cert.org/vuls/id/380864
CERT-VN:VU#380864
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21247112
http://www.debian.org/security/2003/dsa-393
DEBIAN:DSA-393
http://www.debian.org/security/2003/dsa-394
DEBIAN:DSA-394
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
ENGARDE:ESA-20030930-027
FULLDISC:20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
MISC:http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574
OVAL:oval:org.mitre.oval:def:4574
http://www.redhat.com/support/errata/RHSA-2003-291.html
REDHAT:RHSA-2003:291
http://www.redhat.com/support/errata/RHSA-2003-292.html
REDHAT:RHSA-2003:292
http://secunia.com/advisories/22249
SECUNIA:22249
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
SUNALERT:201029
VULNWATCH:20030929 Vulnerability Issues in OpenSSL
http://www.vupen.com/english/advisories/2006/3900
VUPEN:ADV-2006-3900
https://exchange.xforce.ibmcloud.com/vulnerabilities/43041
XF:openssl-asn1-sslclient-dos(43041)
CVE-2003-0545
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
2003-10-01
2017-10-09
CVE-2003-0545
http://www.securityfocus.com/bid/8732
BID:8732
http://www.cert.org/advisories/CA-2003-26.html
CERT:CA-2003-26
http://www.kb.cert.org/vuls/id/935264
CERT-VN:VU#935264
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21247112
http://www.debian.org/security/2003/dsa-394
DEBIAN:DSA-394
FULLDISC:20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
MISC:http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590
OVAL:oval:org.mitre.oval:def:2590
http://www.redhat.com/support/errata/RHSA-2003-292.html
REDHAT:RHSA-2003:292
http://secunia.com/advisories/22249
SECUNIA:22249
VULNWATCH:20030929 Vulnerability Issues in OpenSSL
http://www.vupen.com/english/advisories/2006/3900
VUPEN:ADV-2006-3900
CVE-2003-0546
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
2003-08-14
2017-10-09
CVE-2003-0546
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631
OVAL:oval:org.mitre.oval:def:631
http://marc.info/?l=bugtraq&m=106036724315539&w=2
REDHAT:RHSA-2003:255
CVE-2003-0547
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
2003-08-22
2017-10-09
CVE-2003-0547
http://marc.info/?l=bugtraq&m=106194792924122&w=2
BUGTRAQ:20030824 [slackware-security] GDM security update (SSA:2003-236-01)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729
CONECTIVA:CLA-2003:729
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
CONFIRM:http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112
OVAL:oval:org.mitre.oval:def:112
http://www.redhat.com/support/errata/RHSA-2003-258.html
REDHAT:RHSA-2003:258
CVE-2003-0548
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
2003-08-22
2017-10-09
CVE-2003-0548
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729
CONECTIVA:CLA-2003:729
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
CONFIRM:http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113
OVAL:oval:org.mitre.oval:def:113
http://www.redhat.com/support/errata/RHSA-2003-258.html
REDHAT:RHSA-2003:258
http://www.redhat.com/support/errata/RHSA-2003-259.html
REDHAT:RHSA-2003:259
CVE-2003-0549
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
2003-08-22
2017-10-09
CVE-2003-0549
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729
CONECTIVA:CLA-2003:729
http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
CONFIRM:http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129
OVAL:oval:org.mitre.oval:def:129
http://www.redhat.com/support/errata/RHSA-2003-258.html
REDHAT:RHSA-2003:258
http://www.redhat.com/support/errata/RHSA-2003-259.html
REDHAT:RHSA-2003:259
CVE-2003-0550
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
2003-07-25
2017-10-09
CVE-2003-0550
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380
OVAL:oval:org.mitre.oval:def:380
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2003-239.html
REDHAT:RHSA-2003:239
CVE-2003-0551
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
2003-07-25
2017-10-09
CVE-2003-0551
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A384
OVAL:oval:org.mitre.oval:def:384
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2003-239.html
REDHAT:RHSA-2003:239
CVE-2003-0552
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
2003-07-25
2017-10-09
CVE-2003-0552
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385
OVAL:oval:org.mitre.oval:def:385
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2003-239.html
REDHAT:RHSA-2003:239
CVE-2003-0553
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
2003-07-15
2016-10-17
CVE-2003-0553
http://marc.info/?l=bugtraq&m=105820193406838&w=2
BUGTRAQ:20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun
http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf
MISC:http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf
CVE-2003-0554
NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports.
2003-07-15
2016-10-17
CVE-2003-0554
http://marc.info/?l=bugtraq&m=105820316708258&w=2
BUGTRAQ:20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006505.html
FULLDISC:20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9
CVE-2003-0555
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
2003-07-15
2016-10-17
CVE-2003-0555
http://marc.info/?l=bugtraq&m=105820576111599&w=2
BUGTRAQ:20030714 ImageMagick's Overflow
CVE-2003-0556
Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
2003-07-15
2016-10-17
CVE-2003-0556
http://marc.info/?l=bugtraq&m=105804648003163&w=2
BUGTRAQ:20030712 DoS - Polycom MGC 25 Control Port
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html
FULLDISC:20030712 DoS - Polycom MGC 25 Control Port
CVE-2003-0557
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
2003-07-15
2016-10-17
CVE-2003-0557
http://marc.info/?l=bugtraq&m=105804683203384&w=2
BUGTRAQ:20030712 ZH2003-3SA (security advisory): Storefront sql injection: users
CVE-2003-0558
Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.
2003-07-15
2016-10-17
CVE-2003-0558
http://marc.info/?l=bugtraq&m=105795219412333&w=2
BUGTRAQ:20030711 LeapFTP remote buffer overflow exploit
CVE-2003-0559
mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code.
2003-07-15
2016-10-17
CVE-2003-0559
http://marc.info/?l=bugtraq&m=105787021803729&w=2
BUGTRAQ:20030710 PHP-Include-Hack-Possibility in phpforum 2 RC-1
CVE-2003-0560
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
2003-07-15
2016-10-17
CVE-2003-0560
http://www.securityfocus.com/bid/8159
BID:8159
http://marc.info/?l=bugtraq&m=105733277731084&w=2
BUGTRAQ:20030704 VPASP SQL Injection Vulnerability & Exploit CODE
CVE-2003-0561
Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands.
2003-07-15
2016-10-17
CVE-2003-0561
http://marc.info/?l=bugtraq&m=105769805311484&w=2
BUGTRAQ:20030707 Multiple Buffer Overflows in IglooFTP PRO
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0010.html
VULNWATCH:20030707 Multiple Buffer Overflows in IglooFTP PRO
CVE-2003-0562
Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.
2003-07-25
2016-10-17
CVE-2003-0562
http://marc.info/?l=bugtraq&m=105897724931665&w=2
BUGTRAQ:20030723 Buffer Overflow in Netware Web Server PERL Handler
http://marc.info/?l=bugtraq&m=105897561229347&w=2
BUGTRAQ:20030723 NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow
http://www.kb.cert.org/vuls/id/185593
CERT-VN:VU#185593
http://support.novell.com/servlet/tidfinder/2966549
CONFIRM:http://support.novell.com/servlet/tidfinder/2966549
http://www.protego.dk/advisories/200301.html
MISC:http://www.protego.dk/advisories/200301.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0041.html
VULNWATCH:20030723 Buffer Overflow in Netware Web Server PERL Handler
CVE-2003-0563
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0563
CVE-2003-0564
Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
2003-11-06
2017-10-09
CVE-2003-0564
http://www.securityfocus.com/bid/8981
BID:8981
http://www.kb.cert.org/vuls/id/428230
CERT-VN:VU#428230
http://marc.info/?l=bugtraq&m=109900315219363&w=2
FEDORA:FLSA:2089
http://marc.info/?l=bugtraq&m=108448379429944&w=2
HP:SSRT4722
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
MANDRAKE:MDKSA-2004:021
http://www.uniras.gov.uk/vuls/2003/006489/smime.htm
MISC:http://www.uniras.gov.uk/vuls/2003/006489/smime.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11462
OVAL:oval:org.mitre.oval:def:11462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A872
OVAL:oval:org.mitre.oval:def:872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A914
OVAL:oval:org.mitre.oval:def:914
http://www.redhat.com/support/errata/RHSA-2004-110.html
REDHAT:RHSA-2004:110
http://www.redhat.com/support/errata/RHSA-2004-112.html
REDHAT:RHSA-2004:112
ftp://patches.sgi.com/support/free/security/advisories/20040402-01-U.asc
SGI:20040402-01-U
https://exchange.xforce.ibmcloud.com/vulnerabilities/13603
XF:smime-asn1-bo(13603)
CVE-2003-0565
Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
2003-11-06
2021-06-15
CVE-2003-0565
http://www.kb.cert.org/vuls/id/927278
CERT-VN:VU#927278
http://www.uniras.gov.uk/vuls/2003/006489/x400.htm
MISC:http://www.uniras.gov.uk/vuls/2003/006489/x400.htm
CVE-2003-0566
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0566
CVE-2003-0567
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
2003-07-25
2017-10-09
CVE-2003-0567
http://www.cert.org/advisories/CA-2003-15.html
CERT:CA-2003-15
http://www.cert.org/advisories/CA-2003-17.html
CERT:CA-2003-17
http://www.kb.cert.org/vuls/id/411332
CERT-VN:VU#411332
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
CISCO:20030717 IOS Interface Blocked by IPv4 Packet
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html
FULLDISC:20030718 (no subject)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603
OVAL:oval:org.mitre.oval:def:5603
CVE-2003-0568
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0568
CVE-2003-0569
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0569
CVE-2003-0570
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0570
CVE-2003-0571
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0571
CVE-2003-0572
Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption).
2003-08-18
2017-07-10
CVE-2003-0572
http://www.osvdb.org/8587
OSVDB:8587
ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
SGI:20030701-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/12635
XF:irix-nsd-map-dos(12635)
CVE-2003-0573
The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact.
2003-08-18
CVE-2003-0573
ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
SGI:20030701-01-P
CVE-2003-0574
Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028.
2003-08-18
CVE-2003-0574
ftp://patches.sgi.com/support/free/security/advisories/20030702-01-P
SGI:20030702-01-P
CVE-2003-0575
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.
2003-08-01
2017-07-10
CVE-2003-0575
http://www.securityfocus.com/bid/8304
BID:8304
http://marc.info/?l=bugtraq&m=105958240709302&w=2
BUGTRAQ:20030730 [LSD] IRIX nsd remote buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/682900
CERT-VN:VU#682900
http://www.ciac.org/ciac/bulletins/n-130.shtml
CIAC:N-130
http://www.osvdb.org/2337
OSVDB:2337
http://secunia.com/advisories/9390
SECUNIA:9390
ftp://patches.sgi.com/support/free/security/advisories/20030704-01-P
SGI:20030704-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/12763
XF:irix-authunix-nsd-bo(12763)
CVE-2003-0576
Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619.
2003-08-15
2003-08-21
CVE-2003-0576
ftp://patches.sgi.com/support/free/security/advisories/20030801-01-P
SGI:20030801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20030801-02-P
SGI:20030801-02-P
CVE-2003-0577
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
2003-07-17
2003-07-29
CVE-2003-0577
http://www.securityfocus.com/bid/6629
BID:6629
http://www.securityfocus.com/archive/1/306903
BUGTRAQ:20030116 Re[2]: Local/remote mpg123 exploit
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695
CONECTIVA:CLA-2003:695
http://www.mandriva.com/security/advisories?name=MDKSA-2003:078
MANDRAKE:MDKSA-2003:078
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt
SCO:CSSA-2004-002.0
http://secunia.com/advisories/7875
SECUNIA:7875
CVE-2003-0578
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
2003-07-17
2016-10-17
CVE-2003-0578
http://marc.info/?l=bugtraq&m=105839150004682&w=2
BUGTRAQ:20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html
VULNWATCH:20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root
CVE-2003-0579
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.
2003-07-17
2016-10-17
CVE-2003-0579
http://marc.info/?l=bugtraq&m=105838948002337&w=2
BUGTRAQ:20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0026.html
VULNWATCH:20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh
CVE-2003-0580
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument.
2003-07-17
2016-10-17
CVE-2003-0580
http://marc.info/?l=bugtraq&m=105839042603476&w=2
BUGTRAQ:20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0028.html
VULNWATCH:20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows
CVE-2003-0581
X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access.
2003-07-25
2016-10-17
CVE-2003-0581
http://marc.info/?l=bugtraq&m=105829691405446&w=2
BUGTRAQ:20030714 xfstt-1.4 vulnerability
http://www.debian.org/security/2003/dsa-360
DEBIAN:DSA-360
CVE-2003-0582
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-07-25
2003-07-25
CVE-2003-0582
CVE-2003-0583
Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument.
2016-10-17
2016-10-17
CVE-2003-0583
http://marc.info/?l=bugtraq&m=105846288808846&w=2
BUGTRAQ:20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues
CVE-2003-0584
Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.
2016-10-17
2016-10-17
CVE-2003-0584
http://marc.info/?l=bugtraq&m=105846288808846&w=2
BUGTRAQ:20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues
CVE-2003-0585
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
2016-10-17
2016-10-17
CVE-2003-0585
http://marc.info/?l=bugtraq&m=105845898003616&w=2
BUGTRAQ:20030717 eStore SQL Injection Vulnerability & Path Disclosure
CVE-2003-0586
Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php.
2016-10-17
2016-10-17
CVE-2003-0586
http://marc.info/?l=bugtraq&m=105845898003616&w=2
BUGTRAQ:20030717 eStore SQL Injection Vulnerability & Path Disclosure
CVE-2003-0587
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
2016-10-17
2016-10-17
CVE-2003-0587
http://marc.info/?l=bugtraq&m=105839276105934&w=2
BUGTRAQ:20030716 Changing UBB cookie allows account hijack
CVE-2003-0588
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
2016-10-17
2016-10-17
CVE-2003-0588
http://marc.info/?l=bugtraq&m=105839007002993&w=2
BUGTRAQ:20030716 Digi-news and Digi-ads version 1.1 admin access without password
CVE-2003-0589
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
2016-10-17
2016-10-17
CVE-2003-0589
http://marc.info/?l=bugtraq&m=105839007002993&w=2
BUGTRAQ:20030716 Digi-news and Digi-ads version 1.1 admin access without password
CVE-2003-0590
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
2016-10-17
2016-10-17
CVE-2003-0590
http://marc.info/?l=bugtraq&m=105830019209609&w=2
BUGTRAQ:20030715 Splatt Forum html injection code in post icon
http://members.fortunecity.it/lethalman2002/bugs/splatt.html
MISC:http://members.fortunecity.it/lethalman2002/bugs/splatt.html
CVE-2003-0591
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a duplicate number that was created during the refinement phase. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-07-25
2005-02-06
CVE-2003-0591
CVE-2003-0592
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
2004-03-16
2017-10-09
CVE-2003-0592
http://www.debian.org/security/2004/dsa-459
DEBIAN:DSA-459
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html
FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
http://www.mandriva.com/security/advisories?name=MDKSA-2004:022
MANDRAKE:MDKSA-2004:022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A823
OVAL:oval:org.mitre.oval:def:823
http://www.redhat.com/support/errata/RHSA-2004-074.html
REDHAT:RHSA-2004:074
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html
VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
CVE-2003-0593
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
2004-03-16
2004-03-18
CVE-2003-0593
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html
FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html
VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
CVE-2003-0594
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
2004-03-16
2017-10-09
CVE-2003-0594
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html
FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
MANDRAKE:MDKSA-2004:021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873
OVAL:oval:org.mitre.oval:def:873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917
OVAL:oval:org.mitre.oval:def:917
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826
OVAL:oval:org.mitre.oval:def:9826
http://www.redhat.com/support/errata/RHSA-2004-112.html
REDHAT:RHSA-2004:112
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html
VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
CVE-2003-0595
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
2003-07-25
CVE-2003-0595
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0038.html
VULNWATCH:20030718 Witango & Tango 2000 Application Server Remote System Buffer Overrun
CVE-2003-0596
FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time.
2003-07-25
2016-12-06
CVE-2003-0596
http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219
https://www.debian.org/security/2003/dsa-352
DEBIAN:DSA-352
CVE-2003-0597
Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.
2003-07-25
2016-10-17
CVE-2003-0597
http://marc.info/?l=bugtraq&m=105889063714201&w=2
SCO:CSSA-2003-SCO-11
CVE-2003-0598
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-08-14
2004-08-20
CVE-2003-0598
CVE-2003-0599
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
2003-07-25
2003-08-14
CVE-2003-0599
http://mail.gnu.org/archive/html/phpgroupware-users/2003-07/msg00035.html
CONFIRM:http://mail.gnu.org/archive/html/phpgroupware-users/2003-07/msg00035.html
http://www.phpgroupware.org
CONFIRM:http://www.phpgroupware.org
http://www.debian.org/security/2003/dsa-365
DEBIAN:DSA-365
CVE-2003-0600
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0600
CVE-2003-0601
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
2004-03-10
2017-07-10
CVE-2003-0601
http://www.securityfocus.com/bid/8266
BID:8266
http://docs.info.apple.com/article.html?artnum=25631
CONFIRM:http://docs.info.apple.com/article.html?artnum=25631
https://exchange.xforce.ibmcloud.com/vulnerabilities/12728
XF:macos-workgroup-gain-access(12728)
CVE-2003-0602
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
2003-07-29
2021-06-15
CVE-2003-0602
http://www.securityfocus.com/bid/6861
BID:6861
http://www.securityfocus.com/bid/6868
BID:6868
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653
CONECTIVA:CLA-2003:653
http://www.bugzilla.org/security/2.16.2/
CONFIRM:http://www.bugzilla.org/security/2.16.2/
CVE-2003-0603
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
2003-07-29
2021-06-15
CVE-2003-0603
http://www.securityfocus.com/bid/7412
BID:7412
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653
CONECTIVA:CLA-2003:653
http://www.bugzilla.org/security/2.16.2/
CONFIRM:http://www.bugzilla.org/security/2.16.2/
CVE-2003-0604
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
2003-07-29
2016-10-17
CVE-2003-0604
http://marc.info/?l=bugtraq&m=105899261818572&w=2
BUGTRAQ:20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
http://marc.info/?l=bugtraq&m=105906867322856&w=2
BUGTRAQ:20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
http://www.malware.com/once.again%21.html
MISC:http://www.malware.com/once.again!.html
http://www.pivx.com/larholm/unpatched/
MISC:http://www.pivx.com/larholm/unpatched/
http://marc.info/?l=ntbugtraq&m=105899408520292&w=2
NTBUGTRAQ:20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
http://marc.info/?l=ntbugtraq&m=105906261314411&w=2
NTBUGTRAQ:20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !
CVE-2003-0605
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
2003-07-29
2018-10-12
CVE-2003-0605
http://marc.info/?l=bugtraq&m=105880332428706&w=2
BUGTRAQ:20030720 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability
http://www.cert.org/advisories/CA-2003-19.html
CERT:CA-2003-19
http://www.cert.org/advisories/CA-2003-23.html
CERT:CA-2003-23
http://www.kb.cert.org/vuls/id/326746
CERT-VN:VU#326746
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006851.html
FULLDISC:20030721 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039
MS:MS03-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1118
OVAL:oval:org.mitre.oval:def:1118
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A494
OVAL:oval:org.mitre.oval:def:494
CVE-2003-0606
sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
2003-08-01
CVE-2003-0606
http://www.debian.org/security/2003/dsa-353
DEBIAN:DSA-353
CVE-2003-0607
Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the (1) USER or (2) DISPLAY environment variables.
2004-03-10
2017-07-10
CVE-2003-0607
http://www.securityfocus.com/bid/8307
BID:8307
http://www.debian.org/security/2003/dsa-354
DEBIAN:DSA-354
https://exchange.xforce.ibmcloud.com/vulnerabilities/12765
XF:xconq-user-display-bo(12765)
CVE-2003-0608
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0608
CVE-2003-0609
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
2003-08-01
2017-10-09
CVE-2003-0609
http://marc.info/?l=bugtraq&m=105951760418667&w=2
BUGTRAQ:20030729 Solaris ld.so.1 buffer overflow
http://www.idefense.com/advisory/07.29.03.txt
IDEFENSE:20030729 Buffer Overflow in Sun Solaris Runtime Linker
http://www.osvdb.org/8722
OSVDB:8722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3601
OVAL:oval:org.mitre.oval:def:3601
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55680
SUNALERT:55680
https://exchange.xforce.ibmcloud.com/vulnerabilities/12755
XF:sun-ldso1-ldpreload-bo(12755)
CVE-2003-0610
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
2003-08-01
2021-06-15
CVE-2003-0610
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CVE-2003-0611
Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable.
2003-08-01
2003-08-05
CVE-2003-0611
http://www.securityfocus.com/bid/8312
BID:8312
http://www.debian.org/security/2003/dsa-356
DEBIAN:DSA-356
CVE-2003-0612
Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin.
2004-03-10
2017-07-10
CVE-2003-0612
http://www.securityfocus.com/bid/9893
BID:9893
http://www.securityfocus.com/archive/1/357601
BUGTRAQ:20040315 Crafty Game Stack Overflow & Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203541
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203541
http://packages.debian.org/changelogs/pool/non-free/c/crafty/crafty_19.15-1/changelog.txt
CONFIRM:http://packages.debian.org/changelogs/pool/non-free/c/crafty/crafty_19.15-1/changelog.txt
http://securitytracker.com/id?1009393
SECTRACK:1009393
http://securitytracker.com/id?1009398
SECTRACK:1009398
http://secunia.com/advisories/9577/
SECUNIA:9577
https://exchange.xforce.ibmcloud.com/vulnerabilities/15501
XF:crafty-command-line-bo(15501)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13017
XF:crafty-long-argument-bo(13017)
CVE-2003-0613
Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file.
2003-08-14
CVE-2003-0613
http://www.debian.org/security/2003/dsa-369
DEBIAN:DSA-369
CVE-2003-0614
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
2003-08-01
2018-10-19
CVE-2003-0614
http://www.securityfocus.com/archive/1/330676
BUGTRAQ:20030727 Gallery XSS security advisory (with fix and patch instructions)
http://marc.info/?l=bugtraq&m=106252092421469&w=2
BUGTRAQ:20030902 GLSA: gallery (200309-06)
http://www.securityfocus.com/archive/1/348641/30/21790/threaded
BUGTRAQ:20040101 Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0
http://www.debian.org/security/2003/dsa-355
DEBIAN:DSA-355
CVE-2003-0615
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
2003-08-01
2017-10-09
CVE-2003-0615
http://www.securityfocus.com/bid/8231
BID:8231
http://marc.info/?l=bugtraq&m=105880349328877&w=2
BUGTRAQ:20030720 CGI.pm vulnerable to Cross-site Scripting
http://marc.info/?l=bugtraq&m=106018783704468&w=2
BUGTRAQ:20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)
http://www.kb.cert.org/vuls/id/246409
CERT-VN:VU#246409
http://www.ciac.org/ciac/bulletins/n-155.shtml
CIAC:N-155
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
CONECTIVA:CLA-2003:713
http://www.debian.org/security/2003/dsa-371
DEBIAN:DSA-371
http://marc.info/?l=full-disclosure&m=105875211018698&w=2
FULLDISC:20030720 CGI.pm vulnerable to Cross-site Scripting.
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
MANDRAKE:MDKSA-2003:084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
OVAL:oval:org.mitre.oval:def:307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470
OVAL:oval:org.mitre.oval:def:470
http://www.redhat.com/support/errata/RHSA-2003-256.html
REDHAT:RHSA-2003:256
SCO:CSSA-2003-SCO.30
http://securitytracker.com/id?1007234
SECTRACK:1007234
http://secunia.com/advisories/13638
SECUNIA:13638
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
SUNALERT:101426
https://exchange.xforce.ibmcloud.com/vulnerabilities/12669
XF:cgi-startform-xss(12669)
CVE-2003-0616
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
2003-08-01
2021-06-15
CVE-2003-0616
http://www.atstake.com/research/advisories/2003/a073103-1.txt
ATSTAKE:A073103-1
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
CVE-2003-0617
mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
2003-08-05
2016-10-17
CVE-2003-0617
http://marc.info/?l=bugtraq&m=106252097421549&w=2
BUGTRAQ:20030902 GLSA: mindi (200309-05)
http://www.debian.org/security/2003/dsa-362
DEBIAN:DSA-362
CVE-2003-0618
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.
2004-03-25
2017-07-10
CVE-2003-0618
http://www.securityfocus.com/bid/9543
BID:9543
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426
http://www.debian.org/security/2004/dsa-431
DEBIAN:DSA-431
https://exchange.xforce.ibmcloud.com/vulnerabilities/15012
XF:suidperl-obtain-information(15012)
CVE-2003-0619
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.
2003-08-01
2017-10-09
CVE-2003-0619
http://marc.info/?l=bugtraq&m=105950927708272&w=2
BUGTRAQ:20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine.
http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A386
OVAL:oval:org.mitre.oval:def:386
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.redhat.com/support/errata/RHSA-2003-239.html
REDHAT:RHSA-2003:239
CVE-2003-0620
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
2003-08-01
2016-10-17
CVE-2003-0620
http://marc.info/?l=bugtraq&m=105951284512898&w=2
BUGTRAQ:20030729 man-db[] multiple(4) vulnerabilities.
http://marc.info/?l=bugtraq&m=105960276803617&w=2
BUGTRAQ:20030730 Re: man-db[] multiple(4) vulnerabilities.
http://www.debian.org/security/2003/dsa-364
DEBIAN:DSA-364
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
2003-11-05
2017-07-10
CVE-2003-0621
http://www.securityfocus.com/bid/8931
BID:8931
http://marc.info/?l=bugtraq&m=106762000607681&w=2
BUGTRAQ:20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/13559
XF:bea-tuxedo-file-disclosure(13559)
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
2003-11-05
2017-07-10
CVE-2003-0622
http://www.securityfocus.com/bid/8931
BID:8931
http://marc.info/?l=bugtraq&m=106762000607681&w=2
BUGTRAQ:20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/13560
XF:bea-tuxedo-device-dos(13560)
CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
2003-11-05
2017-07-10
CVE-2003-0623
http://www.securityfocus.com/bid/8931
BID:8931
http://marc.info/?l=bugtraq&m=106762000607681&w=2
BUGTRAQ:20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/13561
XF:bea-tuxedo-filename-xss(13561)
CVE-2003-0624
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.
2003-11-05
2017-07-10
CVE-2003-0624
http://www.securityfocus.com/bid/8938
BID:8938
http://marc.info/?l=bugtraq&m=106761926906781&w=2
BUGTRAQ:20031031 Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
MISC:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/13568
XF:bea-weblogic-interactivequery-xss(13568)
CVE-2003-0625
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
2003-08-01
2016-10-17
CVE-2003-0625
http://www.securityfocus.com/bid/8255
BID:8255
http://marc.info/?l=bugtraq&m=105941103709264&w=2
BUGTRAQ:20030727 [PAPER]: Address relay fingerprinting.
http://developer.berlios.de/forum/forum.php?forum_id=2819
CONFIRM:http://developer.berlios.de/forum/forum.php?forum_id=2819
http://www.debian.org/security/2003/dsa-360
DEBIAN:DSA-360
CVE-2003-0626
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments.
2005-04-14
2017-07-10
CVE-2003-0626
http://www.auscert.org.au/render.html?it=3610
AUSCERT:ESB-2003.0786
http://www.securityfocus.com/bid/9037
BID:9037
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html
FULLDISC:20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
http://www.secunia.com/advisories/10225/
SECUNIA:10225
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html
VULNWATCH:20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
https://exchange.xforce.ibmcloud.com/vulnerabilities/13754
XF:peoplesoft-searchcgi-directory-traversal(13754)
CVE-2003-0627
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.
2005-04-14
2017-07-10
CVE-2003-0627
http://www.securityfocus.com/bid/9038
BID:9038
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html
FULLDISC:20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
http://www.secunia.com/advisories/10225/
SECUNIA:10225
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html
VULNWATCH:20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
https://exchange.xforce.ibmcloud.com/vulnerabilities/13754
XF:peoplesoft-searchcgi-directory-traversal(13754)
CVE-2003-0628
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.
2003-11-18
2016-10-17
CVE-2003-0628
http://marc.info/?l=bugtraq&m=106874146204158&w=2
BUGTRAQ:20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue
CVE-2003-0629
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript.
2003-11-18
2016-10-17
CVE-2003-0629
http://marc.info/?l=bugtraq&m=106874146204158&w=2
BUGTRAQ:20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue
CVE-2003-0630
Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument.
2003-09-04
2016-10-17
CVE-2003-0630
http://marc.info/?l=bugtraq&m=106252128221901&w=2
BUGTRAQ:20030902 GLSA: atari800 (200309-07)
http://www.debian.org/security/2003/dsa-359
DEBIAN:DSA-359
CVE-2003-0631
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
2003-08-02
2016-10-17
CVE-2003-0631
http://marc.info/?l=bugtraq&m=105899875225268&w=2
BUGTRAQ:20030723 VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems)
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
CONFIRM:http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
CVE-2003-0632
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
2003-08-02
2016-10-17
CVE-2003-0632
http://marc.info/?l=bugtraq&m=105906721920776&w=2
BUGTRAQ:20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow
http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf
CVE-2003-0633
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key.
2003-08-02
2016-10-17
CVE-2003-0633
http://www.securityfocus.com/bid/8268
BID:8268
http://marc.info/?l=bugtraq&m=105906689120237&w=2
BUGTRAQ:20030724 Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure
http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf
CVE-2003-0634
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
2003-08-02
2017-07-10
CVE-2003-0634
http://www.securityfocus.com/bid/8267
BID:8267
http://marc.info/?l=bugtraq&m=105914979629857&w=2
BUGTRAQ:20030725 Oracle Extproc Buffer Overflow (#NISR25072003)
http://marc.info/?l=bugtraq&m=105916455814904&w=2
BUGTRAQ:20030725 question about oracle advisory
http://www.kb.cert.org/vuls/id/936868
CERT-VN:VU#936868
http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf
http://marc.info/?l=ntbugtraq&m=105915485303327&w=2
NTBUGTRAQ:20030725 Oracle Extproc Buffer Overflow (#NISR25072003)
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html
VULNWATCH:20030912 Update to the Oracle EXTPROC advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/12721
XF:oracle-extproc-bo(12721)
CVE-2003-0635
Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.
2003-08-02
2016-10-17
CVE-2003-0635
http://marc.info/?l=bugtraq&m=105492852131747&w=2
BUGTRAQ:20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CVE-2003-0636
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
2003-08-02
2021-06-15
CVE-2003-0636
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CVE-2003-0637
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
2003-08-02
2021-06-15
CVE-2003-0637
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CVE-2003-0638
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."
2003-08-02
2016-10-17
CVE-2003-0638
http://marc.info/?l=bugtraq&m=105492852131747&w=2
BUGTRAQ:20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a
http://marc.info/?l=bugtraq&m=105492847631711&w=2
BUGTRAQ:20030606 NOVL-2003-2966207 - iChain 2.1 Field Patch 3
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CVE-2003-0639
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.
2003-08-02
2016-10-17
CVE-2003-0639
http://marc.info/?l=bugtraq&m=105492852131747&w=2
BUGTRAQ:20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
CVE-2003-0640
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
2003-08-02
2005-01-20
CVE-2003-0640
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
http://www.secunia.com/advisories/9232/
SECUNIA:9232
CVE-2003-0641
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess.
2003-08-02
2017-07-10
CVE-2003-0641
http://www.securityfocus.com/bid/8222
BID:8222
http://marc.info/?l=bugtraq&m=105848106631132&w=2
BUGTRAQ:20030717 Bypassing ServerLock protection on Windows 2000
http://www.osvdb.org/6578
OSVDB:6578
http://secunia.com/advisories/9310
SECUNIA:9310
https://exchange.xforce.ibmcloud.com/vulnerabilities/12665
XF:serverlock-openprocess-load-module(12665)
CVE-2003-0642
WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory.
2003-08-02
2017-07-10
CVE-2003-0642
http://www.securityfocus.com/bid/8223
BID:8223
http://marc.info/?l=bugtraq&m=105848106631132&w=2
BUGTRAQ:20030717 Bypassing ServerLock protection on Windows 2000
http://secunia.com/advisories/9310
SECUNIA:9310
https://exchange.xforce.ibmcloud.com/vulnerabilities/12666
XF:serverlock-physicalmemory-symlink(12666)
CVE-2003-0643
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).
2005-04-15
2006-12-11
CVE-2003-0643
http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog
CONFIRM:http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog
http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog
CONFIRM:http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog
http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
CONFIRM:http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf
http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch
MISC:http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch
http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch
MISC:http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch
http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml
MISC:http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml
http://secunia.com/advisories/23265
SECUNIA:23265
CVE-2003-0644
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.
2005-04-15
2006-03-20
CVE-2003-0644
http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2
CONFIRM:http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2
http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html
MLIST:[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)
http://www.redhat.com/support/errata/RHSA-2005-416.html
REDHAT:RHSA-2005:416
CVE-2003-0645
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
2003-08-14
2017-07-10
CVE-2003-0645
http://www.securityfocus.com/bid/8352
BID:8352
http://marc.info/?l=bugtraq&m=106018504800341&w=2
BUGTRAQ:20030806 man-db[v2.4.1-]: open_cat_stream() privileged call exploit.
http://www.debian.org/security/2003/dsa-364
DEBIAN:DSA-364
https://exchange.xforce.ibmcloud.com/vulnerabilities/12848
XF:mandb-opencatstream-gain-privileges(12848)
CVE-2003-0646
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings.
2003-08-05
2005-03-21
CVE-2003-0646
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274
CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006488.html
FULLDISC:20030711 Trend Micro ActiveX Multiple Overflows
CVE-2003-0647
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
2003-08-05
CVE-2003-0647
http://www.kb.cert.org/vuls/id/579324
CERT-VN:VU#579324
http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml
CISCO:20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software
CVE-2003-0648
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
2004-04-06
2017-07-10
CVE-2003-0648
http://www.securityfocus.com/bid/10041
BID:10041
http://www.kb.cert.org/vuls/id/354838
CERT-VN:VU#354838
http://www.kb.cert.org/vuls/id/900964
CERT-VN:VU#900964
http://www.debian.org/security/2004/dsa-472
DEBIAN:DSA-472
http://securitytracker.com/id?1009655
SECTRACK:1009655
http://securitytracker.com/id?1009656
SECTRACK:1009656
http://secunia.com/advisories/11290
SECUNIA:11290
https://exchange.xforce.ibmcloud.com/vulnerabilities/15726
XF:ftetexteditor-vfte-bo(15726)
CVE-2003-0649
Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
2003-08-14
2004-06-08
CVE-2003-0649
http://www.debian.org/security/2003/dsa-368
DEBIAN:DSA-368
http://www.mandriva.com/security/advisories?name=MDKSA-2004:053
MANDRAKE:MDKSA-2004:053
CVE-2003-0650
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.
2003-08-05
2016-10-17
CVE-2003-0650
http://www.securityfocus.com/bid/8309
BID:8309
http://marc.info/?l=bugtraq&m=105958779017085&w=2
BUGTRAQ:20030730 GameSpy Arcade Arbitrary File Writing Vulnerability
http://www.gamespyarcade.com/features/versions.shtml
MISC:http://www.gamespyarcade.com/features/versions.shtml
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0064.html
VULNWATCH:20030730 GameSpy Arcade Arbitrary File Writing Vulnerability
CVE-2003-0651
Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
2003-08-05
CVE-2003-0651
http://www.securityfocus.com/bid/8287
BID:8287
http://archives.neohapsis.com/archives/bugtraq/2003-07/0355.html
BUGTRAQ:20030728 Remotely exploitable overflow in mod_mylo for Apache
CVE-2003-0652
Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611.
2003-08-05
2016-10-17
CVE-2003-0652
http://marc.info/?l=bugtraq&m=106001473329625&w=2
BUGTRAQ:20030803 xtokkaetama[v1.0b+]: (missed) buffer overflow exploit.
http://www.debian.org/security/2003/dsa-367
DEBIAN:DSA-367
CVE-2003-0653
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
2003-08-05
CVE-2003-0653
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-010.txt.asc
NETBSD:NetBSD-SA2003-010
CVE-2003-0654
Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
2003-08-21
CVE-2003-0654
http://www.debian.org/security/2003/dsa-373
DEBIAN:DSA-373
CVE-2003-0655
rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges.
2003-08-05
2016-10-17
CVE-2003-0655
http://marc.info/?l=bugtraq&m=105978381618095&w=2
BUGTRAQ:20030801 SRT2003-08-01-0126 - cdrtools local root exploit
http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt
MISC:http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt
CVE-2003-0656
eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.
2003-08-14
2016-10-17
CVE-2003-0656
http://marc.info/?l=bugtraq&m=106252649028401&w=2
BUGTRAQ:20030902 GLSA: eroaster (200309-04)
http://www.debian.org/security/2003/dsa-366
DEBIAN:DSA-366
http://www.mandriva.com/security/advisories?name=MDKSA-2003:083
MANDRAKE:MDKSA-2003:083
CVE-2003-0657
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
2003-08-14
CVE-2003-0657
http://www.debian.org/security/2003/dsa-365
DEBIAN:DSA-365
CVE-2003-0658
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
2003-09-03
2022-08-17
CVE-2003-0658
CALDERA:CSSA-2003-016.0
CALDERA:CSSA-2003-018.0
CALDERA:CSSA-2003-021.0
CALDERA:CSSA-2003-022.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658
MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658
CVE-2003-0659
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
2003-10-17
2018-10-12
CVE-2003-0659
http://www.securityfocus.com/bid/8827
BID:8827
http://marc.info/?l=bugtraq&m=106631999907035&w=2
BUGTRAQ:20031016 Listbox And Combobox Control Buffer Overflow
http://www.cert.org/advisories/CA-2003-27.html
CERT:CA-2003-27
http://www.kb.cert.org/vuls/id/967668
CERT-VN:VU#967668
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-045
MS:MS03-045
http://marc.info/?l=ntbugtraq&m=106632111408343&w=2
NTBUGTRAQ:20031016 Listbox And Combobox Control Buffer Overflow
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A201
OVAL:oval:org.mitre.oval:def:201
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A340
OVAL:oval:org.mitre.oval:def:340
https://exchange.xforce.ibmcloud.com/vulnerabilities/13424
XF:win-user32-control-bo(13424)
CVE-2003-0660
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
2003-10-17
2018-10-12
CVE-2003-0660
http://www.securityfocus.com/bid/8830
BID:8830
http://www.cert.org/advisories/CA-2003-27.html
CERT:CA-2003-27
http://www.kb.cert.org/vuls/id/838572
CERT-VN:VU#838572
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-041
MS:MS03-041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A185
OVAL:oval:org.mitre.oval:def:185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A198
OVAL:oval:org.mitre.oval:def:198
https://exchange.xforce.ibmcloud.com/vulnerabilities/13422
XF:win-authenticode-code-execution(13422)
CVE-2003-0661
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
2003-09-04
2018-10-12
CVE-2003-0661
http://www.kb.cert.org/vuls/id/989932
CERT-VN:VU#989932
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-034
MS:MS03-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3483
OVAL:oval:org.mitre.oval:def:3483
CVE-2003-0662
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
2003-10-17
2018-10-12
CVE-2003-0662
http://www.securityfocus.com/bid/8833
BID:8833
http://www.cert.org/advisories/CA-2003-27.html
CERT:CA-2003-27
http://www.kb.cert.org/vuls/id/989932
CERT-VN:VU#989932
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012205.html
FULLDISC:20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-042
MS:MS03-042
http://marc.info/?l=ntbugtraq&m=106632192709608&w=2
NTBUGTRAQ:20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A237
OVAL:oval:org.mitre.oval:def:237
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0015.html
VULNWATCH:20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/13423
XF:win2k-local-troubleshooter-bo(13423)
CVE-2003-0663
Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
2004-04-16
2018-10-12
CVE-2003-0663
http://www.securityfocus.com/bid/10114
BID:10114
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/639428
CERT-VN:VU#639428
http://www.ciac.org/ciac/bulletins/o-114.shtml
CIAC:O-114
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1016
OVAL:oval:org.mitre.oval:def:1016
https://exchange.xforce.ibmcloud.com/vulnerabilities/15700
XF:win2k-lsass-ldap-dos(15700)
CVE-2003-0664
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
2003-09-04
2018-10-12
CVE-2003-0664
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-035
MS:MS03-035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A188
OVAL:oval:org.mitre.oval:def:188
CVE-2003-0665
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
2003-09-04
2018-10-12
CVE-2003-0665
http://www.securityfocus.com/bid/8536
BID:8536
http://www.kb.cert.org/vuls/id/992132
CERT-VN:VU#992132
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-038
MS:MS03-038
http://secunia.com/advisories/9668
SECUNIA:9668
CVE-2003-0666
Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
2003-09-04
2018-10-12
CVE-2003-0666
http://marc.info/?l=bugtraq&m=106261952827573&w=2
BUGTRAQ:20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow
http://marc.info/?l=bugtraq&m=106279971612961&w=2
BUGTRAQ:20030905 Microsoft WordPerfect Document Converter Exploit
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-036
MS:MS03-036
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0092.html
VULNWATCH:20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow
CVE-2003-0667
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0667
CVE-2003-0668
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0668
CVE-2003-0669
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
2003-08-14
2017-10-09
CVE-2003-0669
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4561
OVAL:oval:org.mitre.oval:def:4561
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47353
SUNALERT:47353
CVE-2003-0670
Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow.
2003-08-14
CVE-2003-0670
http://www.atstake.com/research/advisories/2003/a080703-1.txt
ATSTAKE:A080703-1
CVE-2003-0671
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
2003-08-14
CVE-2003-0671
http://www.atstake.com/research/advisories/2003/a080703-1.txt
ATSTAKE:A080703-1
http://www.atstake.com/research/advisories/2003/a080703-2.txt
ATSTAKE:A080703-2
CVE-2003-0672
Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
2003-08-14
CVE-2003-0672
http://www.debian.org/security/2003/dsa-370
DEBIAN:DSA-370
CVE-2003-0676
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
2003-08-14
2016-10-17
CVE-2003-0676
http://marc.info/?l=bugtraq&m=106036588613929&w=2
BUGTRAQ:20030808 Directory Traversal in Sun iPlanet Administration Server 5.1
CVE-2003-0677
Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure."
2003-08-14
CVE-2003-0677
http://www.securityfocus.com/archive/1/332284
BUGTRAQ:20030807 Cisco CSS 11000 Series DoS
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0079.html
BUGTRAQ:20030808 Re: [VulnWatch] Cisco CSS 11000 Series DoS
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0073.html
VULNWATCH:20030807 Cisco CSS 11000 Series DoS
CVE-2003-0678
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0678
CVE-2003-0679
Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files.
2003-08-15
CVE-2003-0679
ftp://patches.sgi.com/support/free/security/advisories/20030802-01-P
SGI:20030802-01-P
CVE-2003-0680
Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions.
2003-09-18
CVE-2003-0680
ftp://patches.sgi.com/support/free/security/advisories/20030901-01-P
SGI:20030901-01-P
CVE-2003-0681
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
2003-09-18
2017-10-09
CVE-2003-0681
http://www.securityfocus.com/bid/8649
BID:8649
http://marc.info/?l=bugtraq&m=106383437615742&w=2
BUGTRAQ:20030917 GLSA: sendmail (200309-13)
http://marc.info/?l=bugtraq&m=106398718909274&w=2
BUGTRAQ:20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
http://www.kb.cert.org/vuls/id/108964
CERT-VN:VU#108964
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
CONECTIVA:CLA-2003:742
http://www.sendmail.org/8.12.10.html
CONFIRM:http://www.sendmail.org/8.12.10.html
http://www.debian.org/security/2003/dsa-384
DEBIAN:DSA-384
IMMUNIX:IMNX-2003-7+-021-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
MANDRAKE:MDKSA-2003:092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606
OVAL:oval:org.mitre.oval:def:3606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595
OVAL:oval:org.mitre.oval:def:595
http://www.redhat.com/support/errata/RHSA-2003-283.html
REDHAT:RHSA-2003:283
https://exchange.xforce.ibmcloud.com/vulnerabilities/13216
XF:sendmail-ruleset-parsing-bo(13216)
CVE-2003-0682
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
2003-09-18
2017-10-09
CVE-2003-0682
http://marc.info/?l=bugtraq&m=106381409220492&w=2
BUGTRAQ:20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741
CONECTIVA:CLA-2003:741
http://www.debian.org/security/2003/dsa-382
DEBIAN:DSA-382
http://www.debian.org/security/2003/dsa-383
DEBIAN:DSA-383
ENGARDE:ESA-20030918-024
FREEBSD:FreeBSD-SA-03:12
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446
OVAL:oval:org.mitre.oval:def:446
http://marc.info/?l=bugtraq&m=106373546332230&w=2
REDHAT:RHSA-2003:279
http://www.redhat.com/support/errata/RHSA-2003-280.html
REDHAT:RHSA-2003:280
SUSE:SuSE-SA:2003:039
CVE-2003-0683
NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.
2003-10-30
2005-04-30
CVE-2003-0683
http://www.securityfocus.com/bid/8921
BID:8921
http://www.osvdb.org/2734
OSVDB:2734
http://secunia.com/advisories/10095
SECUNIA:10095
ftp://patches.sgi.com/support/free/security/advisories/20031004-01-P
SGI:20031004-01-P
CVE-2003-0684
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0684
CVE-2003-0685
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
2003-08-15
2016-10-17
CVE-2003-0685
http://marc.info/?l=bugtraq&m=106071059430211&w=2
BUGTRAQ:20030812 Netris client Buffer Overflow Vulnerability.
http://www.debian.org/security/2003/dsa-372
DEBIAN:DSA-372
CVE-2003-0686
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
2003-09-03
2017-10-09
CVE-2003-0686
http://marc.info/?l=bugtraq&m=106252769930090&w=2
BUGTRAQ:20030901 GLSA: pam_smb (200309-01)
http://www.kb.cert.org/vuls/id/680260
CERT-VN:VU#680260
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000734
CONECTIVA:CLA-2003:734
http://us2.samba.org/samba/ftp/pam_smb/
CONFIRM:http://us2.samba.org/samba/ftp/pam_smb/
http://www.debian.org/security/2003/dsa-374
DEBIAN:DSA-374
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A469
OVAL:oval:org.mitre.oval:def:469
http://www.redhat.com/support/errata/RHSA-2003-261.html
REDHAT:RHSA-2003:261
http://www.redhat.com/support/errata/RHSA-2003-262.html
REDHAT:RHSA-2003:262
http://secunia.com/advisories/9611
SECUNIA:9611
SUSE:SuSE-SA:2003:036
http://www.turbolinux.com/security/TLSA-2003-50.txt
TURBO:TLSA-2003-50
CVE-2003-0687
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was internally assigned to a problem that was not reachable (the affected routine was not used by the software). Notes: none.
2004-06-03
2005-02-06
CVE-2003-0687
CVE-2003-0688
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
2003-09-03
2017-10-09
CVE-2003-0688
http://www.kb.cert.org/vuls/id/993452
CERT-VN:VU#993452
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000727
CONECTIVA:CLA-2003:727
http://www.sendmail.org/dnsmap1.html
CONFIRM:http://www.sendmail.org/dnsmap1.html
FREEBSD:FreeBSD-SA-03:11
http://www.mandriva.com/security/advisories?name=MDKSA-2003:086
MANDRAKE:MDKSA-2003:086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A597
OVAL:oval:org.mitre.oval:def:597
http://www.redhat.com/support/errata/RHSA-2003-265.html
REDHAT:RHSA-2003:265
ftp://patches.sgi.com/support/free/security/advisories/20030803-01-P
SGI:20030803-01-P
http://www.novell.com/linux/security/advisories/2003_035_sendmail.html
SUSE:SuSE-SA:2003:035
CVE-2003-0689
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
2003-09-03
2003-11-18
CVE-2003-0689
http://www.redhat.com/support/errata/RHSA-2003-249.html
REDHAT:RHSA-2003:249
http://www.redhat.com/support/errata/RHSA-2003-325.html
REDHAT:RHSA-2003:325
CVE-2003-0690
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
2003-09-18
2017-10-09
CVE-2003-0690
http://marc.info/?l=bugtraq&m=106374551513499&w=2
BUGTRAQ:20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
CONECTIVA:CLA-2003:747
http://www.kde.org/info/security/advisory-20030916-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20030916-1.txt
http://www.debian.org/security/2003/dsa-388
DEBIAN:DSA-388
http://www.debian.org/security/2004/dsa-443
DEBIAN:DSA-443
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
MANDRAKE:MDKSA-2003:091
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
MISC:http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193
OVAL:oval:org.mitre.oval:def:193
http://www.redhat.com/support/errata/RHSA-2003-270.html
REDHAT:RHSA-2003:270
http://www.redhat.com/support/errata/RHSA-2003-286.html
REDHAT:RHSA-2003:286
http://www.redhat.com/support/errata/RHSA-2003-287.html
REDHAT:RHSA-2003:287
http://www.redhat.com/support/errata/RHSA-2003-288.html
REDHAT:RHSA-2003:288
http://www.redhat.com/support/errata/RHSA-2003-289.html
REDHAT:RHSA-2003:289
CVE-2003-0691
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none.
2006-02-27
CVE-2003-0691
CVE-2003-0692
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
2003-09-18
2017-10-09
CVE-2003-0692
http://marc.info/?l=bugtraq&m=106374551513499&w=2
BUGTRAQ:20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
CONECTIVA:CLA-2003:747
http://www.kde.org/info/security/advisory-20030916-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20030916-1.txt
http://www.debian.org/security/2003/dsa-388
DEBIAN:DSA-388
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
MANDRAKE:MDKSA-2003:091
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
MISC:http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215
OVAL:oval:org.mitre.oval:def:215
http://www.redhat.com/support/errata/RHSA-2003-270.html
REDHAT:RHSA-2003:270
http://www.redhat.com/support/errata/RHSA-2003-288.html
REDHAT:RHSA-2003:288
CVE-2003-0693
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
2003-09-17
2017-10-09
CVE-2003-0693
http://marc.info/?l=bugtraq&m=106373247528528&w=2
BUGTRAQ:20030916 OpenSSH Buffer Management Bug Advisory
http://marc.info/?l=bugtraq&m=106374466212309&w=2
BUGTRAQ:20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
http://marc.info/?l=bugtraq&m=106381409220492&w=2
BUGTRAQ:20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
http://www.cert.org/advisories/CA-2003-24.html
CERT:CA-2003-24
http://www.kb.cert.org/vuls/id/333628
CERT-VN:VU#333628
http://www.openssh.com/txt/buffer.adv
CONFIRM:http://www.openssh.com/txt/buffer.adv
http://www.debian.org/security/2003/dsa-382
DEBIAN:DSA-382
http://www.debian.org/security/2003/dsa-383
DEBIAN:DSA-383
ENGARDE:ESA-20030916-023
FREEBSD:FreeBSD-SA-03:12
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html
FULLDISC:20030915 new ssh exploit?
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html
FULLDISC:20030915 openssh remote exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html
FULLDISC:20030916 The lowdown on SSH vulnerability
IMMUNIX:IMNX-2003-7+-020-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:090
MANDRAKE:MDKSA-2003:090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719
OVAL:oval:org.mitre.oval:def:2719
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447
OVAL:oval:org.mitre.oval:def:447
http://marc.info/?l=bugtraq&m=106373546332230&w=2
REDHAT:RHSA-2003:279
http://www.redhat.com/support/errata/RHSA-2003-280.html
REDHAT:RHSA-2003:280
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1
SUNALERT:1000620
SUSE:SuSE-SA:2003:038
SUSE:SuSE-SA:2003:039
http://marc.info/?l=bugtraq&m=106381396120332&w=2
TRUSTIX:2003-0033
https://exchange.xforce.ibmcloud.com/vulnerabilities/13191
XF:openssh-packet-bo(13191)
CVE-2003-0694
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
2003-09-18
2017-10-09
CVE-2003-0694
http://marc.info/?l=bugtraq&m=106383437615742&w=2
BUGTRAQ:20030917 GLSA: sendmail (200309-13)
http://marc.info/?l=bugtraq&m=106381604923204&w=2
BUGTRAQ:20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
http://marc.info/?l=bugtraq&m=106382859407683&w=2
BUGTRAQ:20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)
http://marc.info/?l=bugtraq&m=106398718909274&w=2
BUGTRAQ:20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
http://www.cert.org/advisories/CA-2003-25.html
CERT:CA-2003-25
http://www.kb.cert.org/vuls/id/784980
CERT-VN:VU#784980
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
CONECTIVA:CLA-2003:742
http://www.sendmail.org/8.12.10.html
CONFIRM:http://www.sendmail.org/8.12.10.html
http://www.debian.org/security/2003/dsa-384
DEBIAN:DSA-384
FREEBSD:FreeBSD-SA-03:13
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
FULLDISC:20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
HP:SSRT3631
IMMUNIX:IMNX-2003-7+-021-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
MANDRAKE:MDKSA-2003:092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975
OVAL:oval:org.mitre.oval:def:2975
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572
OVAL:oval:org.mitre.oval:def:572
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603
OVAL:oval:org.mitre.oval:def:603
http://www.redhat.com/support/errata/RHSA-2003-283.html
REDHAT:RHSA-2003:283
http://www.redhat.com/support/errata/RHSA-2003-284.html
REDHAT:RHSA-2003:284
SCO:CSSA-2003-036.0
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
SCO:SCOSA-2004.11
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
VULNWATCH:20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug
CVE-2003-0695
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
2003-09-18
2017-10-09
CVE-2003-0695
http://marc.info/?l=bugtraq&m=106381409220492&w=2
BUGTRAQ:20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
http://marc.info/?l=bugtraq&m=106382542403716&w=2
BUGTRAQ:20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741
CONECTIVA:CLA-2003:741
http://www.openssh.com/txt/buffer.adv
CONFIRM:http://www.openssh.com/txt/buffer.adv
http://www.debian.org/security/2003/dsa-382
DEBIAN:DSA-382
http://www.debian.org/security/2003/dsa-383
DEBIAN:DSA-383
ENGARDE:ESA-20030918-024
FREEBSD:FreeBSD-SA-03:12
http://www.mandriva.com/security/advisories?name=MDKSA-2003:090
MANDRAKE:MDKSA-2003:090
http://marc.info/?l=openbsd-security-announce&m=106375582924840
MISC:http://marc.info/?l=openbsd-security-announce&m=106375582924840
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452
OVAL:oval:org.mitre.oval:def:452
http://marc.info/?l=bugtraq&m=106373546332230&w=2
REDHAT:RHSA-2003:279
http://www.redhat.com/support/errata/RHSA-2003-280.html
REDHAT:RHSA-2003:280
SUSE:SuSE-SA:2003:039
http://marc.info/?l=bugtraq&m=106381396120332&w=2
TRUSTIX:2003-0033
CVE-2003-0696
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).
2004-01-08
2017-07-10
CVE-2003-0696
http://www.securityfocus.com/bid/8738
BID:8738
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX51&topic=SECURITY&month=200310&label=getipnodebyname%28%29+API+does+not+close+sockets.&date=20031001&bulletin=datafile150755&embed=true
CONFIRM:https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX51&topic=SECURITY&month=200310&label=getipnodebyname%28%29+API+does+not+close+sockets.&date=20031001&bulletin=datafile150755&embed=true
https://exchange.xforce.ibmcloud.com/vulnerabilities/13328
XF:aix-sendmail-getipnodebyname-dos(13328)
CVE-2003-0697
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
2003-09-23
2004-01-08
CVE-2003-0697
http://www-1.ibm.com/support/search.wss?rs=0&q=IY45250&apar=only
AIXAPAR:IY45250
http://www-1.ibm.com/support/search.wss?rs=0&q=IY45344&apar=only
AIXAPAR:IY45344
http://www-1.ibm.com/support/search.wss?rs=0&q=IY46256&apar=only
AIXAPAR:IY46256
http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1605.1
CONFIRM:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1605.1
CVE-2003-0698
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-04-14
2005-06-02
CVE-2003-0698
CVE-2003-0699
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
2003-08-22
2017-10-09
CVE-2003-0699
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A387
OVAL:oval:org.mitre.oval:def:387
http://www.redhat.com/support/errata/RHSA-2003-198.html
REDHAT:RHSA-2003:198
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2003-239.html
REDHAT:RHSA-2003:239
CVE-2003-0700
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.
2004-01-22
2017-10-09
CVE-2003-0700
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A401
OVAL:oval:org.mitre.oval:def:401
http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:238
http://www.redhat.com/support/errata/RHSA-2004-044.html
REDHAT:RHSA-2004:044
CVE-2003-0701
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
2003-08-22
2018-10-12
CVE-2003-0701
http://marc.info/?l=bugtraq&m=106148101210479&w=2
BUGTRAQ:20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment
http://www.kb.cert.org/vuls/id/334928
CERT-VN:VU#334928
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032
MS:MS03-032
https://exchange.xforce.ibmcloud.com/vulnerabilities/12970
XF:ie-dbcs-object-bo(12970)
CVE-2003-0702
Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL.
2003-09-03
2017-07-10
CVE-2003-0702
http://marc.info/?l=bugtraq&m=106278164225389&w=2
BUGTRAQ:20030905 ISS Server Sensor Denial of Service
http://www.enteredge.com/research/CAN-2003-0702.asp
MISC:http://www.enteredge.com/research/CAN-2003-0702.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/13088
XF:realsecure-isapi-dos(13088)
CVE-2003-0703
KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh.
2003-09-12
2017-07-10
CVE-2003-0703
http://www.atstake.com/research/advisories/2003/a082203-1.txt
ATSTAKE:A082203-1
http://www.securityfocus.com/bid/8497
BID:8497
https://exchange.xforce.ibmcloud.com/vulnerabilities/13007
XF:kismac-driverkext-load-modules(13007)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13008
XF:kismac-exchangekernel-kernel-overwrite(13008)
CVE-2003-0704
KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh.
2003-09-12
2017-12-18
CVE-2003-0704
http://www.atstake.com/research/advisories/2003/a082203-1.txt
ATSTAKE:A082203-1
http://www.securityfocus.com/bid/8497
BID:8497
https://exchange.xforce.ibmcloud.com/vulnerabilities/13006
XF:kismac-driverkext-modify-ownership(13006)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13009
XF:kismac-setuid-modify-ownership(13009)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13010
XF:kismac-viha-gain-privileges(13010)
CVE-2003-0705
Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.
2003-09-12
CVE-2003-0705
http://www.debian.org/security/2003/dsa-378
DEBIAN:DSA-378
CVE-2003-0706
Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop).
2003-09-12
CVE-2003-0706
http://www.debian.org/security/2003/dsa-378
DEBIAN:DSA-378
CVE-2003-0707
Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code.
2003-09-03
2003-09-23
CVE-2003-0707
http://www.debian.org/security/2003/dsa-375
DEBIAN:DSA-375
CVE-2003-0708
Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.
2003-09-03
2003-09-23
CVE-2003-0708
http://www.debian.org/security/2003/dsa-375
DEBIAN:DSA-375
CVE-2003-0709
Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.
2003-09-03
2021-06-15
CVE-2003-0709
http://www.zone-h.org/en/advisories/read/id=2925/
MISC:http://www.zone-h.org/en/advisories/read/id=2925/
CVE-2003-0710
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0710
CVE-2003-0711
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
2003-10-17
2018-10-12
CVE-2003-0711
http://www.securityfocus.com/bid/8828
BID:8828
http://marc.info/?l=bugtraq&m=106631908105696&w=2
BUGTRAQ:20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
http://www.cert.org/advisories/CA-2003-27.html
CERT:CA-2003-27
http://www.kb.cert.org/vuls/id/467036
CERT-VN:VU#467036
http://www.ngssoftware.com/advisories/ms-pchealth.txt
MISC:http://www.ngssoftware.com/advisories/ms-pchealth.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-044
MS:MS03-044
http://marc.info/?l=ntbugtraq&m=106632194809632&w=2
NTBUGTRAQ:20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A217
OVAL:oval:org.mitre.oval:def:217
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3685
OVAL:oval:org.mitre.oval:def:3685
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3889
OVAL:oval:org.mitre.oval:def:3889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4706
OVAL:oval:org.mitre.oval:def:4706
CVE-2003-0712
Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
2003-10-17
2018-10-12
CVE-2003-0712
http://www.securityfocus.com/bid/8832
BID:8832
http://marc.info/?l=bugtraq&m=106631918405915&w=2
BUGTRAQ:20031016 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow
http://www.cert.org/advisories/CA-2003-27.html
CERT:CA-2003-27
http://www.kb.cert.org/vuls/id/435444
CERT-VN:VU#435444
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-047
MS:MS03-047
CVE-2003-0713
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0713
CVE-2003-0714
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
2003-10-17
2018-10-12
CVE-2003-0714
http://www.securityfocus.com/bid/8838
BID:8838
http://marc.info/?l=bugtraq&m=106682909006586&w=2
BUGTRAQ:20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow
http://www.cert.org/advisories/CA-2003-27.html
CERT:CA-2003-27
http://www.kb.cert.org/vuls/id/422156
CERT-VN:VU#422156
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046
MS:MS03-046
CVE-2003-0715
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
2003-09-12
2018-10-12
CVE-2003-0715
http://marc.info/?l=bugtraq&m=106322856608909&w=2
BUGTRAQ:20030910 EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II
http://www.cert.org/advisories/CA-2003-23.html
CERT:CA-2003-23
http://www.kb.cert.org/vuls/id/483492
CERT-VN:VU#483492
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039
MS:MS03-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1202
OVAL:oval:org.mitre.oval:def:1202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1813
OVAL:oval:org.mitre.oval:def:1813
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A20
OVAL:oval:org.mitre.oval:def:20
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A264
OVAL:oval:org.mitre.oval:def:264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4224
OVAL:oval:org.mitre.oval:def:4224
CVE-2003-0716
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0716
CVE-2003-0717
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
2003-10-17
2018-10-12
CVE-2003-0717
http://www.securityfocus.com/bid/8826
BID:8826
http://marc.info/?l=ntbugtraq&m=106632188709562&w=2
BUGTRAQ:20031016 MS03-043 Popup Messenger Servce buffer-overflow
http://marc.info/?l=bugtraq&m=106666713812158&w=2
BUGTRAQ:20031018 Proof of concept for Windows Messenger Service overflow
http://www.cert.org/advisories/CA-2003-27.html
CERT:CA-2003-27
http://www.kb.cert.org/vuls/id/575892
CERT-VN:VU#575892
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-043
MS:MS03-043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A213
OVAL:oval:org.mitre.oval:def:213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A268
OVAL:oval:org.mitre.oval:def:268
CVE-2003-0718
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
2004-10-16
2018-10-12
CVE-2003-0718
http://marc.info/?l=bugtraq&m=109762641822064&w=2
BUGTRAQ:20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030
MS:MS04-030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330
OVAL:oval:org.mitre.oval:def:1330
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427
OVAL:oval:org.mitre.oval:def:1427
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767
OVAL:oval:org.mitre.oval:def:4767
https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
XF:iis-ms04030-patch(17656)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
XF:iis-webdav-xml-attribute-dos(17645)
CVE-2003-0719
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
2004-04-16
2018-10-12
CVE-2003-0719
http://www.securityfocus.com/archive/1/361836
BUGTRAQ:20040430 A technical description of the SSL PCT vulnerability (CVE-2003-0719)
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/586540
CERT-VN:VU#586540
http://xforce.iss.net/xforce/alerts/id/168
ISS:20040413 Microsoft SSL Library Remote Compromise Vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1093
OVAL:oval:org.mitre.oval:def:1093
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A889
OVAL:oval:org.mitre.oval:def:889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A903
OVAL:oval:org.mitre.oval:def:903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A951
OVAL:oval:org.mitre.oval:def:951
CVE-2003-0720
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
2003-09-12
2017-10-09
CVE-2003-0720
http://marc.info/?l=bugtraq&m=106322571805153&w=2
BUGTRAQ:20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE
http://marc.info/?l=bugtraq&m=106329356702508&w=2
BUGTRAQ:20030911 [slackware-security] security issues in pine (SSA:2003-253-01)
ENGARDE:ESA-20030911-022
http://www.idefense.com/advisory/09.10.03.txt
MISC:http://www.idefense.com/advisory/09.10.03.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499
OVAL:oval:org.mitre.oval:def:499
http://www.redhat.com/support/errata/RHSA-2003-273.html
REDHAT:RHSA-2003:273
http://www.redhat.com/support/errata/RHSA-2003-274.html
REDHAT:RHSA-2003:274
SUSE:SuSE-SA:2003:037
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html
VULNWATCH:20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE
CVE-2003-0721
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
2003-09-12
2017-10-09
CVE-2003-0721
http://marc.info/?l=bugtraq&m=106329356702508&w=2
BUGTRAQ:20030911 [slackware-security] security issues in pine (SSA:2003-253-01)
http://marc.info/?l=bugtraq&m=106367213400313&w=2
BUGTRAQ:20030915 remote Pine <= 4.56 exploit fully automatic
ENGARDE:ESA-20030911-022
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html
FULLDISC:20030911 Pine: .procmailrc rule against integer overflow
http://www.idefense.com/advisory/09.10.03.txt
IDEFENSE:20030910 Two Exploitable Overflows in PINE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503
OVAL:oval:org.mitre.oval:def:503
http://www.redhat.com/support/errata/RHSA-2003-273.html
REDHAT:RHSA-2003:273
http://www.redhat.com/support/errata/RHSA-2003-274.html
REDHAT:RHSA-2003:274
SUSE:SuSE-SA:2003:037
CVE-2003-0722
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
2003-09-17
2017-10-09
CVE-2003-0722
http://www.securityfocus.com/bid/8615
BID:8615
http://marc.info/?l=bugtraq&m=106391959014331&w=2
BUGTRAQ:20030918 Solaris SADMIND Exploitation
http://www.kb.cert.org/vuls/id/41870
CERT-VN:VU#41870
http://www.ciac.org/ciac/bulletins/n-148.shtml
CIAC:N-148
http://www.idefense.com/advisory/09.16.03.txt
MISC:http://www.idefense.com/advisory/09.16.03.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1273
OVAL:oval:org.mitre.oval:def:1273
http://secunia.com/advisories/9742
SECUNIA:9742
http://sunsolve.sun.com/search/document.do?assetkey=1-26-56740-1&searchclause=security
SUNALERT:56740
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0115.html
VULNWATCH:20030918 Solaris SADMIND Exploitation
CVE-2003-0723
Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code.
2003-09-03
2004-06-03
CVE-2003-0723
http://www.mandriva.com/security/advisories?name=MDKSA-2003:087
MANDRAKE:MDKSA-2003:087
CVE-2003-0724
ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.
2003-09-03
CVE-2003-0724
http://www.securityfocus.com/bid/8492
BID:8492
http://www.securityfocus.com/advisories/5736
HP:SSRT3588
CVE-2003-0725
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
2003-09-03
2003-09-04
CVE-2003-0725
http://www.securityfocus.com/bid/8476
BID:8476
http://www.kb.cert.org/vuls/id/934932
CERT-VN:VU#934932
http://www.service.real.com/help/faq/security/rootexploit082203.html
CONFIRM:http://www.service.real.com/help/faq/security/rootexploit082203.html
http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html
MISC:http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0087.html
VULNWATCH:20030825 New Bug in RealServer
CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
2003-09-03
2017-07-10
CVE-2003-0726
http://www.securityfocus.com/bid/8453
BID:8453
http://www.securityfocus.com/archive/1/335293
BUGTRAQ:20030827 RealOne Player Allows Cross Zone and Domain Access
http://www.service.real.com/help/faq/security/securityupdate_august2003.html
CONFIRM:http://www.service.real.com/help/faq/security/securityupdate_august2003.html
http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html
MISC:http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html
http://securitytracker.com/id?1007532
SECTRACK:1007532
https://exchange.xforce.ibmcloud.com/vulnerabilities/13028
XF:realone-smil-execute-code(13028)
CVE-2003-0727
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
2003-09-03
2017-09-27
CVE-2003-0727
http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf
https://www.exploit-db.com/exploits/42780/
EXPLOIT-DB:42780
CVE-2003-0728
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
2003-09-03
2016-10-17
CVE-2003-0728
http://marc.info/?l=bugtraq&m=106081310531567&w=2
BUGTRAQ:20030813 PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4
http://marc.info/?l=bugtraq&m=106252836330987&w=2
BUGTRAQ:20030901 GLSA: horde (200309-02)
CVE-2003-0729
Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.
2003-09-03
2016-10-17
CVE-2003-0729
http://marc.info/?l=bugtraq&m=106252411425545&w=2
BUGTRAQ:20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)
http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html
MISC:http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0091.html
VULNWATCH:20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)
CVE-2003-0730
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
2003-09-03
2016-10-17
CVE-2003-0730
http://www.securityfocus.com/bid/8514
BID:8514
http://marc.info/?l=bugtraq&m=106229335312429&w=2
BUGTRAQ:20030830 Multiple integer overflows in XFree86 (local/remote)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
CONECTIVA:CLA-2004:821
http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
http://www.debian.org/security/2003/dsa-380
DEBIAN:DSA-380
http://www.mandriva.com/security/advisories?name=MDKSA-2003:089
MANDRAKE:MDKSA-2003:089
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc
NETBSD:NetBSD-SA2003-015
http://www.redhat.com/support/errata/RHSA-2003-286.html
REDHAT:RHSA-2003:286
http://www.redhat.com/support/errata/RHSA-2003-287.html
REDHAT:RHSA-2003:287
http://www.redhat.com/support/errata/RHSA-2003-288.html
REDHAT:RHSA-2003:288
http://www.redhat.com/support/errata/RHSA-2003-289.html
REDHAT:RHSA-2003:289
http://secunia.com/advisories/24168
SECUNIA:24168
http://secunia.com/advisories/24247
SECUNIA:24247
ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc
SGI:20031101-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
SUNALERT:102803
http://www.vupen.com/english/advisories/2007/0589
VUPEN:ADV-2007-0589
CVE-2003-0731
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
2003-09-04
CVE-2003-0731
http://www.securityfocus.com/archive/1/333028
BUGTRAQ:20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml
CISCO:20030813 CiscoWorks Application Vulnerabilities
CVE-2003-0732
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
2003-09-04
CVE-2003-0732
http://www.securityfocus.com/archive/1/333028
BUGTRAQ:20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml
CISCO:20030813 CiscoWorks Application Vulnerabilities
CVE-2003-0733
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
2003-09-04
2021-06-15
CVE-2003-0733
http://www.securityfocus.com/bid/8357
BID:8357
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
CVE-2003-0734
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
2003-09-04
2004-06-03
CVE-2003-0734
http://www.mandriva.com/security/advisories?name=MDKSA-2003:088
MANDRAKE:MDKSA-2003:088
CVE-2003-0735
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
2003-09-04
2016-10-17
CVE-2003-0735
http://marc.info/?l=bugtraq&m=106062021711496&w=2
BUGTRAQ:20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
http://marc.info/?l=bugtraq&m=106252188522715&w=2
BUGTRAQ:20030902 GLSA: phpwebsite (200309-03)
http://www.kb.cert.org/vuls/id/925166
CERT-VN:VU#925166
CVE-2003-0736
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
2003-09-04
2016-10-17
CVE-2003-0736
http://marc.info/?l=bugtraq&m=106062021711496&w=2
BUGTRAQ:20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
http://marc.info/?l=bugtraq&m=106252188522715&w=2
BUGTRAQ:20030902 GLSA: phpwebsite (200309-03)
http://www.kb.cert.org/vuls/id/664422
CERT-VN:VU#664422
CVE-2003-0737
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.
2003-09-04
2016-10-17
CVE-2003-0737
http://marc.info/?l=bugtraq&m=106062021711496&w=2
BUGTRAQ:20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
http://marc.info/?l=bugtraq&m=106252188522715&w=2
BUGTRAQ:20030902 GLSA: phpwebsite (200309-03)
CVE-2003-0738
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
2003-09-04
2016-10-17
CVE-2003-0738
http://marc.info/?l=bugtraq&m=106062021711496&w=2
BUGTRAQ:20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities
http://marc.info/?l=bugtraq&m=106252188522715&w=2
BUGTRAQ:20030902 GLSA: phpwebsite (200309-03)
CVE-2003-0739
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
2003-09-04
2016-10-17
CVE-2003-0739
http://marc.info/?l=bugtraq&m=106029217115023&w=2
BUGTRAQ:20030807 VMware Workstation 4.0.1 (for Linux systems) vulnerability
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1106
CONFIRM:http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1106
CVE-2003-0740
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
2003-09-04
2016-10-17
CVE-2003-0740
http://marc.info/?l=bugtraq&m=106260760211958&w=2
BUGTRAQ:20030903 Stunnel-3.x Daemon Hijacking
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736
CONECTIVA:CLA-2003:736
http://www.mandriva.com/security/advisories?name=MDKSA-2003:108
MANDRAKE:MDKSA-2003:108
http://www.redhat.com/support/errata/RHSA-2003-297.html
REDHAT:RHSA-2003:297
CVE-2003-0741
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0741
CVE-2003-0742
SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.
2003-09-19
2022-08-17
CVE-2003-0742
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0742
MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0742
SCO:CSSA-2003-SCO.19
CVE-2003-0743
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
2003-09-06
2016-10-17
CVE-2003-0743
http://marc.info/?l=bugtraq&m=106252015820395&w=2
BUGTRAQ:20030901 exim remote heap overflow, probably not exploitable
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735
CONECTIVA:CLA-2003:735
http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog
CONFIRM:http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog
http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog
CONFIRM:http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog
http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
CONFIRM:http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
http://www.debian.org/security/2003/dsa-376
DEBIAN:DSA-376
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html
MLIST:[Exim] 20030814 Minor security bug
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html
MLIST:[Exim] 20030815 Minor security bug
http://marc.info/?l=vuln-dev&m=106264740820334&w=2
VULN-DEV:20030903 Re: exim remote heap overflow, probably not exploitable
CVE-2003-0744
The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.
2003-09-06
2016-10-17
CVE-2003-0744
http://www.securityfocus.com/bid/8541
BID:8541
http://marc.info/?l=bugtraq&m=106270038210736&w=2
BUGTRAQ:20030904 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01
http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt
CONFIRM:http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt
http://www.osvdb.org/6452
OSVDB:6452
http://secunia.com/advisories/9678
SECUNIA:9678
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/
VULNWATCH:20030903 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01
CVE-2003-0745
SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server.
2003-09-06
CVE-2003-0745
http://archives.neohapsis.com/archives/bugtraq/2003-08/0340.html
BUGTRAQ:20030825 SNMPc v5 and v6 remote vulnerability
CVE-2003-0746
Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm.
2003-09-06
2003-10-01
CVE-2003-0746
http://www.kb.cert.org/vuls/id/377804
CERT-VN:VU#377804
http://archives.neohapsis.com/archives/hp/2003-q3/0042.html
HP:HPSBUX0308-274
http://www.secunia.com/advisories/9482
SECUNIA:9482
ftp://patches.sgi.com/support/free/security/advisories/20030902-01-P
SGI:20030902-01-P
CVE-2003-0747
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
2003-09-06
2017-07-10
CVE-2003-0747
http://www.securityfocus.com/bid/8515
BID:8515
http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
BUGTRAQ:20030830 SAP Internet Transaction Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/13063
XF:its-wgatedll-information-disclosure(13063)
CVE-2003-0748
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
2003-09-06
2017-07-10
CVE-2003-0748
http://www.securityfocus.com/bid/8516
BID:8516
http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
BUGTRAQ:20030830 SAP Internet Transaction Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/13066
XF:its-wgatedll-directory-traversal(13066)
CVE-2003-0749
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
2003-09-06
2004-03-16
CVE-2003-0749
http://www.securityfocus.com/bid/8517
BID:8517
http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
BUGTRAQ:20030830 SAP Internet Transaction Server
CVE-2003-0750
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter.
2003-09-06
CVE-2003-0750
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html
VULNWATCH:20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection
CVE-2003-0751
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.
2003-09-06
CVE-2003-0751
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html
VULNWATCH:20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection
CVE-2003-0752
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
2003-09-06
CVE-2003-0752
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html
VULNWATCH:20030826 [PHP] AttilaPHP 3.0 : User/Admin Access
CVE-2003-0753
nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter.
2003-09-06
CVE-2003-0753
http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html
BUGTRAQ:20030824 newsPHP file inclusion & bad login validation
CVE-2003-0754
nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication.
2003-09-06
CVE-2003-0754
http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html
BUGTRAQ:20030824 newsPHP file inclusion & bad login validation
CVE-2003-0755
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.
2003-09-06
CVE-2003-0755
http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0101.html
VULN-DEV:20030826 gtkftpd[v1.0.4(and below)]: remote root buffer overflow exploit.
CVE-2003-0756
Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter.
2003-09-06
CVE-2003-0756
http://archives.neohapsis.com/archives/bugtraq/2003-09/0011.html
BUGTRAQ:20030831 Directory Traversal in SITEBUILDER - v1.4
CVE-2003-0757
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.
2003-09-06
CVE-2003-0757
http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html
BUGTRAQ:20030902 IRM 007: The IP addresses of Check Point Firewall-1 internal interfaces may be enumerated using SecuRemote
CVE-2003-0758
Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
2003-09-19
2017-07-10
CVE-2003-0758
http://www.securityfocus.com/bid/8552
BID:8552
http://marc.info/?l=bugtraq&m=106389919618721&w=2
BUGTRAQ:20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
http://www.ciac.org/ciac/bulletins/n-154.shtml
CIAC:N-154
http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html
VULNWATCH:20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/13218
XF:ibm-db2-db2dart-bo(13218)
CVE-2003-0759
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
2003-09-19
2016-10-17
CVE-2003-0759
http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/aparlib.d2w/display_apar_details?aparno=IY47653
AIXAPAR:IY47653
http://www.securityfocus.com/bid/8553
BID:8553
http://marc.info/?l=bugtraq&m=106389919618721&w=2
BUGTRAQ:20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
http://www.ciac.org/ciac/bulletins/n-154.shtml
CIAC:N-154
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt
CONFIRM:ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt
http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10
MISC:http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html
VULNWATCH:20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities
CVE-2003-0760
Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701.
2003-09-12
2017-07-10
CVE-2003-0760
http://www.securityfocus.com/bid/8482
BID:8482
http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html
MISC:http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13012
XF:blubster-port701-dos(13012)
CVE-2003-0761
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
2003-09-12
CVE-2003-0761
http://www.atstake.com/research/advisories/2003/a090403-1.txt
ATSTAKE:A090403-1
CVE-2003-0762
Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value).
2003-09-12
CVE-2003-0762
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0096.html
VULNWATCH:20030905 [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension
CVE-2003-0763
Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.
2003-09-12
2016-10-17
CVE-2003-0763
http://marc.info/?l=bugtraq&m=106312344631197&w=2
BUGTRAQ:20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure
CVE-2003-0764
Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter.
2003-09-12
2016-10-17
CVE-2003-0764
http://marc.info/?l=bugtraq&m=106312344631197&w=2
BUGTRAQ:20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure
CVE-2003-0765
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
2003-09-12
2016-10-17
CVE-2003-0765
http://marc.info/?l=bugtraq&m=106305643432112&w=2
BUGTRAQ:20030908 Winamp 2.91 lets code execution through MIDI files
CVE-2003-0766
Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command.
2003-09-12
2017-04-28
CVE-2003-0766
http://marc.info/?l=bugtraq&m=106305502230604&w=2
BUGTRAQ:20030908 Multiple Heap Overflows in FTP Desktop
CVE-2003-0767
Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.
2003-09-12
2016-10-17
CVE-2003-0767
http://marc.info/?l=bugtraq&m=106304902323758&w=2
BUGTRAQ:20030908 Rogerwilco: server's buffer overflow
CVE-2003-0768
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
2003-09-12
2016-10-17
CVE-2003-0768
http://marc.info/?l=bugtraq&m=106304326916062&w=2
BUGTRAQ:20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net
CVE-2003-0769
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
2003-09-12
2022-08-17
CVE-2003-0769
BUGTRAQ:20030908
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0769
MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0769
CVE-2003-0770
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.
2003-09-12
2016-10-17
CVE-2003-0770
http://www.securityfocus.com/archive/1/317234
BUGTRAQ:20030401 IkonBoard v3.1.1: arbitrary command execution
http://www.securityfocus.com/archive/1/336598
BUGTRAQ:20030908 IkonBoard 3.1.2a arbitrary command execution
http://marc.info/?l=bugtraq&m=106381136115972&w=2
BUGTRAQ:20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution
CVE-2003-0771
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
2003-09-12
2016-10-17
CVE-2003-0771
http://marc.info/?l=bugtraq&m=106304236914921&w=2
BUGTRAQ:20030907 Apache::Gallery local webserver compromise, privilege escalation
CVE-2003-0772
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
2003-09-12
2017-07-10
CVE-2003-0772
http://www.securityfocus.com/bid/8542
BID:8542
http://marc.info/?l=bugtraq&m=106288825902868&w=2
BUGTRAQ:20030906 Remote and Local Vulnerabilities In WS_FTP Server
http://www.kb.cert.org/vuls/id/219140
CERT-VN:VU#219140
http://www.kb.cert.org/vuls/id/792284
CERT-VN:VU#792284
http://secunia.com/advisories/9671
SECUNIA:9671
https://exchange.xforce.ibmcloud.com/vulnerabilities/13119
XF:wsftp-ftp-command-bo(13119)
CVE-2003-0773
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.
2003-09-12
2003-10-09
CVE-2003-0773
http://www.securityfocus.com/bid/8593
BID:8593
http://www.securityfocus.com/bid/8595
BID:8595
http://www.debian.org/security/2003/dsa-379
DEBIAN:DSA-379
http://www.mandriva.com/security/advisories?name=MDKSA-2003:099
MANDRAKE:MDKSA-2003:099
http://www.redhat.com/support/errata/RHSA-2003-278.html
REDHAT:RHSA-2003:278
http://www.redhat.com/support/errata/RHSA-2003-285.html
REDHAT:RHSA-2003:285
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt
SCO:CSSA-2004-005.0
http://www.novell.com/linux/security/advisories/2003_046_sane.html
SUSE:SuSE-SA:2003:046
CVE-2003-0774
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
2003-09-12
2003-10-09
CVE-2003-0774
http://www.securityfocus.com/bid/8593
BID:8593
http://www.debian.org/security/2003/dsa-379
DEBIAN:DSA-379
http://www.mandriva.com/security/advisories?name=MDKSA-2003:099
MANDRAKE:MDKSA-2003:099
http://www.redhat.com/support/errata/RHSA-2003-278.html
REDHAT:RHSA-2003:278
http://www.redhat.com/support/errata/RHSA-2003-285.html
REDHAT:RHSA-2003:285
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt
SCO:CSSA-2004-005.0
http://www.novell.com/linux/security/advisories/2003_046_sane.html
SUSE:SuSE-SA:2003:046
CVE-2003-0775
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
2003-09-12
2003-10-09
CVE-2003-0775
http://www.securityfocus.com/bid/8593
BID:8593
http://www.securityfocus.com/bid/8600
BID:8600
http://www.debian.org/security/2003/dsa-379
DEBIAN:DSA-379
http://www.mandriva.com/security/advisories?name=MDKSA-2003:099
MANDRAKE:MDKSA-2003:099
http://www.redhat.com/support/errata/RHSA-2003-278.html
REDHAT:RHSA-2003:278
http://www.redhat.com/support/errata/RHSA-2003-285.html
REDHAT:RHSA-2003:285
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt
SCO:CSSA-2004-005.0
http://www.novell.com/linux/security/advisories/2003_046_sane.html
SUSE:SuSE-SA:2003:046
CVE-2003-0776
saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.
2003-09-12
2003-10-09
CVE-2003-0776
http://www.securityfocus.com/bid/8593
BID:8593
http://www.debian.org/security/2003/dsa-379
DEBIAN:DSA-379
http://www.mandriva.com/security/advisories?name=MDKSA-2003:099
MANDRAKE:MDKSA-2003:099
http://www.redhat.com/support/errata/RHSA-2003-278.html
REDHAT:RHSA-2003:278
http://www.redhat.com/support/errata/RHSA-2003-285.html
REDHAT:RHSA-2003:285
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt
SCO:CSSA-2004-005.0
http://www.novell.com/linux/security/advisories/2003_046_sane.html
SUSE:SuSE-SA:2003:046
CVE-2003-0777
saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).
2003-09-12
2003-10-09
CVE-2003-0777
http://www.securityfocus.com/bid/8593
BID:8593
http://www.securityfocus.com/bid/8597
BID:8597
http://www.debian.org/security/2003/dsa-379
DEBIAN:DSA-379
http://www.mandriva.com/security/advisories?name=MDKSA-2003:099
MANDRAKE:MDKSA-2003:099
http://www.redhat.com/support/errata/RHSA-2003-278.html
REDHAT:RHSA-2003:278
http://www.redhat.com/support/errata/RHSA-2003-285.html
REDHAT:RHSA-2003:285
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt
SCO:CSSA-2004-005.0
http://www.novell.com/linux/security/advisories/2003_046_sane.html
SUSE:SuSE-SA:2003:046
CVE-2003-0778
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).
2003-09-12
2003-10-09
CVE-2003-0778
http://www.securityfocus.com/bid/8593
BID:8593
http://www.securityfocus.com/bid/8596
BID:8596
http://www.debian.org/security/2003/dsa-379
DEBIAN:DSA-379
http://www.mandriva.com/security/advisories?name=MDKSA-2003:099
MANDRAKE:MDKSA-2003:099
http://www.redhat.com/support/errata/RHSA-2003-278.html
REDHAT:RHSA-2003:278
http://www.redhat.com/support/errata/RHSA-2003-285.html
REDHAT:RHSA-2003:285
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt
SCO:CSSA-2004-005.0
http://www.novell.com/linux/security/advisories/2003_046_sane.html
SUSE:SuSE-SA:2003:046
CVE-2003-0779
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
2003-09-12
2004-05-05
CVE-2003-0779
http://www.atstake.com/research/advisories/2003/a091103-1.txt
ATSTAKE:A091103-1
CVE-2003-0780
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
2003-09-12
2016-10-17
CVE-2003-0780
http://www.securityfocus.com/archive/1/337012
BUGTRAQ:20030910 Buffer overflow in MySQL
http://marc.info/?l=bugtraq&m=106364207129993&w=2
BUGTRAQ:20030913 exploit for mysql -- [get_salt_from_password] problem
http://www.kb.cert.org/vuls/id/516492
CERT-VN:VU#516492
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
CONECTIVA:CLA-2003:743
http://www.debian.org/security/2003/dsa-381
DEBIAN:DSA-381
ENGARDE:ESA-20030918-025
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html
FULLDISC:20030910 Buffer overflow in MySQL
http://www.mandriva.com/security/advisories?name=MDKSA-2003:094
MANDRAKE:MDKSA-2003:094
http://www.redhat.com/support/errata/RHSA-2003-281.html
REDHAT:RHSA-2003:281
http://www.redhat.com/support/errata/RHSA-2003-282.html
REDHAT:RHSA-2003:282
http://secunia.com/advisories/9709
SECUNIA:9709
http://marc.info/?l=bugtraq&m=106381424420775&w=2
TRUSTIX:2003-0034
CVE-2003-0781
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
2004-03-25
2017-07-10
CVE-2003-0781
http://www.debian.org/security/2004/dsa-467
DEBIAN:DSA-467
https://exchange.xforce.ibmcloud.com/vulnerabilities/12929
XF:ecartis-subscribe-password-disclosure(12929)
CVE-2003-0782
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
2004-03-25
2017-07-10
CVE-2003-0782
http://www.debian.org/security/2004/dsa-467
DEBIAN:DSA-467
https://exchange.xforce.ibmcloud.com/vulnerabilities/12928
XF:ecartis-multiple-bo(12928)
CVE-2003-0783
Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.
2003-09-23
2017-07-10
CVE-2003-0783
http://www.securityfocus.com/bid/8656
BID:8656
http://marc.info/?l=bugtraq&m=106424495804417&w=2
BUGTRAQ:20030921 Fw: 0x333hztty => hztty 2.0 local root exploit
http://www.debian.org/security/2003/dsa-385
DEBIAN:DSA-385
http://www.osvdb.org/7119
OSVDB:7119
http://securitytracker.com/id?1007756
SECTRACK:1007756
http://securitytracker.com/id?1007757
SECTRACK:1007757
http://secunia.com/advisories/9792
SECUNIA:9792
https://exchange.xforce.ibmcloud.com/vulnerabilities/13243
XF:hztty-bo(13243)
CVE-2003-0784
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
2003-09-23
CVE-2003-0784
http://www-1.ibm.com/support/search.wss?rs=0&q=IY47764&apar=only
AIXAPAR:IY47764
CVE-2003-0785
ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
2003-09-23
CVE-2003-0785
http://www.debian.org/security/2003/dsa-389
DEBIAN:DSA-389
CVE-2003-0786
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
2003-09-25
2005-03-21
CVE-2003-0786
http://www.securityfocus.com/bid/8677
BID:8677
http://www.securityfocus.com/archive/1/338617
BUGTRAQ:20030923 Multiple PAM vulnerabilities in portable OpenSSH
http://www.securityfocus.com/archive/1/338616
BUGTRAQ:20030923 Portable OpenSSH 3.7.1p2 released
http://www.kb.cert.org/vuls/id/602204
CERT-VN:VU#602204
http://www.openssh.com/txt/sshpam.adv
CONFIRM:http://www.openssh.com/txt/sshpam.adv
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
FULLDISC:20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)
CVE-2003-0787
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
2003-09-25
2005-03-21
CVE-2003-0787
http://www.securityfocus.com/bid/8677
BID:8677
http://www.securityfocus.com/archive/1/338617
BUGTRAQ:20030923 Multiple PAM vulnerabilities in portable OpenSSH
http://www.securityfocus.com/archive/1/338616
BUGTRAQ:20030923 Portable OpenSSH 3.7.1p2 released
http://www.kb.cert.org/vuls/id/209807
CERT-VN:VU#209807
http://www.openssh.com/txt/sshpam.adv
CONFIRM:http://www.openssh.com/txt/sshpam.adv
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
FULLDISC:20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)
CVE-2003-0788
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).
2003-11-06
2017-07-10
CVE-2003-0788
http://www.securityfocus.com/bid/8952
BID:8952
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000779
CONECTIVA:CLA-2003:779
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000788
CONECTIVA:CLA-2003:788
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:104
MANDRAKE:MDKSA-2003:104
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97958
MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97958
http://www.redhat.com/support/errata/RHSA-2003-275.html
REDHAT:RHSA-2003:275
http://secunia.com/advisories/10123
SECUNIA:10123
http://www.turbolinux.com/security/TLSA-2003-63.txt
TURBO:TLSA-2003-63
https://exchange.xforce.ibmcloud.com/vulnerabilities/13584
XF:cups-ipp-dos(13584)
CVE-2003-0789
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
2003-10-30
2021-06-06
CVE-2003-0789
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
APPLE:APPLE-SA-2004-01-26
http://www.securityfocus.com/bid/8926
BID:8926
http://www.securityfocus.com/bid/9504
BID:9504
http://marc.info/?l=bugtraq&m=106761802305141&w=2
BUGTRAQ:20031031 GLSA: apache (200310-04)
http://www.ciac.org/ciac/bulletins/o-015.shtml
CIAC:O-015
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775
CONECTIVA:CLA-2003:775
http://apache.secsup.org/dist/httpd/Announcement2.html
CONFIRM:http://apache.secsup.org/dist/httpd/Announcement2.html
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00045.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html
http://security.gentoo.org/glsa/glsa-200310-04.xml
GENTOO:200310-04
http://www.securityfocus.com/advisories/6079
HP:HPSBUX0311-301
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
MANDRAKE:MDKSA-2003:103
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.redhat.com/support/errata/RHSA-2003-320.html
REDHAT:RHSA-2003:320
https://exchange.xforce.ibmcloud.com/vulnerabilities/13552
XF:apache-modcgi-info-disclosure(13552)
CVE-2003-0790
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a broken component of fetchmail that is not "reachable" by any execution path, so it cannot be triggered by any sort of attack and is not exploitable.
2003-10-25
2005-02-06
CVE-2003-0790
CVE-2003-0791
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
2005-04-14
2005-04-22
CVE-2003-0791
http://www.securityfocus.com/bid/9322
BID:9322
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
MANDRAKE:MDKSA-2004:021
https://bugzilla.mozilla.org/show_bug.cgi?id=221526
MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=221526
http://www.osvdb.org/8390
OSVDB:8390
http://www.securityfocus.com/advisories/6979
SCO:SCOSA-2004.8
http://secunia.com/advisories/11103/
SECUNIA:11103
CVE-2003-0792
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.
2003-10-21
2017-07-10
CVE-2003-0792
http://www.securityfocus.com/bid/8843
BID:8843
http://marc.info/?l=bugtraq&m=107731542827401&w=2
BUGTRAQ:20040220 LNSA-#2004-0002: Fetchmail 6.2.4 and earlier remote denial of service
http://security.gentoo.org/glsa/glsa-200403-10.xml
GENTOO:GLSA-200403-10
http://www.securityfocus.com/advisories/5987
IMMUNIX:IMNX-2003-7+-023-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:101
MANDRAKE:MDKSA-2003:101
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-004.0/CSSA-2004-004.0.txt
SCO:CSSA-2004-004.0
http://www.turbolinux.com/security/TLSA-2003-61.txt
TURBO:TLSA-2003-61
https://exchange.xforce.ibmcloud.com/vulnerabilities/13450
XF:fetchmail-email-dos(13450)
CVE-2003-0793
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
2003-10-21
2017-07-10
CVE-2003-0793
http://www.securityfocus.com/bid/8846
BID:8846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766
CONECTIVA:CLA-2003:766
http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
CONFIRM:http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
http://www.mandriva.com/security/advisories?name=MDKSA-2003:100
MANDRAKE:MDKSA-2003:100
https://exchange.xforce.ibmcloud.com/vulnerabilities/13447
XF:gdm-dos(13447)
CVE-2003-0794
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
2003-10-21
2017-07-10
CVE-2003-0794
http://www.securityfocus.com/bid/8846
BID:8846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766
CONECTIVA:CLA-2003:766
http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
CONFIRM:http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome
http://www.mandriva.com/security/advisories?name=MDKSA-2003:100
MANDRAKE:MDKSA-2003:100
https://exchange.xforce.ibmcloud.com/vulnerabilities/13448
XF:gdm-command-dos(13448)
CVE-2003-0795
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
2003-11-18
2016-10-17
CVE-2003-0795
http://marc.info/?l=bugtraq&m=106883387304266&w=2
BUGTRAQ:20031114 Quagga remote vulnerability
http://www.debian.org/security/2004/dsa-415
DEBIAN:DSA-415
http://www.redhat.com/support/errata/RHSA-2003-305.html
REDHAT:RHSA-2003:305
http://www.redhat.com/support/errata/RHSA-2003-307.html
REDHAT:RHSA-2003:307
http://secunia.com/advisories/10563
SECUNIA:10563
CVE-2003-0796
Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled.
2004-03-10
2017-07-10
CVE-2003-0796
http://www.securityfocus.com/bid/9085
BID:9085
ftp://patches.sgi.com/support/free/security/advisories/20031102-01-P.asc
SGI:20031102-01-P
ftp://patches.sgi.com/support/free/security/advisories/20031102-02-P.asc
SGI:20031102-02-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/13807
XF:rpcmountd-mount-gain-access(13807)
CVE-2003-0797
Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors.
2004-03-10
2017-07-10
CVE-2003-0797
http://www.securityfocus.com/bid/9084
BID:9084
http://www.osvdb.org/8520
OSVDB:8520
ftp://patches.sgi.com/support/free/security/advisories/20031102-01-P.asc
SGI:20031102-01-P
ftp://patches.sgi.com/support/free/security/advisories/20031102-02-P.asc
SGI:20031102-02-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/13808
XF:rpcmountd-dos(13808)
CVE-2003-0798
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0798
CVE-2003-0799
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0799
CVE-2003-0800
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0800
CVE-2003-0801
Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.
2003-09-18
CVE-2003-0801
http://www.atstake.com/research/advisories/2003/a091503-1.txt
ATSTAKE:A091503-1
CVE-2003-0802
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
2003-09-18
CVE-2003-0802
http://www.atstake.com/research/advisories/2003/a091503-1.txt
ATSTAKE:A091503-1
CVE-2003-0803
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user.
2003-09-18
CVE-2003-0803
http://www.atstake.com/research/advisories/2003/a091503-1.txt
ATSTAKE:A091503-1
CVE-2003-0804
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
2003-09-25
2004-05-14
CVE-2003-0804
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc
FREEBSD:FreeBSD-SA-03:14
ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc
SGI:20040502-01-P
CVE-2003-0805
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
2003-09-19
2016-10-17
CVE-2003-0805
http://marc.info/?l=bugtraq&m=105804485302211&w=2
BUGTRAQ:20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer
http://marc.info/?l=bugtraq&m=106123498310717&w=2
BUGTRAQ:20030818 FW: [gopher] UMN Gopher 3.0.6 released
http://www.debian.org/security/2003/dsa-387
DEBIAN:DSA-387
CVE-2003-0806
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
2004-04-16
2018-10-12
CVE-2003-0806
http://www.securityfocus.com/bid/10126
BID:10126
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/471260
CERT-VN:VU#471260
http://www.ciac.org/ciac/bulletins/o-114.shtml
CIAC:O-114
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1054
OVAL:oval:org.mitre.oval:def:1054
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A895
OVAL:oval:org.mitre.oval:def:895
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A896
OVAL:oval:org.mitre.oval:def:896
https://exchange.xforce.ibmcloud.com/vulnerabilities/15702
XF:win-winlogon-bo(15702)
CVE-2003-0807
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
2004-04-16
2018-10-12
CVE-2003-0807
http://www.securityfocus.com/bid/10123
BID:10123
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/698564
CERT-VN:VU#698564
http://www.ciac.org/ciac/bulletins/o-115.shtml
CIAC:O-115
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012
MS:MS04-012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1030
OVAL:oval:org.mitre.oval:def:1030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A969
OVAL:oval:org.mitre.oval:def:969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A995
OVAL:oval:org.mitre.oval:def:995
http://securitytracker.com/alerts/2004/Apr/1009762.html
SECTRACK:1009762
https://exchange.xforce.ibmcloud.com/vulnerabilities/15709
XF:win-cis-rpc-http-dos(15709)
CVE-2003-0808
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0808
CVE-2003-0809
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
2003-10-08
2018-10-12
CVE-2003-0809
http://www.securityfocus.com/bid/8565
BID:8565
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040
MS:MS03-040
http://www.osvdb.org/7887
OSVDB:7887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123
OVAL:oval:org.mitre.oval:def:123
https://exchange.xforce.ibmcloud.com/vulnerabilities/13300
XF:ie-xmlobject-code-execution(13300)
CVE-2003-0810
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0810
CVE-2003-0811
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0811
CVE-2003-0812
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
2003-11-18
2018-10-12
CVE-2003-0812
http://www.securityfocus.com/bid/9011
BID:9011
http://marc.info/?l=bugtraq&m=106859247713009&w=2
BUGTRAQ:20031111 EEYE: Windows Workstation Service Remote Buffer Overflow
http://marc.info/?l=bugtraq&m=106865197102041&w=2
BUGTRAQ:20031112 Proof of concept for Windows Workstation Service overflow
http://www.cert.org/advisories/CA-2003-28.html
CERT:CA-2003-28
http://www.kb.cert.org/vuls/id/567620
CERT-VN:VU#567620
http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
CISCO:20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-049
MS:MS03-049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331
OVAL:oval:org.mitre.oval:def:331
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575
OVAL:oval:org.mitre.oval:def:575
CVE-2003-0813
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
2003-10-15
2018-10-12
CVE-2003-0813
http://www.securityfocus.com/bid/8811
BID:8811
http://marc.info/?l=bugtraq&m=106579825211708&w=2
BUGTRAQ:20031010 Bad news on RPC DCOM vulnerability
http://marc.info/?l=bugtraq&m=106588827513795&w=2
BUGTRAQ:20031011 RE: Bad news on RPC DCOM vulnerability
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/547820
CERT-VN:VU#547820
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011870.html
FULLDISC:20031010 Re : [VERY] BAD news on RPC DCOM Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011886.html
FULLDISC:20031010 Re: Bad news on RPC DCOM vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011901.html
FULLDISC:20031011 Bad news on RPC DCOM2 vulnerability
http://xforce.iss.net/xforce/alerts/id/155
ISS:20031014 Microsoft RPC Race Condition Denial of Service
http://www.securitylab.ru/_exploits/rpc2.c.txt
MISC:http://www.securitylab.ru/_exploits/rpc2.c.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012
MS:MS04-012
http://marc.info/?l=ntbugtraq&m=106580303918155&w=2
NTBUGTRAQ:20031010 Bad news on RPC DCOM vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A893
OVAL:oval:org.mitre.oval:def:893
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A894
OVAL:oval:org.mitre.oval:def:894
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A900
OVAL:oval:org.mitre.oval:def:900
CVE-2003-0814
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
2004-01-14
2018-10-12
CVE-2003-0814
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html
BUGTRAQ:20030910 MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method
http://www.securityfocus.com/archive/1/337086
BUGTRAQ:20030911 LiuDieYu's missing files are here.
http://www.kb.cert.org/vuls/id/326412
CERT-VN:VU#326412
http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm
MISC:http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
MS:MS03-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335
OVAL:oval:org.mitre.oval:def:335
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341
OVAL:oval:org.mitre.oval:def:341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342
OVAL:oval:org.mitre.oval:def:342
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343
OVAL:oval:org.mitre.oval:def:343
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344
OVAL:oval:org.mitre.oval:def:344
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349
OVAL:oval:org.mitre.oval:def:349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392
OVAL:oval:org.mitre.oval:def:392
http://securitytracker.com/id?1007687
SECTRACK:1007687
http://secunia.com/advisories/10192
SECUNIA:10192
CVE-2003-0815
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
2004-01-14
2018-10-12
CVE-2003-0815
http://www.securityfocus.com/bid/9014
BID:9014
http://marc.info/?l=bugtraq&m=106322542104656&w=2
BUGTRAQ:20030910 MSIE->Findeath: break caller-based authorization
http://marc.info/?l=bugtraq&m=106321757619047&w=2
BUGTRAQ:20030910 MSIE->LinkillerJPU:another caller-based authorization(is broken).
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html
BUGTRAQ:20030910 MSIE->LinkillerSaveRef:another caller-based authorization
http://www.securityfocus.com/archive/1/337086
BUGTRAQ:20030911 LiuDieYu's missing files are here.
http://www.ciac.org/ciac/bulletins/o-021.shtml
CIAC:O-021
http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM
MISC:http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM
http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM
MISC:http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM
http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM
MISC:http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
MS:MS03-048
http://www.osvdb.org/7888
OSVDB:7888
http://www.osvdb.org/7889
OSVDB:7889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351
OVAL:oval:org.mitre.oval:def:351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352
OVAL:oval:org.mitre.oval:def:352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353
OVAL:oval:org.mitre.oval:def:353
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356
OVAL:oval:org.mitre.oval:def:356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357
OVAL:oval:org.mitre.oval:def:357
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359
OVAL:oval:org.mitre.oval:def:359
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472
OVAL:oval:org.mitre.oval:def:472
http://securitytracker.com/id?1007687
SECTRACK:1007687
http://secunia.com/advisories/10192
SECUNIA:10192
https://exchange.xforce.ibmcloud.com/vulnerabilities/13676
XF:ie-pointer-zone-bypass(13676)
CVE-2003-0816
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
2004-01-14
2018-10-12
CVE-2003-0816
http://marc.info/?l=bugtraq&m=106322240132721&w=2
BUGTRAQ:20030910 MSIE->BackMyParent2:Multi-Thread version
http://www.securityfocus.com/archive/1/336937
BUGTRAQ:20030910 MSIE->NAFfileJPU
http://marc.info/?l=bugtraq&m=106321693517858&w=2
BUGTRAQ:20030910 MSIE->NAFjpuInHistory
http://marc.info/?l=bugtraq&m=106321638416884&w=2
BUGTRAQ:20030910 MSIE->RefBack
http://marc.info/?l=bugtraq&m=106322063729496&w=2
BUGTRAQ:20030910 MSIE->WsBASEjpu
http://marc.info/?l=bugtraq&m=106321781819727&w=2
BUGTRAQ:20030910 MSIE->WsFakeSrc
http://marc.info/?l=bugtraq&m=106321882821788&w=2
BUGTRAQ:20030910 MSIE->WsOpenFileJPU
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html
BUGTRAQ:20030910 MSIE->WsOpenJpuInHistory
http://www.securityfocus.com/archive/1/337086
BUGTRAQ:20030911 LiuDieYu's missing files are here.
http://www.kb.cert.org/vuls/id/652452
CERT-VN:VU#652452
http://www.kb.cert.org/vuls/id/771604
CERT-VN:VU#771604
http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
MISC:http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm
http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
MISC:http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
MISC:http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm
http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
MISC:http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
MISC:http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
MISC:http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
MISC:http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM
http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
MISC:http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
MISC:http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
MS:MS03-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361
OVAL:oval:org.mitre.oval:def:361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362
OVAL:oval:org.mitre.oval:def:362
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363
OVAL:oval:org.mitre.oval:def:363
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409
OVAL:oval:org.mitre.oval:def:409
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416
OVAL:oval:org.mitre.oval:def:416
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459
OVAL:oval:org.mitre.oval:def:459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479
OVAL:oval:org.mitre.oval:def:479
http://securitytracker.com/id?1007687
SECTRACK:1007687
http://secunia.com/advisories/10192
SECUNIA:10192
CVE-2003-0817
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
2004-01-14
2018-10-12
CVE-2003-0817
http://www.securityfocus.com/bid/9012
BID:9012
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
MS:MS03-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508
OVAL:oval:org.mitre.oval:def:508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520
OVAL:oval:org.mitre.oval:def:520
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543
OVAL:oval:org.mitre.oval:def:543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548
OVAL:oval:org.mitre.oval:def:548
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549
OVAL:oval:org.mitre.oval:def:549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556
OVAL:oval:org.mitre.oval:def:556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566
OVAL:oval:org.mitre.oval:def:566
http://secunia.com/advisories/10192
SECUNIA:10192
CVE-2003-0818
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
2004-02-11
2018-10-12
CVE-2003-0818
http://marc.info/?l=bugtraq&m=107643892224825&w=2
BUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
http://marc.info/?l=bugtraq&m=107643836125615&w=2
BUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
http://www.us-cert.gov/cas/techalerts/TA04-041A.html
CERT:TA04-041A
http://www.kb.cert.org/vuls/id/216324
CERT-VN:VU#216324
http://www.kb.cert.org/vuls/id/583108
CERT-VN:VU#583108
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007
MS:MS04-007
http://marc.info/?l=ntbugtraq&m=107650972723080&w=2
NTBUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
http://marc.info/?l=ntbugtraq&m=107650972617367&w=2
NTBUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653
OVAL:oval:org.mitre.oval:def:653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796
OVAL:oval:org.mitre.oval:def:796
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797
OVAL:oval:org.mitre.oval:def:797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799
OVAL:oval:org.mitre.oval:def:799
CVE-2003-0819
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
2004-01-15
2018-10-12
CVE-2003-0819
http://www.securityfocus.com/bid/9406
BID:9406
http://www.securityfocus.com/bid/9408
BID:9408
http://www.cert.org/advisories/CA-2004-01.html
CERT:CA-2004-01
http://www.kb.cert.org/vuls/id/749342
CERT-VN:VU#749342
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-001
MS:MS04-001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A478
OVAL:oval:org.mitre.oval:def:478
http://www.securitytracker.com/id?1008698
SECTRACK:1008698
http://secunia.com/advisories/10611
SECUNIA:10611
CVE-2003-0820
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
2003-11-18
2018-10-12
CVE-2003-0820
http://www.securityfocus.com/bid/8835
BID:8835
http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html
BUGTRAQ:20031015 Few issues previously unpublished in English
http://www.security.nnov.ru/search/document.asp?docid=5243
MISC:http://www.security.nnov.ru/search/document.asp?docid=5243
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050
MS:MS03-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336
OVAL:oval:org.mitre.oval:def:336
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585
OVAL:oval:org.mitre.oval:def:585
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586
OVAL:oval:org.mitre.oval:def:586
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668
OVAL:oval:org.mitre.oval:def:668
https://exchange.xforce.ibmcloud.com/vulnerabilities/13682
XF:word-macro-execute-code(13682)
CVE-2003-0821
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
2003-11-18
2018-10-12
CVE-2003-0821
http://www.securityfocus.com/bid/9010
BID:9010
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050
MS:MS03-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A636
OVAL:oval:org.mitre.oval:def:636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A675
OVAL:oval:org.mitre.oval:def:675
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A695
OVAL:oval:org.mitre.oval:def:695
https://exchange.xforce.ibmcloud.com/vulnerabilities/13681
XF:excel-macro-execute-code(13681)
CVE-2003-0822
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
2003-11-18
2018-10-12
CVE-2003-0822
http://marc.info/?l=bugtraq&m=106865318904055&w=2
BUGTRAQ:20031112 Frontpage Extensions Remote Command Execution
http://www.kb.cert.org/vuls/id/279156
CERT-VN:VU#279156
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051
MS:MS03-051
http://marc.info/?l=ntbugtraq&m=106862654906759&w=2
NTBUGTRAQ:20031112 Frontpage Extensions Remote Command Execution
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A364
OVAL:oval:org.mitre.oval:def:364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A366
OVAL:oval:org.mitre.oval:def:366
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A367
OVAL:oval:org.mitre.oval:def:367
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A699
OVAL:oval:org.mitre.oval:def:699
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A743
OVAL:oval:org.mitre.oval:def:743
http://secunia.com/advisories/10195
SECUNIA:10195
https://exchange.xforce.ibmcloud.com/vulnerabilities/13674
XF:fpse-debug-bo(13674)
CVE-2003-0823
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
2004-01-14
2018-10-12
CVE-2003-0823
http://marc.info/?l=bugtraq&m=106322197932006&w=2
BUGTRAQ:20030910 MSIE->HijackClick: 1+1=2
http://www.securityfocus.com/archive/1/337086
BUGTRAQ:20030911 LiuDieYu's missing files are here.
http://www.kb.cert.org/vuls/id/413886
CERT-VN:VU#413886
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
MS:MS03-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368
OVAL:oval:org.mitre.oval:def:368
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369
OVAL:oval:org.mitre.oval:def:369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370
OVAL:oval:org.mitre.oval:def:370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371
OVAL:oval:org.mitre.oval:def:371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372
OVAL:oval:org.mitre.oval:def:372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588
OVAL:oval:org.mitre.oval:def:588
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733
OVAL:oval:org.mitre.oval:def:733
http://www.securitytracker.com/id?1006036
SECTRACK:1006036
http://secunia.com/advisories/10192
SECUNIA:10192
CVE-2003-0824
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
2003-11-18
2018-10-12
CVE-2003-0824
http://www.kb.cert.org/vuls/id/179012
CERT-VN:VU#179012
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051
MS:MS03-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A308
OVAL:oval:org.mitre.oval:def:308
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A591
OVAL:oval:org.mitre.oval:def:591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A606
OVAL:oval:org.mitre.oval:def:606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A625
OVAL:oval:org.mitre.oval:def:625
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A762
OVAL:oval:org.mitre.oval:def:762
http://secunia.com/advisories/10195
SECUNIA:10195
https://exchange.xforce.ibmcloud.com/vulnerabilities/13680
XF:fpse-smarthtml-dos(13680)
CVE-2003-0825
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
2004-09-01
2006-10-31
CVE-2003-0825
http://www.securityfocus.com/bid/9624
BID:9624
http://www.kb.cert.org/vuls/id/445214
CERT-VN:VU#445214
http://www.ciac.org/ciac/bulletins/o-077.shtml
CIAC:O-077
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006
MS:MS04-006
http://www.osvdb.org/3903
OSVDB:3903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704
OVAL:oval:org.mitre.oval:def:704
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800
OVAL:oval:org.mitre.oval:def:800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801
OVAL:oval:org.mitre.oval:def:801
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802
OVAL:oval:org.mitre.oval:def:802
https://exchange.xforce.ibmcloud.com/vulnerabilities/15037
XF:win-wins-gsflag-dos(15037)
CVE-2003-0826
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
2003-09-23
2016-10-17
CVE-2003-0826
http://marc.info/?l=bugtraq&m=106398939512178&w=2
BUGTRAQ:20030919 Remote root vuln in lsh 1.4.x
http://marc.info/?l=bugtraq&m=106407188509874&w=2
BUGTRAQ:20030920 LSH: Buffer overrun and remote root compromise in lshd
http://bugs.debian.org/211662
CONFIRM:http://bugs.debian.org/211662
http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html
CONFIRM:http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html
http://www.debian.org/security/2005/dsa-717
DEBIAN:DSA-717
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010496.html
FULLDISC:20030919 lsh patch (was Re: [Full-Disclosure] new ssh exploit?)
CVE-2003-0827
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
2003-09-23
2016-10-17
CVE-2003-0827
http://www-1.ibm.com/support/search.wss?rs=0&q=IY47686&apar=only
AIXAPAR:IY47686
http://marc.info/?l=bugtraq&m=106399616919636&w=2
BUGTRAQ:20030919 AppSecInc Security Alert: Denial of Service Vulnerability in DB2 Discovery Service
CVE-2003-0828
Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables.
2004-03-10
2017-07-10
CVE-2003-0828
http://www.securityfocus.com/bid/8716
BID:8716
http://www.debian.org/security/2003/dsa-391
DEBIAN:DSA-391
https://exchange.xforce.ibmcloud.com/vulnerabilities/13301
XF:freesweep-bo(13301)
CVE-2003-0829
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0829
CVE-2003-0830
Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable.
2003-10-01
CVE-2003-0830
http://www.debian.org/security/2003/dsa-390
DEBIAN:DSA-390
CVE-2003-0831
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
2003-09-25
2017-10-04
CVE-2003-0831
http://marc.info/?l=bugtraq&m=106441655617816&w=2
BUGTRAQ:20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)
http://marc.info/?l=bugtraq&m=106606885611269&w=2
BUGTRAQ:20031013 Remote root exploit for proftpd \n bug
http://www.kb.cert.org/vuls/id/405348
CERT-VN:VU#405348
https://www.exploit-db.com/exploits/107/
EXPLOIT-DB:107
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
FULLDISC:20031014 Another ProFTPd root EXPLOIT ?
http://xforce.iss.net/xforce/alerts/id/154
ISS:20030923 ProFTPD ASCII File Remote Compromise Vulnerability
http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
MANDRAKE:MDKSA-2003:095
http://secunia.com/advisories/9829
SECUNIA:9829
https://exchange.xforce.ibmcloud.com/vulnerabilities/12200
XF:proftpd-ascii-xfer-newline-bo(12200)
CVE-2003-0832
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
2003-10-01
CVE-2003-0832
http://www.debian.org/security/2003/dsa-392
DEBIAN:DSA-392
CVE-2003-0833
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
2003-10-01
CVE-2003-0833
http://www.debian.org/security/2003/dsa-392
DEBIAN:DSA-392
CVE-2003-0834
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
2003-11-06
2017-10-09
CVE-2003-0834
http://www.securityfocus.com/bid/8973
BID:8973
http://www.kb.cert.org/vuls/id/575804
CERT-VN:VU#575804
http://archives.neohapsis.com/archives/hp/2003-q4/0047.html
HP:HPSBUX0311-297
http://www.idefense.com/application/poi/display?id=134&type=vulnerabilities&flashstatus=false
IDEFENSE:20040825 CDE libDtHelp LOGNAME Buffer Overflow Vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5141
OVAL:oval:org.mitre.oval:def:5141
SCO:CSSA-2003-SCO.31
ftp://patches.sgi.com/support/free/security/advisories/20040801-01-P
SGI:20040801-01-P
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57414
SUNALERT:57414
CVE-2003-0835
Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.
2003-10-01
2016-10-17
CVE-2003-0835
http://marc.info/?l=bugtraq&m=106454257221455&w=2
BUGTRAQ:20030925 MPlayer Security Advisory #01: Remotely exploitable buffer overflow
http://marc.info/?l=bugtraq&m=106460912721618&w=2
BUGTRAQ:20030926 Mplayer Buffer Overflow
http://marc.info/?l=bugtraq&m=106485005213109&w=2
BUGTRAQ:20030929 GLSA: media-video/mplayer (200309-15)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000760
CONECTIVA:CLA-2003:760
http://www.mplayerhq.hu/homepage/design6/news.html
CONFIRM:http://www.mplayerhq.hu/homepage/design6/news.html
CVE-2003-0836
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.
2003-10-08
2022-08-16
CVE-2003-0836
BUGTRAQ:20031001 ptl-2003-01: IBM DB2 LOAD Command Stack Overflow Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0836
MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0836
CVE-2003-0837
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
2003-10-08
2017-07-10
CVE-2003-0837
http://www.securityfocus.com/bid/8743
BID:8743
http://marc.info/?l=bugtraq&m=106503709914622&w=2
BUGTRAQ:20031001 ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/13331
XF:db2-invoke-bo(13331)
CVE-2003-0838
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
2003-10-07
2018-10-12
CVE-2003-0838
http://www.securityfocus.com/bid/8556
BID:8556
http://marc.info/?l=bugtraq&m=106304733121753&w=2
BUGTRAQ:20030907 BAD NEWS: Microsoft Security Bulletin MS03-032
http://marc.info/?l=bugtraq&m=106304876523459&w=2
BUGTRAQ:20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html
FULLDISC:20030907 BAD NEWS: Microsoft Security Bulletin MS03-032
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
MISC:http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040
MS:MS03-040
http://marc.info/?l=ntbugtraq&m=106302799428500&w=2
NTBUGTRAQ:20030907 BAD NEWS: Microsoft Security Bulletin MS03-032
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169
NTBUGTRAQ:20031001 DNS/Hosts file issues
http://www.osvdb.org/7872
OSVDB:7872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204
OVAL:oval:org.mitre.oval:def:204
https://exchange.xforce.ibmcloud.com/vulnerabilities/13314
XF:ie-popup-code-execution(13314)
CVE-2003-0839
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
2003-10-09
2016-10-17
CVE-2003-0839
http://marc.info/?l=bugtraq&m=106563075612028&w=2
BUGTRAQ:20031008 Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability
http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html
MISC:http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html
CVE-2003-0840
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.
2003-10-09
2016-10-17
CVE-2003-0840
http://marc.info/?l=bugtraq&m=106563181313571&w=2
BUGTRAQ:20031008 HPUX dtprintinfo buffer overflow vulnerability
CVE-2003-0841
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
2003-10-09
2016-10-17
CVE-2003-0841
http://marc.info/?l=bugtraq&m=106554919000847&w=2
BUGTRAQ:20031007 PeopleSoft Grid Option Vulnerability
CVE-2003-0842
Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header.
2003-10-09
2016-10-17
CVE-2003-0842
http://marc.info/?l=bugtraq&m=105457180009860&w=2
BUGTRAQ:20030601 Mod_gzip Debug Mode Vulnerabilities
CVE-2003-0843
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
2003-10-09
2016-10-17
CVE-2003-0843
http://marc.info/?l=bugtraq&m=105457180009860&w=2
BUGTRAQ:20030601 Mod_gzip Debug Mode Vulnerabilities
CVE-2003-0844
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
2003-10-09
2016-10-17
CVE-2003-0844
http://marc.info/?l=bugtraq&m=105457180009860&w=2
BUGTRAQ:20030601 Mod_gzip Debug Mode Vulnerabilities
CVE-2003-0845
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
2003-10-09
2017-10-09
CVE-2003-0845
http://www.securityfocus.com/bid/8773
BID:8773
http://marc.info/?l=bugtraq&m=106546044416498&w=2
BUGTRAQ:20031005 JBoss 3.2.1: Remote Command Injection
http://marc.info/?l=bugtraq&m=106547728803252&w=2
BUGTRAQ:20031006 Update JBoss 308 & 321: Remote Command Injection
http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866
CONFIRM:http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300
OVAL:oval:org.mitre.oval:def:11300
http://www.redhat.com/support/errata/RHSA-2007-1048.html
REDHAT:RHSA-2007:1048
http://secunia.com/advisories/27914
SECUNIA:27914
CVE-2003-0846
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.
2003-10-09
2016-10-17
CVE-2003-0846
http://marc.info/?l=bugtraq&m=106546177518140&w=2
BUGTRAQ:20031006 Local root exploit in SuSE Linux 7.3Pro
http://marc.info/?l=bugtraq&m=106546531922379&w=2
BUGTRAQ:20031006 Re: Local root exploit in SuSE Linux 8.2Pro
CVE-2003-0847
SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.
2003-10-09
2016-10-17
CVE-2003-0847
http://marc.info/?l=bugtraq&m=106545972615578&w=2
BUGTRAQ:20031006 Local root exploit in SuSE Linux 8.2Pro
http://marc.info/?l=bugtraq&m=106546531922379&w=2
BUGTRAQ:20031006 Re: Local root exploit in SuSE Linux 8.2Pro
CVE-2003-0848
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
2003-10-09
2017-10-09
CVE-2003-0848
http://marc.info/?l=bugtraq&m=106546447321274&w=2
BUGTRAQ:20031006 SA-20031006 slocate vulnerability
http://marc.info/?l=bugtraq&m=106589631819348&w=2
BUGTRAQ:20031011 SA-20031006 slocate buffer overflow - exploitation proof
http://www.debian.org/security/2004/dsa-428
DEBIAN:DSA-428
http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html
FEDORA:FEDORA-2004-059
http://www.mandriva.com/security/advisories?name=MDKSA-2004:004
MANDRAKE:MDKSA-2004:004
http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt
MISC:http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt
http://www.ebitech.sk/patrik/SA/SA-20031006.txt
MISC:http://www.ebitech.sk/patrik/SA/SA-20031006.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033
OVAL:oval:org.mitre.oval:def:11033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821
OVAL:oval:org.mitre.oval:def:821
http://rhn.redhat.com/errata/RHSA-2004-040.html
REDHAT:RHSA-2004:040
http://www.redhat.com/support/errata/RHSA-2004-041.html
REDHAT:RHSA-2004:041
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt
SCO:CSSA-2004-001.0
http://secunia.com/advisories/10670
SECUNIA:10670
http://secunia.com/advisories/10683
SECUNIA:10683
http://secunia.com/advisories/10686
SECUNIA:10686
http://secunia.com/advisories/10698
SECUNIA:10698
http://secunia.com/advisories/10702
SECUNIA:10702
http://secunia.com/advisories/10720
SECUNIA:10720
http://secunia.com/advisories/10722
SECUNIA:10722
http://secunia.com/advisories/9962/
SECUNIA:9962
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
SGI:20040201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt
TRUSTIX:2004-0005
CVE-2003-0849
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
2003-10-09
2016-10-17
CVE-2003-0849
http://marc.info/?l=bugtraq&m=106451047819552&w=2
BUGTRAQ:20030925 Cfengine2 cfservd remote stack overflow
http://marc.info/?l=bugtraq&m=106485375218280&w=2
BUGTRAQ:20030928 cfengine2-2.0.3 remote exploit for redhat
http://marc.info/?l=bugtraq&m=106546086216984&w=2
BUGTRAQ:20031005 GLSA: cfengine (200310-02)
CVE-2003-0850
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
2003-10-25
2016-10-17
CVE-2003-0850
http://marc.info/?l=bugtraq&m=106728224210446&w=2
BUGTRAQ:20031027 Libnids <= 1.17 buffer overflow
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773
CONECTIVA:CLA-2003:773
http://sourceforge.net/project/shownotes.php?release_id=191323
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=191323
http://www.debian.org/security/2004/dsa-410
DEBIAN:DSA-410
http://secunia.com/advisories/10543
SECUNIA:10543
CVE-2003-0851
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
2003-11-06
2017-10-09
CVE-2003-0851
http://www.securityfocus.com/bid/8970
BID:8970
http://marc.info/?l=bugtraq&m=106796246511667&w=2
BUGTRAQ:20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing
http://marc.info/?l=bugtraq&m=108403850228012&w=2
BUGTRAQ:20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability
http://www.kb.cert.org/vuls/id/412478
CERT-VN:VU#412478
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
CISCO:20030930 SSL Implementation Vulnerabilities
http://www.openssl.org/news/secadv_20031104.txt
CONFIRM:http://www.openssl.org/news/secadv_20031104.txt
ENGARDE:ESA-20031104-029
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
FEDORA:FEDORA-2005-1042
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
NETBSD:NetBSD-SA2004-003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
OVAL:oval:org.mitre.oval:def:5528
http://rhn.redhat.com/errata/RHSA-2004-119.html
REDHAT:RHSA-2004:119
http://secunia.com/advisories/17381
SECUNIA:17381
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
SGI:20040304-01-U
CVE-2003-0852
Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.
2003-10-25
2017-07-10
CVE-2003-0852
http://www.securityfocus.com/bid/8877
BID:8877
http://sylpheed.good-day.net/#changes
CONFIRM:http://sylpheed.good-day.net/#changes
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html
FULLDISC:20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows
http://www.guninski.com/sylph.html
MISC:http://www.guninski.com/sylph.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13508
XF:sylpheed-smtp-format-string(13508)
CVE-2003-0853
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
2003-10-25
2003-10-28
CVE-2003-0853
http://www.securityfocus.com/bid/8875
BID:8875
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768
CONECTIVA:CLA-2003:768
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771
CONECTIVA:CLA-2003:771
http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html
FULLDISC:20031022 Fun with /bin/ls, yet still ls better than windows
http://www.securityfocus.com/advisories/6014
IMMUNIX:IMNX-2003-7+-026-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:106
MANDRAKE:MDKSA-2003:106
http://www.guninski.com/binls.html
MISC:http://www.guninski.com/binls.html
http://www.redhat.com/support/errata/RHSA-2003-309.html
REDHAT:RHSA-2003:309
http://www.redhat.com/support/errata/RHSA-2003-310.html
REDHAT:RHSA-2003:310
http://secunia.com/advisories/10126
SECUNIA:10126
http://secunia.com/advisories/17069
SECUNIA:17069
http://www.turbolinux.com/security/TLSA-2003-60.txt
TURBO:TLSA-2003-60
CVE-2003-0854
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
2003-10-25
2017-10-09
CVE-2003-0854
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768
CONECTIVA:CLA-2003:768
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771
CONECTIVA:CLA-2003:771
http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf
http://www.debian.org/security/2005/dsa-705
DEBIAN:DSA-705
https://www.exploit-db.com/exploits/115
EXPLOIT-DB:115
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html
FULLDISC:20031022 Fun with /bin/ls, yet still ls better than windows
http://www.securityfocus.com/advisories/6014
IMMUNIX:IMNX-2003-7+-026-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:106
MANDRAKE:MDKSA-2003:106
http://www.guninski.com/binls.html
MISC:http://www.guninski.com/binls.html
http://www.redhat.com/support/errata/RHSA-2003-309.html
REDHAT:RHSA-2003:309
http://www.redhat.com/support/errata/RHSA-2003-310.html
REDHAT:RHSA-2003:310
http://secunia.com/advisories/10126
SECUNIA:10126
http://secunia.com/advisories/17069
SECUNIA:17069
http://www.turbolinux.com/security/TLSA-2003-60.txt
TURBO:TLSA-2003-60
CVE-2003-0855
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.
2003-10-30
2003-12-11
CVE-2003-0855
http://bugzilla.gnome.org/show_bug.cgi?id=107025
CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=107025
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107519
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107519
http://www.redhat.com/support/errata/RHSA-2003-311.html
REDHAT:RHSA-2003:311
http://www.redhat.com/support/errata/RHSA-2003-312.html
REDHAT:RHSA-2003:312
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
CVE-2003-0856
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
2003-11-18
2017-10-09
CVE-2003-0856
http://www.debian.org/security/2004/dsa-492
DEBIAN:DSA-492
http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html
FEDORA:FEDORA-2004-115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912
OVAL:oval:org.mitre.oval:def:10912
http://www.redhat.com/support/errata/RHSA-2003-316.html
REDHAT:RHSA-2003:316
http://www.redhat.com/support/errata/RHSA-2003-317.html
REDHAT:RHSA-2003:317
http://www.novell.com/linux/security/advisories/2005_01_sr.html
SUSE:SUSE-SR:2005:001
CVE-2003-0857
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
2007-11-20
2021-06-15
CVE-2003-0857
https://bugzilla.redhat.com/show_bug.cgi?id=108574
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=108574
CVE-2003-0858
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
2003-11-18
2017-10-09
CVE-2003-0858
http://www.debian.org/security/2004/dsa-415
DEBIAN:DSA-415
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169
OVAL:oval:org.mitre.oval:def:10169
http://www.redhat.com/support/errata/RHSA-2003-305.html
REDHAT:RHSA-2003:305
http://www.redhat.com/support/errata/RHSA-2003-307.html
REDHAT:RHSA-2003:307
http://www.redhat.com/support/errata/RHSA-2003-315.html
REDHAT:RHSA-2003:315
http://secunia.com/advisories/10563
SECUNIA:10563
CVE-2003-0859
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
2003-11-18
2017-10-09
CVE-2003-0859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11337
OVAL:oval:org.mitre.oval:def:11337
http://www.redhat.com/support/errata/RHSA-2003-325.html
REDHAT:RHSA-2003:325
http://www.redhat.com/support/errata/RHSA-2003-334.html
REDHAT:RHSA-2003:334
CVE-2003-0860
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
2003-10-15
2021-06-15
CVE-2003-0860
http://www.php.net/ChangeLog-4.php#4.3.3
CONFIRM:http://www.php.net/ChangeLog-4.php#4.3.3
http://www.php.net/release_4_3_3.php
CONFIRM:http://www.php.net/release_4_3_3.php
CVE-2003-0861
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
2003-10-15
2021-06-15
CVE-2003-0861
http://www.php.net/ChangeLog-4.php#4.3.3
CONFIRM:http://www.php.net/ChangeLog-4.php#4.3.3
http://www.php.net/release_4_3_3.php
CONFIRM:http://www.php.net/release_4_3_3.php
CVE-2003-0862
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0813. Reason: This candidate is a duplicate of CVE-2003-0813. Notes: All CVE users should reference CVE-2003-0813 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-10-15
2005-02-06
CVE-2003-0862
CVE-2003-0863
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
2003-10-15
2016-10-17
CVE-2003-0863
http://marc.info/?l=bugtraq&m=105839111204227
BUGTRAQ:20030716 PHP safe mode broken?
CVE-2003-0864
Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.
2003-10-15
2017-07-10
CVE-2003-0864
http://www.securityfocus.com/bid/8817
BID:8817
http://marc.info/?l=bugtraq&m=106606129601446&w=2
BUGTRAQ:20031012 buffer overflow in IRCD software
http://marc.info/?l=bugtraq&m=106667431021928&w=2
BUGTRAQ:20031019 [OpenPKG-SA-2003.045] OpenPKG Security Advisory (ircd)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000765
CONECTIVA:CLA-2003:765
ftp://ftp.irc.org/irc/server/ChangeLog
CONFIRM:ftp://ftp.irc.org/irc/server/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/13408
XF:ircd-mjoin-bo(13408)
CVE-2003-0865
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
2003-10-17
2016-10-17
CVE-2003-0865
http://www.securityfocus.com/bid/8680
BID:8680
http://www.securityfocus.com/archive/1/338641
BUGTRAQ:20030923 mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit.
http://marc.info/?l=bugtraq&m=106493686331198&w=2
BUGTRAQ:20030930 GLSA: mpg123 (200309-17)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000781
CONECTIVA:CLA-2003:781
http://www.debian.org/security/2004/dsa-435
DEBIAN:DSA-435
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt
SCO:CSSA-2004-002.0
CVE-2003-0866
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
2003-10-17
2020-02-13
CVE-2003-0866
http://www.securityfocus.com/bid/8824
BID:8824
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506
http://tomcat.apache.org/security-4.html
CONFIRM:http://tomcat.apache.org/security-4.html
http://www.debian.org/security/2003/dsa-395
DEBIAN:DSA-395
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
http://secunia.com/advisories/30899
SECUNIA:30899
http://secunia.com/advisories/30908
SECUNIA:30908
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
SUNALERT:239312
http://www.vupen.com/english/advisories/2008/1979/references
VUPEN:ADV-2008-1979
https://exchange.xforce.ibmcloud.com/vulnerabilities/13429
XF:tomcat-non-http-dos(13429)
CVE-2003-0867
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0662. Reason: This candidate is a duplicate of CVE-2003-0662. Notes: All CVE users should reference CVE-2003-0662 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-10-17
2005-02-06
CVE-2003-0867
CVE-2003-0868
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0868
CVE-2003-0869
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0869
CVE-2003-0870
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
2003-10-21
2017-07-10
CVE-2003-0870
http://www.atstake.com/research/advisories/2003/a102003-1.txt
ATSTAKE:A102003-1
http://www.securityfocus.com/bid/8853
BID:8853
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0016.html
VULNWATCH:20031020 Opera HREF escaped server name overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/13458
XF:opera-escape-heap-overflow(13458)
CVE-2003-0871
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
2003-10-30
2005-04-30
CVE-2003-0871
http://lists.apple.com/mhonarc/security-announce/msg00039.html
APPLE:APPLE-SA-2003-10-28
http://www.securityfocus.com/bid/8922
BID:8922
CVE-2003-0872
Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files.
2003-10-25
2005-07-12
CVE-2003-0872
http://www.securityfocus.com/bid/8864
BID:8864
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/CSSA-2003-SCO.27.txt
SCO:CSSA-2003-SCO.27
CVE-2003-0873
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0873
CVE-2003-0874
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.
2003-10-25
2017-07-10
CVE-2003-0874
http://www.securityfocus.com/bid/8856
BID:8856
http://marc.info/?l=bugtraq&m=106667525623311&w=2
BUGTRAQ:20031020 Multiple SQL Injection Vulnerabilities in DeskPRO
http://www.securiteam.com/unixfocus/6R0052K8KM.html
MISC:http://www.securiteam.com/unixfocus/6R0052K8KM.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html
VULNWATCH:20031020 Multiple SQL Injection Vulnerabilities in DeskPRO
https://exchange.xforce.ibmcloud.com/vulnerabilities/13391
XF:deskpro-multiple-sql-injection(13391)
CVE-2003-0875
Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.
2003-10-25
2016-10-17
CVE-2003-0875
http://marc.info/?l=bugtraq&m=106123103606336&w=2
BUGTRAQ:20030818 OpenSLP initscript symlink vulnerability
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000723
CONECTIVA:CLA-2003:723
CVE-2003-0876
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
2003-10-30
2017-07-10
CVE-2003-0876
http://www.atstake.com/research/advisories/2003/a102803-1.txt
ATSTAKE:A102803-1
http://www.securityfocus.com/bid/8916
BID:8916
http://www.securityfocus.com/bid/8917
BID:8917
https://exchange.xforce.ibmcloud.com/vulnerabilities/13537
XF:macos-insecure-file-permissions(13537)
CVE-2003-0877
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
2003-10-30
2017-07-10
CVE-2003-0877
http://www.atstake.com/research/advisories/2003/a102803-1.txt
ATSTAKE:A102803-1
http://www.securityfocus.com/bid/8914
BID:8914
http://www.securityfocus.com/bid/8917
BID:8917
https://exchange.xforce.ibmcloud.com/vulnerabilities/13542
XF:macos-core-files-symlink(13542)
CVE-2003-0878
slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.
2003-10-30
2005-11-02
CVE-2003-0878
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
CVE-2003-0879
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0518. Reason: This candidate is a reservation duplicate of CVE-2003-0518. Notes: All CVE users should reference CVE-2003-0518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-10-28
2005-02-06
CVE-2003-0879
CVE-2003-0880
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
2003-10-30
2021-06-15
CVE-2003-0880
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
CVE-2003-0881
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.
2003-10-30
2021-06-15
CVE-2003-0881
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
CVE-2003-0882
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
2003-10-30
2021-06-15
CVE-2003-0882
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
CVE-2003-0883
The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.
2003-10-30
2003-11-05
CVE-2003-0883
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
CVE-2003-0884
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0884
CVE-2003-0885
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.
2006-02-27
2021-06-15
CVE-2003-0885
http://bugs.gentoo.org/show_bug.cgi?id=41253
CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=41253
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286
CVE-2003-0886
Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.
2003-11-12
2016-10-17
CVE-2003-0886
http://marc.info/?l=bugtraq&m=106858898708752&w=2
BUGTRAQ:20031111 HylaFAX - Format String Vulnerability Fixed
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783
CONECTIVA:CLA-2003:783
http://www.debian.org/security/2003/dsa-401
DEBIAN:DSA-401
http://www.mandriva.com/security/advisories?name=MDKSA-2003:105
MANDRAKE:MDKSA-2003:105
http://www.novell.com/linux/security/advisories/2003_045_hylafax.html
SUSE:SuSE-SA:2003:045
CVE-2003-0887
ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.
2005-10-31
2021-06-15
CVE-2003-0887
http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5
CONFIRM:http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5
http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6
CONFIRM:http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6
CVE-2003-0888
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0888
CVE-2003-0889
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0889
CVE-2003-0890
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0890
CVE-2003-0891
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0891
CVE-2003-0892
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0892
CVE-2003-0893
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0893
CVE-2003-0894
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
2003-10-25
2017-07-10
CVE-2003-0894
http://www.securityfocus.com/bid/8844
BID:8844
http://www.securityfocus.com/bid/8845
BID:8845
http://www.kb.cert.org/vuls/id/496340
CERT-VN:VU#496340
http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf
http://securitytracker.com/id?1007956
SECTRACK:1007956
https://exchange.xforce.ibmcloud.com/vulnerabilities/13451
XF:oracle-oracleo-binaries-bo(13451)
CVE-2003-0895
Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).
2003-10-30
2017-07-10
CVE-2003-0895
http://www.atstake.com/research/advisories/2003/a102803-3.txt
ATSTAKE:A102803-3
http://www.securityfocus.com/bid/8913
BID:8913
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13541
XF:macos-long-command-bo(13541)
CVE-2003-0896
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.
2003-10-25
2016-10-17
CVE-2003-0896
http://www.securityfocus.com/bid/8879
BID:8879
http://marc.info/?l=bugtraq&m=106692334503819&w=2
BUGTRAQ:20021023 [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
http://www.securityfocus.com/archive/1/342580
BUGTRAQ:20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
http://www.securityfocus.com/archive/1/342583
BUGTRAQ:20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machineimplementation
http://www.securityfocus.com/advisories/6028
HP:HPSBUX0311-295
http://lsd-pl.net/code/JVM/jre.tar.gz
MISC:http://lsd-pl.net/code/JVM/jre.tar.gz
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1
SUNALERT:200356
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221
SUNALERT:57221
CVE-2003-0897
"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.
2003-10-25
2017-07-10
CVE-2003-0897
http://marc.info/?l=bugtraq&m=106692772510010&w=2
BUGTRAQ:20031023 Shatter XP
https://exchange.xforce.ibmcloud.com/vulnerabilities/13558
XF:winxp-commctl32-code-execution(13558)
CVE-2003-0898
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
2003-10-28
2016-10-17
CVE-2003-0898
http://marc.info/?l=bugtraq&m=106010332721672&w=2
BUGTRAQ:20030805 Local Vulnerability in IBM DB2 7.1 db2job binary
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt
CONFIRM:ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt
CVE-2003-0899
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
2003-10-30
2017-07-10
CVE-2003-0899
http://www.securityfocus.com/bid/8906
BID:8906
http://marc.info/?l=bugtraq&m=106729188224252&w=2
BUGTRAQ:20031027 Remote overflow in thttpd
https://www.debian.org/security/2003/dsa-396
DEBIAN:DSA-396
http://www.texonet.com/advisories/TEXONET-20030908.txt
MISC:http://www.texonet.com/advisories/TEXONET-20030908.txt
http://www.osvdb.org/2729
OSVDB:2729
http://secunia.com/advisories/10092
SECUNIA:10092
SUSE:SuSE-SA:2003:044
https://exchange.xforce.ibmcloud.com/vulnerabilities/13530
XF:thttpd-defang-bo(13530)
CVE-2003-0900
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
2005-04-14
2021-06-15
CVE-2003-0900
https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711
CONFIRM:https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711
CVE-2003-0901
Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.
2003-10-30
2003-11-12
CVE-2003-0901
http://www.securityfocus.com/bid/8741
BID:8741
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000784
CONECTIVA:CLA-2003:784
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000772
CONECTIVA:CLSA-2003:772
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c
CONFIRM:http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c
http://www.debian.org/security/2003/dsa-397
DEBIAN:DSA-397
http://www.redhat.com/support/errata/RHSA-2003-313.html
REDHAT:RHSA-2003:313
http://www.redhat.com/support/errata/RHSA-2003-314.html
REDHAT:RHSA-2003:314
CVE-2003-0902
Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands.
2004-01-14
CVE-2003-0902
http://www.debian.org/security/2003/dsa-402
DEBIAN:DSA-402
CVE-2003-0903
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
2004-09-01
2007-11-12
CVE-2003-0903
http://www.securityfocus.com/bid/9407
BID:9407
http://www.kb.cert.org/vuls/id/139150
CERT-VN:VU#139150
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-003
MS:MS04-003
http://www.osvdb.org/3457
OSVDB:3457
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A525
OVAL:oval:org.mitre.oval:def:525
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A553
OVAL:oval:org.mitre.oval:def:553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A751
OVAL:oval:org.mitre.oval:def:751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A775
OVAL:oval:org.mitre.oval:def:775
https://exchange.xforce.ibmcloud.com/vulnerabilities/14187
XF:mdac-broadcastrequest-bo(14187)
CVE-2003-0904
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
2004-01-08
2018-10-12
CVE-2003-0904
http://www.securityfocus.com/bid/9118
BID:9118
http://www.securityfocus.com/bid/9409
BID:9409
http://www.kb.cert.org/vuls/id/530660
CERT-VN:VU#530660
http://www.microsoft.com/exchange/support/e2k3owa.asp
CONFIRM:http://www.microsoft.com/exchange/support/e2k3owa.asp
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002
MS:MS04-002
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281
NTBUGTRAQ:20031114 Exchange 2003 OWA major security flaw
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477
OVAL:oval:org.mitre.oval:def:477
http://secunia.com/advisories/10615
SECUNIA:10615
https://exchange.xforce.ibmcloud.com/vulnerabilities/13869
XF:exchange-owa-account-access(13869)
CVE-2003-0905
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.
2004-09-01
2006-10-31
CVE-2003-0905
http://www.securityfocus.com/bid/9825
BID:9825
http://www.kb.cert.org/vuls/id/982630
CERT-VN:VU#982630
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-008
MS:MS04-008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A842
OVAL:oval:org.mitre.oval:def:842
https://exchange.xforce.ibmcloud.com/vulnerabilities/15038
XF:win-media-services-dos(15038)
CVE-2003-0906
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
2004-04-16
2018-10-12
CVE-2003-0906
http://www.securityfocus.com/bid/10120
BID:10120
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/547028
CERT-VN:VU#547028
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1064
OVAL:oval:org.mitre.oval:def:1064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A897
OVAL:oval:org.mitre.oval:def:897
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A959
OVAL:oval:org.mitre.oval:def:959
CVE-2003-0907
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
2004-04-16
2018-10-12
CVE-2003-0907
http://www.securityfocus.com/bid/10119
BID:10119
http://marc.info/?l=bugtraq&m=108196864221676&w=2
BUGTRAQ:20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/260588
CERT-VN:VU#260588
http://www.ciac.org/ciac/bulletins/o-114.shtml
CIAC:O-114
http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html
FULLDISC:20040413 Microsoft Help and Support Center argument injection vulnerability
http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities
MISC:http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000
OVAL:oval:org.mitre.oval:def:1000
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904
OVAL:oval:org.mitre.oval:def:904
https://exchange.xforce.ibmcloud.com/vulnerabilities/15704
XF:win-hcpurl-code-execution(15704)
CVE-2003-0908
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
2004-04-16
2018-10-12
CVE-2003-0908
http://www.securityfocus.com/bid/10124
BID:10124
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/526084
CERT-VN:VU#526084
http://www.ciac.org/ciac/bulletins/o-114.shtml
CIAC:O-114
http://www.appsecinc.com/resources/alerts/general/04-0001.html
MISC:http://www.appsecinc.com/resources/alerts/general/04-0001.html
http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html
MISC:http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046
OVAL:oval:org.mitre.oval:def:1046
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.html
VULNWATCH:20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/15632
XF:win2k-utilitymgr-gain-privileges(15632)
CVE-2003-0909
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
2004-04-16
2018-10-12
CVE-2003-0909
http://www.securityfocus.com/bid/10125
BID:10125
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/206468
CERT-VN:VU#206468
http://www.ciac.org/ciac/bulletins/o-114.shtml
CIAC:O-114
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1004
OVAL:oval:org.mitre.oval:def:1004
https://exchange.xforce.ibmcloud.com/vulnerabilities/15678
XF:winxp-task-gain-privileges(15678)
CVE-2003-0910
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
2004-04-16
2018-10-12
CVE-2003-0910
http://www.securityfocus.com/bid/10122
BID:10122
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
CERT:TA04-104A
http://www.kb.cert.org/vuls/id/122076
CERT-VN:VU#122076
http://www.ciac.org/ciac/bulletins/o-114.shtml
CIAC:O-114
http://www.eeye.com/html/Research/Advisories/AD20040413D.html
EEYE:AD20040413D
http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html
FULLDISC:20040413 EEYE: Windows Expand-Down Data Segment Local Privilege Escalation
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
MS:MS04-011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A890
OVAL:oval:org.mitre.oval:def:890
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A911
OVAL:oval:org.mitre.oval:def:911
https://exchange.xforce.ibmcloud.com/vulnerabilities/15707
XF:win-ldt-gain-privileges(15707)
CVE-2003-0911
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0911
CVE-2003-0912
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0912
CVE-2003-0913
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
2003-11-06
2017-07-10
CVE-2003-0913
http://www.securityfocus.com/bid/8979
BID:8979
http://docs.info.apple.com/article.html?artnum=120269
CONFIRM:http://docs.info.apple.com/article.html?artnum=120269
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00040.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00040.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13620
XF:macos-terminal-gain-access(13620)
CVE-2003-0914
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
2003-12-02
2017-10-09
CVE-2003-0914
http://www.kb.cert.org/vuls/id/734644
CERT-VN:VU#734644
http://www.debian.org/security/2004/dsa-409
DEBIAN:DSA-409
ENGARDE:ESA-20031126-031
FREEBSD:FreeBSD-SA-03:19.bind
IBM:MSS-OAR-E01-2003.1524
IMMUNIX:IMNX-2003-7+-024-01
NETBSD:NetBSD-SA2003-018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011
OVAL:oval:org.mitre.oval:def:2011
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt
SCO:CSSA-2003-SCO.33
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt
SCO:CSSA-2004-003.0
http://secunia.com/advisories/10542
SECUNIA:10542
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434
SUNALERT:57434
SUSE:SuSE-SA:2003:047
http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt
TRUSTIX:2003-0044
CVE-2003-0915
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0915
CVE-2003-0916
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0916
CVE-2003-0917
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0917
CVE-2003-0918
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0918
CVE-2003-0919
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0919
CVE-2003-0920
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0920
CVE-2003-0921
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0921
CVE-2003-0922
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0922
CVE-2003-0923
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0923
CVE-2003-0924
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
2004-09-01
2011-07-16
CVE-2003-0924
http://www.securityfocus.com/bid/9442
BID:9442
http://www.kb.cert.org/vuls/id/487102
CERT-VN:VU#487102
http://www.debian.org/security/2004/dsa-426
DEBIAN:DSA-426
http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
GENTOO:GLSA-200410-02
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011
MANDRAKE:MDKSA-2004:011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804
OVAL:oval:org.mitre.oval:def:804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810
OVAL:oval:org.mitre.oval:def:810
http://www.redhat.com/support/errata/RHSA-2004-030.html
REDHAT:RHSA-2004:030
http://www.redhat.com/support/errata/RHSA-2004-031.html
REDHAT:RHSA-2004:031
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
SGI:20040201-01-U
https://exchange.xforce.ibmcloud.com/vulnerabilities/14874
XF:netpbm-temp-insecure-file(14874)
CVE-2003-0925
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
2003-11-06
2017-10-09
CVE-2003-0925
http://www.securityfocus.com/bid/8951
BID:8951
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780
CONECTIVA:CLA-2003:780
http://www.ethereal.com/appnotes/enpa-sa-00011.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00011.html
http://www.debian.org/security/2003/dsa-407
DEBIAN:DSA-407
http://www.mandriva.com/security/advisories?name=MDKSA-2003:114
MANDRAKE:MDKSA-2003:114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9692
OVAL:oval:org.mitre.oval:def:9692
http://www.redhat.com/support/errata/RHSA-2003-323.html
REDHAT:RHSA-2003:323
http://www.redhat.com/support/errata/RHSA-2003-324.html
REDHAT:RHSA-2003:324
http://secunia.com/advisories/10531
SECUNIA:10531
http://www.turbolinux.com/security/TLSA-2003-64.txt
TURBO:TLSA-2003-64
CVE-2003-0926
Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.
2003-11-06
2017-10-09
CVE-2003-0926
http://www.securityfocus.com/bid/8951
BID:8951
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780
CONECTIVA:CLA-2003:780
http://www.ethereal.com/appnotes/enpa-sa-00011.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00011.html
http://www.debian.org/security/2003/dsa-407
DEBIAN:DSA-407
http://www.mandriva.com/security/advisories?name=MDKSA-2003:114
MANDRAKE:MDKSA-2003:114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11648
OVAL:oval:org.mitre.oval:def:11648
http://www.redhat.com/support/errata/RHSA-2003-323.html
REDHAT:RHSA-2003:323
http://www.redhat.com/support/errata/RHSA-2003-324.html
REDHAT:RHSA-2003:324
http://secunia.com/advisories/10531
SECUNIA:10531
http://www.turbolinux.com/security/TLSA-2003-64.txt
TURBO:TLSA-2003-64
CVE-2003-0927
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
2003-11-06
2017-10-09
CVE-2003-0927
http://www.securityfocus.com/bid/8951
BID:8951
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780
CONECTIVA:CLA-2003:780
http://www.ethereal.com/appnotes/enpa-sa-00011.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00011.html
http://www.debian.org/security/2003/dsa-407
DEBIAN:DSA-407
http://www.mandriva.com/security/advisories?name=MDKSA-2003:114
MANDRAKE:MDKSA-2003:114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9691
OVAL:oval:org.mitre.oval:def:9691
http://www.redhat.com/support/errata/RHSA-2003-323.html
REDHAT:RHSA-2003:323
http://www.redhat.com/support/errata/RHSA-2003-324.html
REDHAT:RHSA-2003:324
http://secunia.com/advisories/10531
SECUNIA:10531
http://www.turbolinux.com/security/TLSA-2003-64.txt
TURBO:TLSA-2003-64
https://exchange.xforce.ibmcloud.com/vulnerabilities/13578
XF:ethereal-socks-heap-overflow(13578)
CVE-2003-0928
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
2004-08-18
2016-10-17
CVE-2003-0928
http://marc.info/?l=bugtraq&m=109241692108678&w=2
BUGTRAQ:20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues
http://www.corsaire.com/advisories/c030807-001.txt
MISC:http://www.corsaire.com/advisories/c030807-001.txt
CVE-2003-0929
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
2004-08-18
2016-10-17
CVE-2003-0929
http://marc.info/?l=bugtraq&m=109241692108678&w=2
BUGTRAQ:20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues
http://www.corsaire.com/advisories/c030807-001.txt
MISC:http://www.corsaire.com/advisories/c030807-001.txt
CVE-2003-0930
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.
2004-08-18
2016-10-17
CVE-2003-0930
http://marc.info/?l=bugtraq&m=109241692108678&w=2
BUGTRAQ:20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues
http://www.corsaire.com/advisories/c030807-001.txt
MISC:http://www.corsaire.com/advisories/c030807-001.txt
CVE-2003-0931
Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999.
2004-08-18
2017-07-10
CVE-2003-0931
http://marc.info/?l=bugtraq&m=109215951022437&w=2
BUGTRAQ:20040810 Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue
http://www.corsaire.com/advisories/c031120-001.txt
MISC:http://www.corsaire.com/advisories/c031120-001.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/16949
XF:sygate-enforcer-payload-dos(16949)
CVE-2003-0932
Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable.
2003-11-18
CVE-2003-0932
http://www.debian.org/security/2003/dsa-400
DEBIAN:DSA-400
CVE-2003-0933
Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable.
2003-11-12
CVE-2003-0933
http://www.debian.org/security/2003/dsa-398
DEBIAN:DSA-398
CVE-2003-0934
Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network.
2003-11-12
2016-10-17
CVE-2003-0934
http://marc.info/?l=bugtraq&m=106850011513880&w=2
BUGTRAQ:20031110 Symbol Technologies Default WEP KEYS Vulnerability
http://www.secnap.net/security/031106.html
MISC:http://www.secnap.net/security/031106.html
VULNWATCH:20031110 Symbol Technologies Default WEP KEYS Vulnerability
CVE-2003-0935
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
2003-11-12
2017-10-09
CVE-2003-0935
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778
CONECTIVA:CLA-2003:778
http://sourceforge.net/forum/forum.php?forum_id=308015
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=308015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A869
OVAL:oval:org.mitre.oval:def:869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9802
OVAL:oval:org.mitre.oval:def:9802
http://www.redhat.com/support/errata/RHSA-2003-335.html
REDHAT:RHSA-2003:335
http://www.redhat.com/support/errata/RHSA-2004-023.html
REDHAT:RHSA-2004:023
CVE-2003-0936
Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
2003-11-18
2016-10-17
CVE-2003-0936
http://marc.info/?l=bugtraq&m=106876107330752&w=2
BUGTRAQ:20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM
http://marc.info/?l=bugtraq&m=106875764826251&w=2
BUGTRAQ:20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit
http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html
CVE-2003-0937
SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.
2003-11-18
2016-10-17
CVE-2003-0937
http://marc.info/?l=bugtraq&m=106865297403687&w=2
BUGTRAQ:20031112 Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.
http://www.texonet.com/advisories/TEXONET-20031024.txt
MISC:http://www.texonet.com/advisories/TEXONET-20031024.txt
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt
SCO:CSSA-2003-SCO.32
CVE-2003-0938
vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.
2003-11-21
2017-07-10
CVE-2003-0938
http://www.atstake.com/research/advisories/2003/a111703-1.txt
ATSTAKE:A111703-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/13765
XF:sapdb-NETAPI32-gain-privileges(13765)
CVE-2003-0939
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.
2003-11-21
2021-06-15
CVE-2003-0939
http://www.atstake.com/research/advisories/2003/a111703-1.txt
ATSTAKE:A111703-1
http://www.sapdb.org/7.4/new_relinfo.txt
CONFIRM:http://www.sapdb.org/7.4/new_relinfo.txt
CVE-2003-0940
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
2003-11-21
CVE-2003-0940
http://www.atstake.com/research/advisories/2003/a111703-2.txt
ATSTAKE:A111703-2
CVE-2003-0941
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.
2003-11-21
CVE-2003-0941
http://www.atstake.com/research/advisories/2003/a111703-2.txt
ATSTAKE:A111703-2
CVE-2003-0942
Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa.
2003-11-21
CVE-2003-0942
http://www.atstake.com/research/advisories/2003/a111703-2.txt
ATSTAKE:A111703-2
CVE-2003-0943
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).
2003-11-21
CVE-2003-0943
http://www.atstake.com/research/advisories/2003/a111703-2.txt
ATSTAKE:A111703-2
CVE-2003-0944
Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI.
2003-11-21
CVE-2003-0944
http://www.atstake.com/research/advisories/2003/a111703-2.txt
ATSTAKE:A111703-2
CVE-2003-0945
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.
2003-11-21
2017-07-10
CVE-2003-0945
http://www.atstake.com/research/advisories/2003/a111703-2.txt
ATSTAKE:A111703-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/13774
XF:sapdb-manager-sessionid-predictable(13774)
CVE-2003-0946
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.
2003-11-18
2016-10-17
CVE-2003-0946
http://marc.info/?l=bugtraq&m=106867135830683&w=2
BUGTRAQ:20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS
http://sourceforge.net/project/shownotes.php?release_id=197038
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=197038
CVE-2003-0947
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
2003-11-18
2016-10-17
CVE-2003-0947
http://marc.info/?l=bugtraq&m=106867458902521&w=2
BUGTRAQ:20031112 iwconfig vulnerability - the last code was demaged sending by email
CVE-2003-0948
Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable.
2003-11-18
2021-06-15
CVE-2003-0948
http://www.securityfocus.com/bid/8901
BID:8901
http://www.securiteam.com/exploits/6Y00R1P8KY.html
MISC:http://www.securiteam.com/exploits/6Y00R1P8KY.html
CVE-2003-0949
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
2004-01-14
2017-07-10
CVE-2003-0949
http://www.securityfocus.com/bid/9321
BID:9321
http://www.debian.org/security/2003/dsa-405
DEBIAN:DSA-405
https://exchange.xforce.ibmcloud.com/vulnerabilities/14098
XF:xsok-command-execution(14098)
CVE-2003-0950
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
2003-11-18
2017-07-10
CVE-2003-0950
http://www.securityfocus.com/bid/9041
BID:9041
http://xforce.iss.net/xforce/alerts/id/157
ISS:20031112 IClient Servlet Remote Command Execution Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/12805
XF:peoplesoft-iclientservlet-file-upload(12805)
CVE-2003-0951
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.
2003-11-18
2017-10-09
CVE-2003-0951
http://archives.neohapsis.com/archives/hp/2003-q4/0041.html
HP:HPSBUX0311-296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5146
OVAL:oval:org.mitre.oval:def:5146
CVE-2003-0952
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0952
CVE-2003-0953
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-0953
CVE-2003-0954
Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.
2005-04-14
CVE-2003-0954
http://www-1.ibm.com/support/search.wss?rs=0&q=IY48272&apar=only
AIXAPAR:IY48272
http://www-1.ibm.com/support/search.wss?rs=0&q=IY48747&apar=only
AIXAPAR:IY48747
http://www-1.ibm.com/support/search.wss?rs=0&q=IY49238&apar=only
AIXAPAR:IY49238
http://www.securityfocus.com/bid/9078
BID:9078
http://securitytracker.com/id?1008258
SECTRACK:1008258
http://secunia.com/advisories/10276/
SECUNIA:10276
CVE-2003-0955
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.
2003-11-21
2016-10-17
CVE-2003-0955
http://www.securityfocus.com/bid/8978
BID:8978
http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2
CONFIRM:http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2
http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2
CONFIRM:http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.html
FULLDISC:20031104 OpenBSD kernel overflow, yet still *BSD much better than windows
http://www.guninski.com/msuxobsd2.html
MISC:http://www.guninski.com/msuxobsd2.html
http://www.openbsd.org/errata33.html
OPENBSD:20031104 010: RELIABILITY FIX: November 4, 2003
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch
OPENBSD:20031105 005: RELIABILITY FIX: November 4, 2003
CVE-2003-0956
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.
2006-02-16
2017-07-10
CVE-2003-0956
http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg
https://exchange.xforce.ibmcloud.com/vulnerabilities/42942
XF:linux-kernel-odirect-information-disclosure(42942)
CVE-2003-0957
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0957
CVE-2003-0958
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-0958
CVE-2003-0959
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.
2006-03-01
2017-07-10
CVE-2003-0959
http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A
https://exchange.xforce.ibmcloud.com/vulnerabilities/43072
XF:linux-kernel-unspecified-priv-escalation(43072)
CVE-2003-0960
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.
2003-12-02
2016-10-17
CVE-2003-0960
http://marc.info/?l=bugtraq&m=107003609308765&w=2
BUGTRAQ:20031128 [OpenCA Advisory] Vulnerabilities in signature verification
CVE-2003-0961
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
2003-12-02
2016-10-17
CVE-2003-0961
http://marc.info/?l=bugtraq&m=107064830206816&w=2
BUGTRAQ:20031204 Hot fix for do_brk bug
http://marc.info/?l=bugtraq&m=107064798706473&w=2
BUGTRAQ:20031204 [iSEC] Linux kernel do_brk() vulnerability details
http://marc.info/?l=bugtraq&m=107394143105081&w=2
BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
http://www.kb.cert.org/vuls/id/301156
CERT-VN:VU#301156
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796
CONECTIVA:CLA-2003:796
http://www.debian.org/security/2003/dsa-403
DEBIAN:DSA-403
http://www.debian.org/security/2004/dsa-417
DEBIAN:DSA-417
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
http://www.debian.org/security/2004/dsa-433
DEBIAN:DSA-433
http://www.debian.org/security/2004/dsa-439
DEBIAN:DSA-439
http://www.debian.org/security/2004/dsa-440
DEBIAN:DSA-440
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
http://www.debian.org/security/2004/dsa-450
DEBIAN:DSA-450
http://www.debian.org/security/2004/dsa-470
DEBIAN:DSA-470
http://www.debian.org/security/2004/dsa-475
DEBIAN:DSA-475
http://www.mandriva.com/security/advisories?name=MDKSA-2003:110
MANDRAKE:MDKSA-2003:110
http://isec.pl/papers/linux_kernel_do_brk.pdf
MISC:http://isec.pl/papers/linux_kernel_do_brk.pdf
http://www.redhat.com/support/errata/RHSA-2003-368.html
REDHAT:RHSA-2003:368
http://www.redhat.com/support/errata/RHSA-2003-389.html
REDHAT:RHSA-2003:389
http://secunia.com/advisories/10328
SECUNIA:10328
http://secunia.com/advisories/10329
SECUNIA:10329
http://secunia.com/advisories/10330
SECUNIA:10330
http://secunia.com/advisories/10333
SECUNIA:10333
http://secunia.com/advisories/10338
SECUNIA:10338
http://www.novell.com/linux/security/advisories/2003_049_kernel.html
SUSE:SuSE-SA:2003:049
CVE-2003-0962
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
2003-12-10
2017-10-09
CVE-2003-0962
http://www.securityfocus.com/bid/9153
BID:9153
http://marc.info/?l=bugtraq&m=107056923528423&w=2
BUGTRAQ:20031204 GLSA: exploitable heap overflow in rsync (200312-03)
http://marc.info/?l=bugtraq&m=107055702911867&w=2
BUGTRAQ:20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)
http://marc.info/?l=bugtraq&m=107055681311602&w=2
BUGTRAQ:20031204 rsync security advisory (fwd)
http://www.kb.cert.org/vuls/id/325603
CERT-VN:VU#325603
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
CONECTIVA:CLA-2003:794
DEBIAN:DSA-404
ENGARDE:ESA-20031204-032
IMMUNIX:IMNX-2003-73-001-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
MANDRAKE:MDKSA-2003:111
http://www.osvdb.org/2898
OSVDB:2898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
OVAL:oval:org.mitre.oval:def:9415
http://www.redhat.com/support/errata/RHSA-2003-398.html
REDHAT:RHSA-2003:398
http://secunia.com/advisories/10353
SECUNIA:10353
http://secunia.com/advisories/10354
SECUNIA:10354
http://secunia.com/advisories/10355
SECUNIA:10355
http://secunia.com/advisories/10356
SECUNIA:10356
http://secunia.com/advisories/10357
SECUNIA:10357
http://secunia.com/advisories/10358
SECUNIA:10358
http://secunia.com/advisories/10359
SECUNIA:10359
http://secunia.com/advisories/10360
SECUNIA:10360
http://secunia.com/advisories/10361
SECUNIA:10361
http://secunia.com/advisories/10362
SECUNIA:10362
http://secunia.com/advisories/10363
SECUNIA:10363
http://secunia.com/advisories/10364
SECUNIA:10364
http://secunia.com/advisories/10378
SECUNIA:10378
http://secunia.com/advisories/10474
SECUNIA:10474
ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
SGI:20031202-01-U
SUSE:SuSE-SA:2003:050
http://marc.info/?l=bugtraq&m=107055684711629&w=2
TRUSTIX:2003-0048
https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
XF:linux-rsync-heap-overflow(13899)
CVE-2003-0963
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
2003-12-17
2017-10-09
CVE-2003-0963
http://marc.info/?l=bugtraq&m=107126386226196&w=2
BUGTRAQ:20031212 [slackware-security] lftp security update (SSA:2003-346-01)
http://marc.info/?l=bugtraq&m=107152267121513&w=2
BUGTRAQ:20031213 lftp buffer overflows
http://marc.info/?l=bugtraq&m=107167974714484&w=2
BUGTRAQ:20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp)
http://marc.info/?l=bugtraq&m=107177409418121&w=2
BUGTRAQ:20031218 GLSA: lftp (200312-07)
http://marc.info/?l=bugtraq&m=107340499504411&w=2
CONECTIVA:CLA-2004:800
http://www.debian.org/security/2004/dsa-406
DEBIAN:DSA-406
http://www.mandriva.com/security/advisories?name=MDKSA-2003:116
MANDRAKE:MDKSA-2003:116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180
OVAL:oval:org.mitre.oval:def:11180
http://www.redhat.com/support/errata/RHSA-2003-403.html
REDHAT:RHSA-2003:403
http://www.redhat.com/support/errata/RHSA-2003-404.html
REDHAT:RHSA-2003:404
http://secunia.com/advisories/10525
SECUNIA:10525
http://secunia.com/advisories/10548
SECUNIA:10548
ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U
SGI:20040101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
http://www.novell.com/linux/security/advisories/2003_051_lftp.html
SUSE:SuSE-SA:2003:051
CVE-2003-0964
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: N/A. Notes: none.
2003-10-01
2005-02-06
CVE-2003-0964
CVE-2003-0965
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
2004-01-15
2017-10-09
CVE-2003-0965
http://www.securityfocus.com/bid/9336
BID:9336
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
CONECTIVA:CLA-2004:842
http://www.debian.org/security/2004/dsa-436
DEBIAN:DSA-436
http://www.mandriva.com/security/advisories?name=MDKSA-2004:013
MANDRAKE:MDKSA-2004:013
http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html
MLIST:[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4
http://www.osvdb.org/3305
OSVDB:3305
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813
OVAL:oval:org.mitre.oval:def:813
http://www.redhat.com/support/errata/RHSA-2004-020.html
REDHAT:RHSA-2004:020
http://secunia.com/advisories/10519
SECUNIA:10519
https://exchange.xforce.ibmcloud.com/vulnerabilities/14121
XF:mailman-admin-xss(14121)
CVE-2003-0966
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.
2004-09-01
2007-11-12
CVE-2003-0966
http://www.securityfocus.com/bid/9430
BID:9430
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
http://www.redhat.com/support/errata/RHSA-2004-009.html
REDHAT:RHSA-2004:009
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI:20040103-01-U
https://exchange.xforce.ibmcloud.com/vulnerabilities/14840
XF:elm-frm-subject-bo(14840)
CVE-2003-0967
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
2003-12-02
2017-10-09
CVE-2003-0967
http://marc.info/?l=bugtraq&m=106935911101493&w=2
BUGTRAQ:20031120 Remote DoS in FreeRADIUS, all versions.
http://marc.info/?l=bugtraq&m=106944220426970
BUGTRAQ:20031121 FreeRADIUS 0.9.2 "Tunnel-Password" attribute Handling Vulnerability
http://marc.info/?l=freeradius-users&m=106947389449613&w=2
CONFIRM:http://marc.info/?l=freeradius-users&m=106947389449613&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917
OVAL:oval:org.mitre.oval:def:10917
http://www.redhat.com/support/errata/RHSA-2003-386.html
REDHAT:RHSA-2003:386
CVE-2003-0968
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
2003-12-02
2016-10-17
CVE-2003-0968
http://marc.info/?l=bugtraq&m=106986437621130&w=2
BUGTRAQ:20031126 FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability
CVE-2003-0969
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
2004-09-01
2007-11-14
CVE-2003-0969
http://www.securityfocus.com/bid/9364
BID:9364
http://www.debian.org/security/2004/dsa-411
DEBIAN:DSA-411
http://www.osvdb.org/3331
OSVDB:3331
http://www.novell.com/linux/security/advisories/2004_02_tcpdump.html
SUSE:SuSE-SA:2004:002
https://exchange.xforce.ibmcloud.com/vulnerabilities/14148
XF:mpg321-mp3-format-string(14148)
CVE-2003-0970
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
2003-12-02
CVE-2003-0970
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57430
SUNALERT:57430
CVE-2003-0971
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
2003-12-02
2017-10-09
CVE-2003-0971
http://www.securityfocus.com/bid/9115
BID:9115
http://marc.info/?l=bugtraq&m=106995769213221&w=2
BUGTRAQ:20031127 GnuPG's ElGamal signing keys compromised
http://www.kb.cert.org/vuls/id/940388
CERT-VN:VU#940388
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798
CONECTIVA:CLA-2003:798
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
CONFIRM:http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html
CONFIRM:http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html
http://www.debian.org/security/2004/dsa-429
DEBIAN:DSA-429
http://www.mandriva.com/security/advisories?name=MDKSA-2003:109
MANDRAKE:MDKSA-2003:109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982
OVAL:oval:org.mitre.oval:def:10982
http://www.redhat.com/support/errata/RHSA-2003-390.html
REDHAT:RHSA-2003:390
http://www.redhat.com/support/errata/RHSA-2003-395.html
REDHAT:RHSA-2003:395
http://secunia.com/advisories/10304
SECUNIA:10304
http://secunia.com/advisories/10349
SECUNIA:10349
http://secunia.com/advisories/10399
SECUNIA:10399
http://secunia.com/advisories/10400
SECUNIA:10400
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
http://www.novell.com/linux/security/advisories/2003_048_gpg.html
SUSE:SuSE-SA:2003:048
CVE-2003-0972
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
2003-12-02
2016-10-17
CVE-2003-0972
http://marc.info/?l=bugtraq&m=106995837813873&w=2
BUGTRAQ:20031127 GNU screen buffer overflow
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000809
CONECTIVA:CLA-2004:809
http://groups.yahoo.com/group/gnu-screen/message/3118
CONFIRM:http://groups.yahoo.com/group/gnu-screen/message/3118
http://www.debian.org/security/2004/dsa-408
DEBIAN:DSA-408
http://www.mandriva.com/security/advisories?name=MDKSA-2003:113
MANDRAKE:MDKSA-2003:113
http://secunia.com/advisories/10539
SECUNIA:10539
CVE-2003-0973
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
2003-12-02
2017-10-09
CVE-2003-0973
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000837
CONECTIVA:CLA-2004:837
http://www.modpython.org/pipermail/mod_python/2003-November/004005.html
CONFIRM:http://www.modpython.org/pipermail/mod_python/2003-November/004005.html
http://www.debian.org/security/2004/dsa-452
DEBIAN:DSA-452
http://bugzilla.fedora.us/show_bug.cgi?id=1325
FEDORA:FEDORA-2004-1325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10259
OVAL:oval:org.mitre.oval:def:10259
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A828
OVAL:oval:org.mitre.oval:def:828
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A839
OVAL:oval:org.mitre.oval:def:839
http://www.redhat.com/support/errata/RHSA-2004-058.html
REDHAT:RHSA-2004:058
http://www.redhat.com/support/errata/RHSA-2004-063.html
REDHAT:RHSA-2004:063
CVE-2003-0974
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c.
2003-12-02
2016-10-17
CVE-2003-0974
http://www.securityfocus.com/bid/9124
BID:9124
http://marc.info/?l=bugtraq&m=107005523025918&w=2
BUGTRAQ:20031128 Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite
http://marc.info/?l=bugtraq&m=107004362416252&w=2
BUGTRAQ:20031128 Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
http://marc.info/?l=bugtraq&m=107031196324376&w=2
BUGTRAQ:20031201 Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
http://www.bugtraq.org/advisories/_BSSADV-0000.txt
MISC:http://www.bugtraq.org/advisories/_BSSADV-0000.txt
CVE-2003-0975
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
2003-12-10
2017-07-10
CVE-2003-0975
http://marc.info/?l=bugtraq&m=106917674428552&w=2
BUGTRAQ:20031118 Apple Safari 1.1 (v100)
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00042.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00042.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7973
XF:mozilla-netscape-steal-cookies(7973)
CVE-2003-0976
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.
2003-12-10
2017-07-10
CVE-2003-0976
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/13915
XF:netware-nfs-share-access(13915)
CVE-2003-0977
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
2003-12-10
2017-10-09
CVE-2003-0977
http://marc.info/?l=bugtraq&m=107168035515554&w=2
BUGTRAQ:20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)
http://marc.info/?l=bugtraq&m=107540163908129&w=2
BUGTRAQ:20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
CONECTIVA:CLA-2004:808
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1
CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1
http://www.debian.org/security/2004/dsa-422
DEBIAN:DSA-422
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
MANDRAKE:MDKSA-2003:112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
OVAL:oval:org.mitre.oval:def:11528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
OVAL:oval:org.mitre.oval:def:855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
OVAL:oval:org.mitre.oval:def:866
http://www.redhat.com/support/errata/RHSA-2004-003.html
REDHAT:RHSA-2004:003
http://www.redhat.com/support/errata/RHSA-2004-004.html
REDHAT:RHSA-2004:004
http://secunia.com/advisories/10601
SECUNIA:10601
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI:20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
XF:cvs-module-file-manipulation(13929)
CVE-2003-0978
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
2003-12-10
2017-07-10
CVE-2003-0978
http://marc.info/?l=bugtraq&m=107047470625214&w=2
BUGTRAQ:20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue
http://www.s-quadra.com/advisories/Adv-20031203.txt
MISC:http://www.s-quadra.com/advisories/Adv-20031203.txt
http://www.novell.com/linux/security/advisories/2003_048_gpg.html
SUSE:SuSE-SA:2003:048
https://exchange.xforce.ibmcloud.com/vulnerabilities/13892
XF:gnupg-gpgkeyshkp-format-string(13892)
CVE-2003-0979
FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.
2003-12-11
2016-10-17
CVE-2003-0979
http://marc.info/?l=bugtraq&m=107107840622493&w=2
BUGTRAQ:20031210 Visitorbook LE Multiple Vulnerabilities
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
CVE-2003-0980
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.
2003-12-11
2016-10-17
CVE-2003-0980
http://marc.info/?l=bugtraq&m=107107840622493&w=2
BUGTRAQ:20031210 Visitorbook LE Multiple Vulnerabilities
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
CVE-2003-0981
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
2003-12-11
2016-10-17
CVE-2003-0981
http://marc.info/?l=bugtraq&m=107107840622493&w=2
BUGTRAQ:20031210 Visitorbook LE Multiple Vulnerabilities
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
MISC:http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
CVE-2003-0982
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.
2003-12-11
2017-07-10
CVE-2003-0982
http://www.securityfocus.com/bid/9187
BID:9187
http://www.kb.cert.org/vuls/id/352462
CERT-VN:VU#352462
http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml
CISCO:20031210 Vulnerability in Authentication Library for ACNS
http://secunia.com/advisories/10409
SECUNIA:10409
https://exchange.xforce.ibmcloud.com/vulnerabilities/13945
XF:cisco-acns-password-bo(13945)
CVE-2003-0983
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
2003-12-11
CVE-2003-0983
http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml
CISCO:20031210 Unity Vulnerabilities on IBM-based Servers
CVE-2003-0984
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
2003-12-23
2017-10-09
CVE-2003-0984
http://www.securityfocus.com/bid/9154
BID:9154
http://marc.info/?l=bugtraq&m=107394143105081&w=2
BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
CONECTIVA:CLA-2004:799
http://www.debian.org/security/2006/dsa-1067
DEBIAN:DSA-1067
http://www.debian.org/security/2006/dsa-1069
DEBIAN:DSA-1069
http://www.debian.org/security/2006/dsa-1070
DEBIAN:DSA-1070
http://www.debian.org/security/2006/dsa-1082
DEBIAN:DSA-1082
http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
ENGARDE:ESA-20040105-001
http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00000.html
FEDORA:FEDORA-2003-046
http://www.mandriva.com/security/advisories?name=MDKSA-2004:001
MANDRAKE:MDKSA-2004:001
http://www.osvdb.org/3317
OSVDB:3317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1013
OVAL:oval:org.mitre.oval:def:1013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A859
OVAL:oval:org.mitre.oval:def:859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406
OVAL:oval:org.mitre.oval:def:9406
http://www.redhat.com/support/errata/RHSA-2003-417.html
REDHAT:RHSA-2003:417
http://www.redhat.com/support/errata/RHSA-2004-188.html
REDHAT:RHSA-2004:188
http://www.securitytracker.com/id?1008594
SECTRACK:1008594
http://secunia.com/advisories/10533
SECUNIA:10533
http://secunia.com/advisories/10536
SECUNIA:10536
http://secunia.com/advisories/10537
SECUNIA:10537
http://secunia.com/advisories/10538
SECUNIA:10538
http://secunia.com/advisories/10555
SECUNIA:10555
http://secunia.com/advisories/10582
SECUNIA:10582
http://secunia.com/advisories/10583
SECUNIA:10583
http://secunia.com/advisories/20162
SECUNIA:20162
http://secunia.com/advisories/20163
SECUNIA:20163
http://secunia.com/advisories/20202
SECUNIA:20202
http://secunia.com/advisories/20338
SECUNIA:20338
http://www.novell.com/linux/security/advisories/2003_049_kernel.html
SUSE:SuSE-SA:2003:049
https://exchange.xforce.ibmcloud.com/vulnerabilities/13943
XF:linux-rtc-memory-leak(13943)
CVE-2003-0985
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
2004-09-01
2011-07-16
CVE-2003-0985
http://www.securityfocus.com/bid/9356
BID:9356
http://marc.info/?l=bugtraq&m=107340358402129&w=2
BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
http://marc.info/?l=bugtraq&m=107332782121916&w=2
BUGTRAQ:20040105 Linux kernel mremap vulnerability
http://marc.info/?l=bugtraq&m=107340814409017&w=2
BUGTRAQ:20040106 Linux mremap bug correction
http://marc.info/?l=bugtraq&m=107350348418373&w=2
BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html
BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
http://marc.info/?l=bugtraq&m=107394143105081&w=2
BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
http://www.kb.cert.org/vuls/id/490620
CERT-VN:VU#490620
http://www.ciac.org/ciac/bulletins/o-045.shtml
CIAC:O-045
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
CONECTIVA:CLA-2004:799
http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
CONFIRM:http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0
CONFIRM:http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
http://www.debian.org/security/2006/dsa-1067
DEBIAN:DSA-1067
http://www.debian.org/security/2006/dsa-1069
DEBIAN:DSA-1069
http://www.debian.org/security/2006/dsa-1070
DEBIAN:DSA-1070
http://www.debian.org/security/2006/dsa-1082
DEBIAN:DSA-1082
http://www.debian.org/security/2004/dsa-413
DEBIAN:DSA-413
http://www.debian.org/security/2004/dsa-417
DEBIAN:DSA-417
http://www.debian.org/security/2004/dsa-423
DEBIAN:DSA-423
http://www.debian.org/security/2004/dsa-427
DEBIAN:DSA-427
http://www.debian.org/security/2004/dsa-439
DEBIAN:DSA-439
http://www.debian.org/security/2004/dsa-440
DEBIAN:DSA-440
http://www.debian.org/security/2004/dsa-442
DEBIAN:DSA-442
http://www.debian.org/security/2004/dsa-450
DEBIAN:DSA-450
http://www.debian.org/security/2004/dsa-470
DEBIAN:DSA-470
http://www.debian.org/security/2004/dsa-475
DEBIAN:DSA-475
http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
ENGARDE:ESA-20040105-001
http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01
IMMUNIX:IMNX-2004-73-001-01
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
MANDRAKE:MDKSA-2004:001
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
MLIST:[linux-kernel] 20040105 linux-2.4.24 released
http://www.osvdb.org/3315
OSVDB:3315
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A860
OVAL:oval:org.mitre.oval:def:860
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A867
OVAL:oval:org.mitre.oval:def:867
http://www.redhat.com/support/errata/RHSA-2003-416.html
REDHAT:RHSA-2003:416
http://www.redhat.com/support/errata/RHSA-2003-417.html
REDHAT:RHSA-2003:417
http://www.redhat.com/support/errata/RHSA-2003-418.html
REDHAT:RHSA-2003:418
http://www.redhat.com/support/errata/RHSA-2003-419.html
REDHAT:RHSA-2003:419
http://secunia.com/advisories/10532
SECUNIA:10532
http://secunia.com/advisories/20163
SECUNIA:20163
http://secunia.com/advisories/20202
SECUNIA:20202
http://secunia.com/advisories/20338
SECUNIA:20338
ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U
SGI:20040102-01-U
SUSE:SuSE-SA:2004:001
http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html
SUSE:SuSE-SA:2004:003
http://marc.info/?l=bugtraq&m=107332754521495&w=2
TRUSTIX:2004-0001
https://exchange.xforce.ibmcloud.com/vulnerabilities/14135
XF:linux-domremap-gain-privileges(14135)
CVE-2003-0986
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
2006-02-27
2017-10-09
CVE-2003-0986
http://linux.bkbits.net:8080/linux-2.4/cset@3fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ
http://linux.bkbits.net:8080/linux-2.6/cset@3ffcf122S7e3xPZCpibrXq6KRRjwqw
CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@3ffcf122S7e3xPZCpibrXq6KRRjwqw
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9707
OVAL:oval:org.mitre.oval:def:9707
http://www.redhat.com/support/errata/RHSA-2004-017.html
REDHAT:RHSA-2004:017
CVE-2003-0987
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
2004-02-03
2021-06-06
CVE-2003-0987
http://www.securityfocus.com/bid/9571
BID:9571
http://marc.info/?l=bugtraq&m=108437852004207&w=2
BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html
http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
CONFIRM:http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html
http://security.gentoo.org/glsa/glsa-200405-22.xml
GENTOO:GLSA-200405-22
http://www.mandriva.com/security/advisories?name=MDKSA-2004:046
MANDRAKE:MDKSA-2004:046
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108
OVAL:oval:org.mitre.oval:def:100108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416
OVAL:oval:org.mitre.oval:def:4416
http://www.redhat.com/support/errata/RHSA-2004-600.html
REDHAT:RHSA-2004:600
http://www.redhat.com/support/errata/RHSA-2005-816.html
REDHAT:RHSA-2005:816
http://securitytracker.com/id?1008920
SECTRACK:1008920
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
SLACKWARE:SSA:2004-133
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
SUNALERT:101555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
SUNALERT:101841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
SUNALERT:57628
http://www.trustix.org/errata/2004/0027
TRUSTIX:2004-0027
https://exchange.xforce.ibmcloud.com/vulnerabilities/15041
XF:apache-moddigest-response-replay(15041)
CVE-2003-0988
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
2004-09-01
2011-07-16
CVE-2003-0988
http://www.securityfocus.com/bid/9419
BID:9419
http://marc.info/?l=bugtraq&m=107412130407906&w=2
BUGTRAQ:20040114 KDE Security Advisory: VCF file information reader vulnerability
http://www.kb.cert.org/vuls/id/820798
CERT-VN:VU#820798
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810
CONECTIVA:CLA-2004:810
http://www.kde.org/info/security/advisory-20040114-1.txt
CONFIRM:http://www.kde.org/info/security/advisory-20040114-1.txt
http://security.gentoo.org/glsa/glsa-200404-02.xml
GENTOO:GLSA-200404-02
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003
MANDRAKE:MDKSA-2004:003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858
OVAL:oval:org.mitre.oval:def:858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865
OVAL:oval:org.mitre.oval:def:865
http://www.redhat.com/support/errata/RHSA-2004-005.html
REDHAT:RHSA-2004:005
http://www.redhat.com/support/errata/RHSA-2004-006.html
REDHAT:RHSA-2004:006
https://exchange.xforce.ibmcloud.com/vulnerabilities/14833
XF:kde-kdepim-bo(14833)
CVE-2003-0989
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
2004-01-15
2018-10-19
CVE-2003-0989
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
APPLE:APPLE-SA-2004-02-23
http://www.securityfocus.com/bid/9507
BID:9507
http://www.securityfocus.com/archive/1/350238/30/21640/threaded
BUGTRAQ:20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.
http://marc.info/?l=bugtraq&m=107577418225627&w=2
BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt
CALDERA:CSSA-2004-008.0
http://www.kb.cert.org/vuls/id/738518
CERT-VN:VU#738518
http://www.debian.org/security/2004/dsa-425
DEBIAN:DSA-425
http://lwn.net/Alerts/66805/
ENGARDE:ESA-20040119-002
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html
FEDORA:FEDORA-2004-090
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html
FEDORA:FEDORA-2004-092
http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html
FEDORA:FLSA:1222
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
MANDRAKE:MDKSA-2004:008
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html
MLIST:[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599
OVAL:oval:org.mitre.oval:def:10599
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847
OVAL:oval:org.mitre.oval:def:847
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852
OVAL:oval:org.mitre.oval:def:852
http://www.redhat.com/support/errata/RHSA-2004-007.html
REDHAT:RHSA-2004:007
http://www.redhat.com/support/errata/RHSA-2004-008.html
REDHAT:RHSA-2004:008
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt
SCO:SCOSA-2004.9
http://www.securitytracker.com/id?1008716
SECTRACK:1008716
http://secunia.com/advisories/10636
SECUNIA:10636
http://secunia.com/advisories/10637
SECUNIA:10637
http://secunia.com/advisories/10639
SECUNIA:10639
http://secunia.com/advisories/10644
SECUNIA:10644
http://secunia.com/advisories/10652
SECUNIA:10652
http://secunia.com/advisories/10668
SECUNIA:10668
http://secunia.com/advisories/10718
SECUNIA:10718
http://secunia.com/advisories/11022
SECUNIA:11022
http://secunia.com/advisories/11032/
SECUNIA:11032
http://secunia.com/advisories/12179/
SECUNIA:12179
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI:20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
SUSE:SuSE-SA:2004:002
http://lwn.net/Alerts/66445/
TRUSTIX:2004-0004
CVE-2003-0990
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
2004-01-06
2017-07-10
CVE-2003-0990
http://www.securityfocus.com/bid/9296
BID:9296
http://marc.info/?l=bugtraq&m=107247236124180&w=2
BUGTRAQ:20031224 Bugtraq Security Systems ADV-0001
http://www.securityfocus.com/archive/1/348366
BUGTRAQ:20031226 Re: Reported Command Injection in Squirrelmail GPG
http://www.bugtraq.org/advisories/_BSSADV-0001.txt
MISC:http://www.bugtraq.org/advisories/_BSSADV-0001.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/14079
XF:squirrelmail-parseaddress-command-execution(14079)
CVE-2003-0991
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
2004-09-01
2007-11-12
CVE-2003-0991
http://www.securityfocus.com/bid/9620
BID:9620
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
CONECTIVA:CLA-2004:842
http://www.debian.org/security/2004/dsa-436
DEBIAN:DSA-436
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013
MANDRAKE:MDKSA-2004:013
http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html
MLIST:[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release
http://www.redhat.com/support/errata/RHSA-2004-019.html
REDHAT:RHSA-2004:019
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
SGI:20040201-01-U
https://exchange.xforce.ibmcloud.com/vulnerabilities/15106
XF:mailman-command-handler-dos(15106)
CVE-2003-0992
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
2004-01-15
2017-10-09
CVE-2003-0992
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
CONECTIVA:CLA-2004:842
http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html
CONFIRM:http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:013
MANDRAKE:MDKSA-2004:013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815
OVAL:oval:org.mitre.oval:def:815
http://www.redhat.com/support/errata/RHSA-2004-020.html
REDHAT:RHSA-2004:020
CVE-2003-0993
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
2004-09-01
2021-06-06
CVE-2003-0993
http://www.securityfocus.com/bid/9829
BID:9829
http://marc.info/?l=bugtraq&m=108437852004207&w=2
BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
http://www.apacheweek.com/features/security-13
CONFIRM:http://www.apacheweek.com/features/security-13
http://security.gentoo.org/glsa/glsa-200405-22.xml
GENTOO:GLSA-200405-22
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
MANDRAKE:MDKSA-2004:046
http://marc.info/?l=apache-cvs&m=107869603013722
MLIST:[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111
OVAL:oval:org.mitre.oval:def:100111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670
OVAL:oval:org.mitre.oval:def:4670
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
SLACKWARE:SSA:2004-133
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
SUNALERT:101555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
SUNALERT:101841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
SUNALERT:57628
http://www.trustix.org/errata/2004/0027
TRUSTIX:2004-0027
https://exchange.xforce.ibmcloud.com/vulnerabilities/15422
XF:apache-modaccess-obtain-information(15422)
CVE-2003-0994
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
2004-09-01
2007-11-12
CVE-2003-0994
http://marc.info/?l=bugtraq&m=107393473928245&w=2
BUGTRAQ:20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
BUGTRAQ:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
FULLDISC:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
MISC:http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
http://www.osvdb.org/3428
OSVDB:3428
CVE-2003-0995
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
2003-12-17
2018-10-12
CVE-2003-0995
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039
MS:MS03-039
https://exchange.xforce.ibmcloud.com/vulnerabilities/13131
XF:win2k-message-queue-bo(13131)
CVE-2003-0996
Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
2003-12-17
2005-01-20
CVE-2003-0996
http://support.ca.com/techbases/rp/urc6x-secnote.html
CONFIRM:http://support.ca.com/techbases/rp/urc6x-secnote.html
http://www.secunia.com/advisories/10420/
SECUNIA:10420
CVE-2003-0997
Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
2003-12-17
2005-01-20
CVE-2003-0997
http://support.ca.com/techbases/rp/urc6x-secnote.html
CONFIRM:http://support.ca.com/techbases/rp/urc6x-secnote.html
http://www.secunia.com/advisories/10420/
SECUNIA:10420
CVE-2003-0998
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
2003-12-17
2004-09-02
CVE-2003-0998
http://support.ca.com/techbases/rp/urc5x-secnote.html
CONFIRM:http://support.ca.com/techbases/rp/urc5x-secnote.html
http://www.secunia.com/advisories/10420/
SECUNIA:10420
CVE-2003-0999
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
2003-12-17
2017-10-09
CVE-2003-0999
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4098
OVAL:oval:org.mitre.oval:def:4098
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57451
SUNALERT:57451
CVE-2003-1000
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
2003-12-17
2016-10-17
CVE-2003-1000
http://marc.info/?l=bugtraq&m=107152093419276&w=2
BUGTRAQ:20031214 GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service
http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html
CONFIRM:http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html
CVE-2003-1001
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
2003-12-17
CVE-2003-1001
http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml
CISCO:20031215 Cisco FWSM Vulnerabilities
CVE-2003-1002
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
2003-12-17
CVE-2003-1002
http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml
CISCO:20031215 Cisco FWSM Vulnerabilities
CVE-2003-1003
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
2003-12-17
CVE-2003-1003
http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml
CISCO:20031215 Cisco PIX Vulnerabilities
CVE-2003-1004
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
2003-12-17
CVE-2003-1004
http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml
CISCO:20031215 Cisco PIX Vulnerabilities
CVE-2003-1005
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
2005-04-14
2005-11-04
CVE-2003-1005
http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html
APPLE:APPLE-SA-2003-12-19
http://www.auscert.org.au/render.html?it=3704
AUSCERT:ESB-2003.0867
http://www.securityfocus.com/bid/9266
BID:9266
http://secunia.com/advisories/10474/
SECUNIA:10474
CVE-2003-1006
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
2004-03-10
2017-07-10
CVE-2003-1006
http://www.securityfocus.com/bid/9228
BID:9228
http://www.securityfocus.com/archive/1/347578
BUGTRAQ:20031215 Buffer overflow/privilege escalation in MacOS X
http://www.securityfocus.com/archive/1/347707
BUGTRAQ:20031216 Re: Buffer overflow/privilege escalation in MacOS X
http://www.securityfocus.com/archive/1/348097
BUGTRAQ:20031219 Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also
http://www.kb.cert.org/vuls/id/878526
CERT-VN:VU#878526
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
https://exchange.xforce.ibmcloud.com/vulnerabilities/13995
XF:macos-cd9660-bo(13995)
CVE-2003-1007
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
2004-03-10
2017-07-10
CVE-2003-1007
http://www.securityfocus.com/bid/9264
BID:9264
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://securitytracker.com/id?1008532
SECTRACK:1008532
https://exchange.xforce.ibmcloud.com/vulnerabilities/14051
XF:applefileserver-dos(14051)
CVE-2003-1008
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
2004-03-10
2017-07-10
CVE-2003-1008
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
https://exchange.xforce.ibmcloud.com/vulnerabilities/14195
XF:macos-screen-saver-bypass(14195)
CVE-2003-1009
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
2004-03-10
2017-07-10
CVE-2003-1009
http://www.securityfocus.com/bid/9110
BID:9110
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
http://docs.info.apple.com/article.html?artnum=32478
MISC:http://docs.info.apple.com/article.html?artnum=32478
http://www.carrel.org/dhcp-vuln.html
MISC:http://www.carrel.org/dhcp-vuln.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13874
XF:macos-dhcp-gain-privileges(13874)
CVE-2003-1010
Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors.
2004-03-10
2017-07-10
CVE-2003-1010
http://www.securityfocus.com/bid/9265
BID:9265
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
https://exchange.xforce.ibmcloud.com/vulnerabilities/14193
XF:macos-fsusage-gain-privileges(14193)
CVE-2003-1011
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
2004-03-10
2017-07-10
CVE-2003-1011
http://www.securityfocus.com/bid/8945
BID:8945
http://www.securityfocus.com/archive/1/343087
BUGTRAQ:20031031 Console Root On OSX up to 10.2.8
http://docs.info.apple.com/article.html?artnum=61798
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
https://exchange.xforce.ibmcloud.com/vulnerabilities/13573
XF:macos-ctrlc-gain-access(13573)
CVE-2003-1012
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.
2003-12-17
2017-10-09
CVE-2003-1012
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801
CONECTIVA:CLA-2004:801
http://www.ethereal.com/appnotes/enpa-sa-00012.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00012.html
http://www.debian.org/security/2004/dsa-407
DEBIAN:DSA-407
http://www.mandriva.com/security/advisories?name=MDKSA-2004:002
MANDRAKE:MDKSA-2004:002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10202
OVAL:oval:org.mitre.oval:def:10202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A856
OVAL:oval:org.mitre.oval:def:856
http://www.redhat.com/support/errata/RHSA-2004-001.html
REDHAT:RHSA-2004:001
http://www.redhat.com/support/errata/RHSA-2004-002.html
REDHAT:RHSA-2004:002
http://secunia.com/advisories/10531
SECUNIA:10531
http://secunia.com/advisories/10568
SECUNIA:10568
http://secunia.com/advisories/10570
SECUNIA:10570
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI:20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
CVE-2003-1013
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
2003-12-17
2017-10-09
CVE-2003-1013
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801
CONECTIVA:CLA-2004:801
http://www.ethereal.com/appnotes/enpa-sa-00012.html
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00012.html
http://www.debian.org/security/2003/dsa-407
DEBIAN:DSA-407
http://www.mandriva.com/security/advisories?name=MDKSA-2004:002
MANDRAKE:MDKSA-2004:002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10097
OVAL:oval:org.mitre.oval:def:10097
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A857
OVAL:oval:org.mitre.oval:def:857
http://www.redhat.com/support/errata/RHSA-2004-001.html
REDHAT:RHSA-2004:001
http://www.redhat.com/support/errata/RHSA-2004-002.html
REDHAT:RHSA-2004:002
http://secunia.com/advisories/10531
SECUNIA:10531
http://secunia.com/advisories/10568
SECUNIA:10568
http://secunia.com/advisories/10570
SECUNIA:10570
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI:20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
CVE-2003-1014
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients.
2004-09-24
2017-07-10
CVE-2003-1014
http://marc.info/?l=bugtraq&m=109517732328759&w=2
BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/17333
XF:mime-field-filtering-bypass(17333)
CVE-2003-1015
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients.
2004-09-24
2017-07-10
CVE-2003-1015
http://marc.info/?l=bugtraq&m=109525252118936&w=2
BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME field whitespace issue
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/9273
XF:mime-tools-incorrect-concatenation(9273)
CVE-2003-1016
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients.
2004-09-24
2017-07-10
CVE-2003-1016
http://marc.info/?l=bugtraq&m=109521027007616&w=2
BUGTRAQ:20040914 Corsaire Security Advisory - Multiple vendor MIME field quoting issue
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
MISC:http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/17336
XF:mime-quote-filtering-bypass(17336)
CVE-2003-1017
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
2003-12-17
2017-07-10
CVE-2003-1017
http://www.securityfocus.com/bid/8900
BID:8900
http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html
CONFIRM:http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/14013
XF:flash-file-predictable-location(14013)
CVE-2003-1018
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
2004-03-10
2017-07-10
CVE-2003-1018
AIXAPAR:IY45253
AIXAPAR:IY45329
AIXAPAR:IY46255
http://www.securityfocus.com/bid/9254
BID:9254
http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-20
IBM:MSS-OAR-E01-20
https://exchange.xforce.ibmcloud.com/vulnerabilities/14037
XF:aix-enq-format-string(14037)
CVE-2003-1019
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-1019
CVE-2003-1020
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
2003-12-23
2017-07-10
CVE-2003-1020
http://www.securityfocus.com/archive/1/347218
BUGTRAQ:20031211 irssi - potential remote crash
http://www.mandriva.com/security/advisories?name=MDKSA-2003:117
MANDRAKE:MDKSA-2003:117
https://exchange.xforce.ibmcloud.com/vulnerabilities/13973
XF:irssi-dos(13973)
CVE-2003-1021
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
2005-02-06
2017-07-10
CVE-2003-1021
http://www.securityfocus.com/bid/12372
BID:12372
http://www.kb.cert.org/vuls/id/972598
CERT-VN:VU#972598
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.5/SCOSA-2005.5.txt
SCO:SCOSA-2005.5
http://secunia.com/advisories/14012/
SECUNIA:14012
https://exchange.xforce.ibmcloud.com/vulnerabilities/19479
XF:openserver-scosession-gain-privilege(19479)
CVE-2003-1022
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.
2004-09-01
2007-11-12
CVE-2003-1022
http://www.securityfocus.com/bid/9377
BID:9377
http://www.ciac.org/ciac/bulletins/o-048.shtml
CIAC:O-048
http://www.debian.org/security/2004/dsa-416
DEBIAN:DSA-416
http://www.osvdb.org/3346
OSVDB:3346
https://exchange.xforce.ibmcloud.com/vulnerabilities/14154
XF:fspsuite-dot-directory-traversal(14154)
CVE-2003-1023
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
2004-01-06
2017-10-09
CVE-2003-1023
http://www.securityfocus.com/bid/8658
BID:8658
http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html
BUGTRAQ:20030919 uninitialized buffer in midnight commander
http://marc.info/?l=bugtraq&m=108118433222764&w=2
BUGTRAQ:20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt
CALDERA:CSSA-2004-014.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833
CONECTIVA:CLA-2004:833
http://www.debian.org/security/2004/dsa-424
DEBIAN:DSA-424
http://fedoranews.org/updates/FEDORA-2004-058.shtml
FEDORA:FEDORA-2004-058
http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html
FEDORA:FLSA:1224
http://security.gentoo.org/glsa/glsa-200403-09.xml
GENTOO:GLSA-200403-09
http://www.mandriva.com/security/advisories?name=MDKSA-2004:007
MANDRAKE:MDKSA-2004:007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822
OVAL:oval:org.mitre.oval:def:822
http://rhn.redhat.com/errata/RHSA-2004-034.html
REDHAT:RHSA-2004:034
http://rhn.redhat.com/errata/RHSA-2004-035.html
REDHAT:RHSA-2004:035
http://secunia.com/advisories/10645
SECUNIA:10645
http://secunia.com/advisories/10685
SECUNIA:10685
http://secunia.com/advisories/10716
SECUNIA:10716
http://secunia.com/advisories/10772
SECUNIA:10772
http://secunia.com/advisories/10823
SECUNIA:10823
http://secunia.com/advisories/11219
SECUNIA:11219
http://secunia.com/advisories/11262
SECUNIA:11262
http://secunia.com/advisories/11268
SECUNIA:11268
http://secunia.com/advisories/11296
SECUNIA:11296
http://secunia.com/advisories/9833
SECUNIA:9833
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
SGI:20040201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI:20040202-01-U
https://exchange.xforce.ibmcloud.com/vulnerabilities/13247
XF:midnight-commander-vfssresolvesymlink-bo(13247)
CVE-2003-1024
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.
2004-01-06
2017-10-09
CVE-2003-1024
http://www.securityfocus.com/bid/9280
BID:9280
http://www.kb.cert.org/vuls/id/281356
CERT-VN:VU#281356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1528
OVAL:oval:org.mitre.oval:def:1528
http://secunia.com/advisories/10486
SECUNIA:10486
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57455
SUNALERT:57455
https://exchange.xforce.ibmcloud.com/vulnerabilities/14065
XF:solaris-lsf-gain-privileges(14065)
CVE-2003-1025
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
2004-01-06
2018-10-12
CVE-2003-1025
http://www.securityfocus.com/archive/1/346948
BUGTRAQ:20031209 Internet Explorer URL parsing vulnerability
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
CERT:TA04-033A
http://www.kb.cert.org/vuls/id/652278
CERT-VN:VU#652278
http://www.zapthedingbat.com/security/ex01/vun1.htm
MISC:http://www.zapthedingbat.com/security/ex01/vun1.htm
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
MS:MS04-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490
OVAL:oval:org.mitre.oval:def:490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491
OVAL:oval:org.mitre.oval:def:491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510
OVAL:oval:org.mitre.oval:def:510
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511
OVAL:oval:org.mitre.oval:def:511
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512
OVAL:oval:org.mitre.oval:def:512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513
OVAL:oval:org.mitre.oval:def:513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526
OVAL:oval:org.mitre.oval:def:526
https://exchange.xforce.ibmcloud.com/vulnerabilities/13935
XF:ie-domain-url-spoofing(13935)
CVE-2003-1026
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
2004-01-08
2018-10-12
CVE-2003-1026
http://marc.info/?l=bugtraq&m=106979349517578&w=2
BUGTRAQ:20031125 BackToFramedJpu - a successor of BackToJpu attack
http://marc.info/?l=bugtraq&m=107038202225587&w=2
BUGTRAQ:20031201 Comments on 5 IE vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
CERT:TA04-033A
http://www.kb.cert.org/vuls/id/784102
CERT-VN:VU#784102
http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu
MISC:http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
MS:MS04-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630
OVAL:oval:org.mitre.oval:def:630
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643
OVAL:oval:org.mitre.oval:def:643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687
OVAL:oval:org.mitre.oval:def:687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689
OVAL:oval:org.mitre.oval:def:689
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745
OVAL:oval:org.mitre.oval:def:745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774
OVAL:oval:org.mitre.oval:def:774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805
OVAL:oval:org.mitre.oval:def:805
https://exchange.xforce.ibmcloud.com/vulnerabilities/13846
XF:ie-subframe-xss(13846)
CVE-2003-1027
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
2004-01-08
2018-10-12
CVE-2003-1027
http://marc.info/?l=bugtraq&m=106979479719446&w=2
BUGTRAQ:20031125 HijackClickV2 - a successor of HijackClick attack
http://marc.info/?l=bugtraq&m=107038202225587&w=2
BUGTRAQ:20031201 Comments on 5 IE vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA04-033A.html
CERT:TA04-033A
http://www.kb.cert.org/vuls/id/413886
CERT-VN:VU#413886
http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
MISC:http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
MS:MS04-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527
OVAL:oval:org.mitre.oval:def:527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529
OVAL:oval:org.mitre.oval:def:529
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530
OVAL:oval:org.mitre.oval:def:530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531
OVAL:oval:org.mitre.oval:def:531
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532
OVAL:oval:org.mitre.oval:def:532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534
OVAL:oval:org.mitre.oval:def:534
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629
OVAL:oval:org.mitre.oval:def:629
http://www.securitytracker.com/id?1006036
SECTRACK:1006036
https://exchange.xforce.ibmcloud.com/vulnerabilities/13844
XF:ie-method-perform-actions(13844)
CVE-2003-1028
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
2004-01-08
2017-07-10
CVE-2003-1028
http://marc.info/?l=bugtraq&m=106979624321665&w=2
BUGTRAQ:20031125 Invalid ContentType may disclose cache directory
http://marc.info/?l=bugtraq&m=106979428718705&w=2
BUGTRAQ:20031125 Note for "Invalid ContentType may disclose cache directory"
http://marc.info/?l=bugtraq&m=107038202225587&w=2
BUGTRAQ:20031201 Comments on 5 IE vulnerabilities
http://www.safecenter.net/UMBRELLAWEBV4/threadid10008
MISC:http://www.safecenter.net/UMBRELLAWEBV4/threadid10008
http://www.osvdb.org/7890
OSVDB:7890
https://exchange.xforce.ibmcloud.com/vulnerabilities/13847
XF:ie-download-directory-disclosure(13847)
CVE-2003-1029
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
2004-01-15
2018-10-19
CVE-2003-1029
http://marc.info/?l=bugtraq&m=107193841728533&w=2
BUGTRAQ:20031220 Remote crash in tcpdump from OpenBSD
http://marc.info/?l=bugtraq&m=107213553214985&w=2
BUGTRAQ:20031221 Re: Remote crash in tcpdump from OpenBSD
http://www.securityfocus.com/archive/1/350238/30/21640/threaded
BUGTRAQ:20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.
http://www.debian.org/security/2004/dsa-425
DEBIAN:DSA-425
http://lwn.net/Alerts/66805/
ENGARDE:ESA-20040119-002
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
MANDRAKE:MDKSA-2004:008
http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2
MLIST:[tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets
http://www.securitytracker.com/id?1008748
SECTRACK:1008748
http://secunia.com/advisories/10636
SECUNIA:10636
http://secunia.com/advisories/10652
SECUNIA:10652
http://secunia.com/advisories/10668
SECUNIA:10668
http://secunia.com/advisories/10718
SECUNIA:10718
CVE-2003-1030
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
2004-01-15
2017-07-10
CVE-2003-1030
http://www.securityfocus.com/bid/9213
BID:9213
http://marc.info/?l=bugtraq&m=107152094119279&w=2
BUGTRAQ:20031214 DameWare Mini Remote Control Server <= 3.72 Buffer Overflow
http://marc.info/?l=bugtraq&m=107187110617266&w=2
BUGTRAQ:20031219 [Exploit]: DameWare Mini Remote Control Server Overflow Exploit
http://marc.info/?l=bugtraq&m=107392603615840&w=2
BUGTRAQ:20040110 DameWare Mini Remote Control < v3.73 remote exploit by kralor]
http://www.kb.cert.org/vuls/id/909678
CERT-VN:VU#909678
http://sh0dan.org/files/dwmrcs372.txt
MISC:http://sh0dan.org/files/dwmrcs372.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/14001
XF:dameware-spoof-packet-bo(14001)
CVE-2003-1031
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
2004-01-22
CVE-2003-1031
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html
VULNWATCH:20030808 VBulletin New Member XSS Vulnerability
CVE-2003-1032
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.
2004-01-26
2016-12-15
CVE-2003-1032
http://www.securityfocus.com/bid/7787
BID:7787
http://marc.info/?l=bugtraq&m=105465813729100&w=2
BUGTRAQ:20030602 Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web
http://marc.info/?l=bugtraq&m=105484265218325&w=2
BUGTRAQ:20030605 Re: Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web
http://securitytracker.com/id?1006913
SECTRACK:1006913
CVE-2003-1033
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
2004-03-16
2017-07-10
CVE-2003-1033
http://www.securityfocus.com/bid/7407
BID:7407
http://www.securityfocus.com/bid/7408
BID:7408
http://marc.info/?l=bugtraq&m=105103613727471&w=2
BUGTRAQ:20030422 SRT2003-04-22-1336 - SAP DB Development Tools install flaw
http://listserv.sap.com/pipermail/sapdb.sources/2003-April/000143.html
MLIST:[SAP DB Dev] 20030422 Security Alert: Development Tools
https://exchange.xforce.ibmcloud.com/vulnerabilities/11842
XF:sap-db-gain-privileges(11842)
CVE-2003-1034
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
2004-03-16
2017-07-10
CVE-2003-1034
http://www.securityfocus.com/bid/7242
BID:7242
http://marc.info/?l=bugtraq&m=104914778303805&w=2
BUGTRAQ:20030331 SRT2003-03-31-1219 - SAP world writable server binaries
https://exchange.xforce.ibmcloud.com/vulnerabilities/11669
XF:sap-db-world-writable(11669)
CVE-2003-1035
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
2004-03-16
2018-10-19
CVE-2003-1035
http://www.securityfocus.com/bid/7007
BID:7007
http://www.securityfocus.com/archive/1/451378/100/0/threaded
BUGTRAQ:20061112 Old SAP exploits
http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html
FULLDISC:20030304 SAP R/3, account locking and RFC SDK
https://exchange.xforce.ibmcloud.com/vulnerabilities/11487
XF:sap-sapinfo-lockout-bypass(11487)
CVE-2003-1036
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
2004-03-16
2017-07-10
CVE-2003-1036
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
MISC:http://www.phenoelit.de/stuff/Phenoelit20c3.pd
https://exchange.xforce.ibmcloud.com/vulnerabilities/14186
XF:sap-multiple-bo(14186)
CVE-2003-1037
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
2004-03-16
2017-07-10
CVE-2003-1037
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
MISC:http://www.phenoelit.de/stuff/Phenoelit20c3.pd
http://securitytracker.com/id?1009453
SECTRACK:1009453
https://exchange.xforce.ibmcloud.com/vulnerabilities/15514
XF:sap-wgate-format-string(15514)
CVE-2003-1038
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
2004-03-16
2017-07-10
CVE-2003-1038
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
MISC:http://www.phenoelit.de/stuff/Phenoelit20c3.pd
https://exchange.xforce.ibmcloud.com/vulnerabilities/15516
XF:sap-agate-path-disclosure(15516)
CVE-2003-1039
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.
2004-03-16
2017-07-10
CVE-2003-1039
http://www.phenoelit.de/stuff/Phenoelit20c3.pd
MISC:http://www.phenoelit.de/stuff/Phenoelit20c3.pd
https://exchange.xforce.ibmcloud.com/vulnerabilities/15513
XF:mysap-host-header-bo(15513)
CVE-2003-1040
kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.
2004-03-23
2017-10-09
CVE-2003-1040
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
CONECTIVA:CLSA-2004:820
http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html%7Csrc/%7Csrc/kernel%7Chist/kernel/kmod.c
CONFIRM:http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9423
OVAL:oval:org.mitre.oval:def:9423
http://www.redhat.com/support/errata/RHSA-2004-065.html
REDHAT:RHSA-2004:065
http://www.redhat.com/support/errata/RHSA-2004-069.html
REDHAT:RHSA-2004:069
http://www.redhat.com/support/errata/RHSA-2004-106.html
REDHAT:RHSA-2004:106
http://www.redhat.com/support/errata/RHSA-2004-188.html
REDHAT:RHSA-2004:188
ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc
SGI:20040204-01-U
http://www.novell.com/linux/security/advisories/2003_049_kernel.html
SUSE:SuSE-SA:2003:049
https://exchange.xforce.ibmcloud.com/vulnerabilities/15577
XF:linux-kmod-signals-dos(15577)
CVE-2003-1041
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
2004-05-20
2018-10-12
CVE-2003-1041
http://www.securityfocus.com/bid/9320
BID:9320
http://www.securityfocus.com/archive/1/348521
BUGTRAQ:20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
CERT:TA04-196A
http://www.kb.cert.org/vuls/id/187196
CERT-VN:VU#187196
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023
MS:MS04-023
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186
OVAL:oval:org.mitre.oval:def:1186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943
OVAL:oval:org.mitre.oval:def:1943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514
OVAL:oval:org.mitre.oval:def:3514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956
OVAL:oval:org.mitre.oval:def:956
https://exchange.xforce.ibmcloud.com/vulnerabilities/14105
XF:ie-showhelp-directory-traversal(14105)
CVE-2003-1042
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
2004-06-03
2017-07-10
CVE-2003-1042
http://www.securityfocus.com/bid/8953
BID:8953
http://www.securityfocus.com/archive/1/343185
BUGTRAQ:20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
CONECTIVA:CLA-2003:774
http://bugzilla.mozilla.org/show_bug.cgi?id=214290
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=214290
https://exchange.xforce.ibmcloud.com/vulnerabilities/13594
XF:bugzilla-productname-sql-injection(13594)
CVE-2003-1043
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
2004-06-03
2017-07-10
CVE-2003-1043
http://www.securityfocus.com/bid/8953
BID:8953
http://www.securityfocus.com/archive/1/343185
BUGTRAQ:20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
CONECTIVA:CLA-2003:774
http://bugzilla.mozilla.org/show_bug.cgi?id=219044
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=219044
https://exchange.xforce.ibmcloud.com/vulnerabilities/13596
XF:bugzilla-url-sql-injection(13596)
CVE-2003-1044
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
2004-06-03
2017-07-10
CVE-2003-1044
http://www.securityfocus.com/bid/8953
BID:8953
http://www.securityfocus.com/archive/1/343185
BUGTRAQ:20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
CONECTIVA:CLA-2003:774
http://bugzilla.mozilla.org/show_bug.cgi?id=219690
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=219690
https://exchange.xforce.ibmcloud.com/vulnerabilities/13597
XF:bugzilla-groupid-gain-privileges(13597)
CVE-2003-1045
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.
2004-06-03
2017-07-10
CVE-2003-1045
http://www.securityfocus.com/bid/8953
BID:8953
http://www.securityfocus.com/archive/1/343185
BUGTRAQ:20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
CONECTIVA:CLA-2003:774
http://bugzilla.mozilla.org/show_bug.cgi?id=209376
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=209376
https://exchange.xforce.ibmcloud.com/vulnerabilities/13600
XF:bugzilla-obtain-information(13600)
CVE-2003-1046
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
2004-06-03
2017-07-10
CVE-2003-1046
http://www.securityfocus.com/bid/8953
BID:8953
http://www.securityfocus.com/archive/1/343185
BUGTRAQ:20031103 [BUGZILLA] Security Advisory - SQL injection, information leak
http://bugzilla.mozilla.org/show_bug.cgi?id=209742
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=209742
https://exchange.xforce.ibmcloud.com/vulnerabilities/13602
XF:bugzilla-describecomponents-obtain-info(13602)
CVE-2003-1047
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0540. Reason: This candidate is a duplicate of CVE-2004-0540. Notes: All CVE users should reference CVE-2004-0540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2004-06-08
2005-02-06
CVE-2003-1047
CVE-2003-1048
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
2004-07-21
2018-10-12
CVE-2003-1048
http://www.securityfocus.com/bid/8530
BID:8530
http://www.us-cert.gov/cas/techalerts/TA04-212A.html
CERT:TA04-212A
http://www.kb.cert.org/vuls/id/685364
CERT-VN:VU#685364
http://www.ciac.org/ciac/bulletins/o-191.shtml
CIAC:O-191
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html
FULLDISC:20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html
FULLDISC:20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html
FULLDISC:20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025
MS:MS04-025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793
OVAL:oval:org.mitre.oval:def:1793
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206
OVAL:oval:org.mitre.oval:def:206
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100
OVAL:oval:org.mitre.oval:def:2100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212
OVAL:oval:org.mitre.oval:def:212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236
OVAL:oval:org.mitre.oval:def:236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509
OVAL:oval:org.mitre.oval:def:509
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517
OVAL:oval:org.mitre.oval:def:517
https://exchange.xforce.ibmcloud.com/vulnerabilities/16804
XF:ie-mshtml-gif-bo(16804)
CVE-2003-1049
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.
2004-08-20
2017-07-10
CVE-2003-1049
http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only
AIXAPAR:IY44841
http://www-1.ibm.com/support/search.wss?rs=0&q=IY44842&apar=only
AIXAPAR:IY44842
http://www.securityfocus.com/bid/9243
BID:9243
https://exchange.xforce.ibmcloud.com/vulnerabilities/14030
XF:db2-dms-insecure-permissions(14030)
CVE-2003-1050
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
2004-08-20
2017-07-10
CVE-2003-1050
http://www.securityfocus.com/bid/8990
BID:8990
http://www.securityfocus.com/archive/1/343804
BUGTRAQ:20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
MISC:http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
XF:db2-multiple-binaries-bo(13633)
CVE-2003-1051
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
2004-08-20
2017-07-10
CVE-2003-1051
http://www.securityfocus.com/bid/8989
BID:8989
http://www.securityfocus.com/archive/1/343804
BUGTRAQ:20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
MISC:http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
XF:db2-multiple-binaries-bo(13633)
CVE-2003-1052
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
2004-08-20
2017-07-10
CVE-2003-1052
http://www.securityfocus.com/bid/8346
BID:8346
http://www.securityfocus.com/archive/1/331904
BUGTRAQ:20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries
https://exchange.xforce.ibmcloud.com/vulnerabilities/12826
XF:ibm-db2-gain-privileges(12826)
CVE-2003-1053
Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable.
2005-01-19
2017-07-10
CVE-2003-1053
http://www.securityfocus.com/bid/8770
BID:8770
http://www.securityfocus.com/bid/8776
BID:8776
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957
http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html
CONFIRM:http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html
http://secunia.com/advisories/9950
SECUNIA:9950
https://exchange.xforce.ibmcloud.com/vulnerabilities/13358
XF:xshisen-kconv-bo(13358)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13359
XF:xshisen-xshisenlib-bo(13359)
CVE-2003-1054
mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
2005-01-19
2005-03-21
CVE-2003-1054
http://www.securityfocus.com/bid/7375
BID:7375
http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html
CONFIRM:http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004555.html
FULLDISC:20030416 [VulnWatch] Apache mod_access_referer denial of service issue
http://sourceforge.net/project/shownotes.php?release_id=151905
MISC:http://sourceforge.net/project/shownotes.php?release_id=151905
http://secunia.com/advisories/8612
SECUNIA:8612
CVE-2003-1055
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
2005-02-08
2017-07-10
CVE-2003-1055
http://www.auscert.org.au/render.html?it=3224
AUSCERT:ESB-2003.0461
http://www.securityfocus.com/bid/7064
BID:7064
http://www.ciac.org/ciac/bulletins/n-113.shtml
CIAC:N-113
http://www.securitytracker.com/id?1006401
SECTRACK:1006401
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52222-1
SUNALERT:52222
https://exchange.xforce.ibmcloud.com/vulnerabilities/11641
XF:solaris-nssldapso1-bo(11641)
CVE-2003-1056
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
2005-02-08
2017-07-10
CVE-2003-1056
http://www.auscert.org.au/render.html?it=3688
AUSCERT:ESB-2003.0851
http://www.securityfocus.com/bid/9199
BID:9199
http://www.osvdb.org/2955
OSVDB:2955
http://secunia.com/advisories/10411
SECUNIA:10411
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57443-1
SUNALERT:57443
https://exchange.xforce.ibmcloud.com/vulnerabilities/13952
XF:solaris-ed1-tmpfile-insecure(13952)
CVE-2003-1057
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.
2005-02-08
2017-07-10
CVE-2003-1057
http://www.auscert.org.au/render.html?it=3675
AUSCERT:ESB-2003.0844
http://www.securityfocus.com/bid/9170
BID:9170
http://www.ciac.org/ciac/bulletins/o-035.shtml
CIAC:O-035
http://www.osvdb.org/2924
OSVDB:2924
http://secunia.com/advisories/10384
SECUNIA:10384
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57441-1
SUNALERT:57441
https://exchange.xforce.ibmcloud.com/vulnerabilities/13914
XF:cde-dtprintinfo-gain-privileges(13914)
CVE-2003-1058
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
2005-02-08
2017-07-10
CVE-2003-1058
http://www.securityfocus.com/bid/9147
BID:9147
http://www.ciac.org/ciac/bulletins/o-033.shtml
CIAC:O-033
http://www.osvdb.org/2892
OSVDB:2892
http://secunia.com/advisories/10346
SECUNIA:10346
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57419-1
SUNALERT:57419
https://exchange.xforce.ibmcloud.com/vulnerabilities/13890
XF:solaris-xsun-gain-privileges(13890)
CVE-2003-1059
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
2005-02-08
2017-07-10
CVE-2003-1059
http://www.securityfocus.com/bid/9076
BID:9076
http://www.ciac.org/ciac/bulletins/o-029.shtml
CIAC:O-029
http://www.osvdb.org/2839
OSVDB:2839
http://secunia.com/advisories/10267
SECUNIA:10267
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57360-1
SUNALERT:57360
https://exchange.xforce.ibmcloud.com/vulnerabilities/13792
XF:solaris-pgx32-gain-privileges(13792)
CVE-2003-1060
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
2005-02-08
2017-07-10
CVE-2003-1060
http://www.securityfocus.com/bid/8929
BID:8929
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57406-1
SUNALERT:57406
https://exchange.xforce.ibmcloud.com/vulnerabilities/13547
XF:solaris-nfs-ufs-dos(13547)
CVE-2003-1061
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
2005-02-08
2017-07-10
CVE-2003-1061
http://www.securityfocus.com/bid/8836
BID:8836
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57080-1
SUNALERT:57080
https://exchange.xforce.ibmcloud.com/vulnerabilities/13434
XF:solaris-race-dos(13434)
CVE-2003-1062
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.
2005-02-08
2017-07-10
CVE-2003-1062
http://www.securityfocus.com/bid/8831
BID:8831
http://secunia.com/advisories/10006/
SECUNIA:10006
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57340-1
SUNALERT:57340
https://exchange.xforce.ibmcloud.com/vulnerabilities/13435
XF:solaris-sysinfo-read-memory(13435)
CVE-2003-1063
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
2005-02-08
2017-07-10
CVE-2003-1063
http://www.securityfocus.com/bid/8461
BID:8461
http://www.ciac.org/ciac/bulletins/n-134.shtml
CIAC:N-134
http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-1
SUNALERT:56300
https://exchange.xforce.ibmcloud.com/vulnerabilities/12942
XF:solaris-cachefs-inetdconf-overwrite(12942)
CVE-2003-1064
Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
2005-02-08
2017-07-10
CVE-2003-1064
http://www.securityfocus.com/bid/8250
BID:8250
http://www.kb.cert.org/vuls/id/370060
CERT-VN:VU#370060
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55301-1
SUNALERT:55301
https://exchange.xforce.ibmcloud.com/vulnerabilities/12680
XF:solaris-ipv6-packet-dos(12680)
CVE-2003-1065
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).
2005-02-08
2017-07-10
CVE-2003-1065
http://www.securityfocus.com/bid/8253
BID:8253
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55340-1
SUNALERT:55340
https://exchange.xforce.ibmcloud.com/vulnerabilities/19437
XF:automountd-dos(19437)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19441
XF:openssh-ldap-dos(19441)
CVE-2003-1066
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
2005-02-08
2017-07-10
CVE-2003-1066
http://www.securityfocus.com/bid/7820
BID:7820
http://www.securityfocus.com/archive/1/324015
BUGTRAQ:20030604 Solaris syslogd overflow
http://secunia.com/advisories/8944/
SECUNIA:8944
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55440-1
SUNALERT:55440
https://exchange.xforce.ibmcloud.com/vulnerabilities/12194
XF:sun-syslogd-bo(12194)
CVE-2003-1067
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
2005-02-08
2017-07-10
CVE-2003-1067
http://www.securityfocus.com/bid/64758
BID:64758
http://www.securityfocus.com/bid/7991
BID:7991
http://www.ciac.org/ciac/bulletins/n-108.shtml
CIAC:N-108
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://secunia.com/advisories/9088/
SECUNIA:9088
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55420-1
SUNALERT:55420
https://exchange.xforce.ibmcloud.com/vulnerabilities/12379
XF:sun-database-functions-bo(12379)
CVE-2003-1068
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
2005-02-08
2017-07-10
CVE-2003-1068
http://www.securityfocus.com/bid/7835
BID:7835
http://www.ciac.org/ciac/bulletins/n-105.shtml
CIAC:N-105
http://secunia.com/advisories/8957/
SECUNIA:8957
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55260-1
SUNALERT:55260
https://exchange.xforce.ibmcloud.com/vulnerabilities/11083
XF:solaris-utmp-update-bo(11083)
CVE-2003-1069
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).
2005-02-08
2017-07-10
CVE-2003-1069
http://www.securityfocus.com/bid/7794
BID:7794
http://secunia.com/advisories/8935/
SECUNIA:8935
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54181-1
SUNALERT:54181
https://exchange.xforce.ibmcloud.com/vulnerabilities/12140
XF:sun-intelnetd-dos(12140)
CVE-2003-1070
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
2005-02-08
2017-07-10
CVE-2003-1070
http://www.securityfocus.com/bid/7455
BID:7455
http://secunia.com/advisories/8685/
SECUNIA:8685
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50922-1
SUNALERT:50922
https://exchange.xforce.ibmcloud.com/vulnerabilities/11906
XF:sun-rpcbind-dos(11906)
CVE-2003-1071
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
2005-02-08
2017-07-10
CVE-2003-1071
http://www.securityfocus.com/bid/6509
BID:6509
http://www.securityfocus.com/archive/1/305105
BUGTRAQ:20030103 Solaris 2.x /usr/sbin/wall Advisory
http://www.kb.cert.org/vuls/id/944241
CERT-VN:VU#944241
http://www.securitytracker.com/id?1005882
SECTRACK:1005882
http://www.securitytracker.com/id?1006682
SECTRACK:1006682
http://secunia.com/advisories/7825/
SECUNIA:7825
http://sunsolve.sun.com/search/document.do?assetkey=1-26-51980-1
SUNALERT:51980
https://exchange.xforce.ibmcloud.com/vulnerabilities/11608
XF:solaris-wall-message-spoofing(11608)
CVE-2003-1072
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
2005-02-08
2017-07-10
CVE-2003-1072
http://www.securityfocus.com/bid/7454
BID:7454
http://secunia.com/advisories/8686/
SECUNIA:8686
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54100-1
SUNALERT:54100
https://exchange.xforce.ibmcloud.com/vulnerabilities/11895
XF:sun-lofiadm-dos(11895)
CVE-2003-1073
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
2005-02-08
2017-07-10
CVE-2003-1073
http://www.securityfocus.com/bid/6692
BID:6692
http://www.securityfocus.com/bid/6693
BID:6693
http://www.securityfocus.com/archive/1/308577
BUGTRAQ:20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities
http://www.ciac.org/ciac/bulletins/n-070.shtml
CIAC:N-070
http://isec.pl/vulnerabilities/isec-0008-sun-at.txt
MISC:http://isec.pl/vulnerabilities/isec-0008-sun-at.txt
http://www.securitytracker.com/id?1005994
SECTRACK:1005994
http://secunia.com/advisories/7960/
SECUNIA:7960
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1
SUNALERT:50161
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html
VULNWATCH:20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11179
XF:solaris-at-directory-traversal(11179)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11180
XF:solaris-at-race-condition(11180)
CVE-2003-1074
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
2005-02-08
2017-07-10
CVE-2003-1074
http://www.securityfocus.com/bid/7252
BID:7252
http://www.ciac.org/ciac/bulletins/n-069.shtml
CIAC:N-069
http://www.securitytracker.com/id?1006411
SECTRACK:1006411
http://secunia.com/advisories/8454/
SECUNIA:8454
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52111-1
SUNALERT:52111
https://exchange.xforce.ibmcloud.com/vulnerabilities/11657
XF:solaris-newtask-root-access(11657)
CVE-2003-1075
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
2005-02-08
2017-07-10
CVE-2003-1075
http://www.securityfocus.com/bid/6709
BID:6709
http://www.securitytracker.com/id?1005996
SECTRACK:1005996
http://secunia.com/advisories/7968/
SECUNIA:7968
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50240-1
SUNALERT:50240
https://exchange.xforce.ibmcloud.com/vulnerabilities/11186
XF:solaris-ftpd-dos(11186)
CVE-2003-1076
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
2005-02-08
2017-07-10
CVE-2003-1076
http://www.securityfocus.com/bid/7033
BID:7033
http://www.ciac.org/ciac/bulletins/n-050.shtml
CIAC:N-050
http://www.securitytracker.com/id?1006234
SECTRACK:1006234
http://secunia.com/advisories/8235/
SECUNIA:8235
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50904-1
SUNALERT:50904
https://exchange.xforce.ibmcloud.com/vulnerabilities/11496
XF:solaris-sendmail-forward-privileges(11496)
CVE-2003-1077
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).
2005-02-08
2017-07-10
CVE-2003-1077
http://www.securityfocus.com/bid/7032
BID:7032
http://www.securitytracker.com/id?1006233
SECTRACK:1006233
http://secunia.com/advisories/8234/
SECUNIA:8234
http://sunsolve.sun.com/search/document.do?assetkey=1-26-51300-1
SUNALERT:51300
https://exchange.xforce.ibmcloud.com/vulnerabilities/11481
XF:solaris-ufs-logging-dos(11481)
CVE-2003-1078
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
2005-02-08
2017-07-10
CVE-2003-1078
http://www.securityfocus.com/bid/6989
BID:6989
http://www.securitytracker.com/id?1006195
SECTRACK:1006195
http://secunia.com/advisories/8186/
SECUNIA:8186
http://sunsolve.sun.com/search/document.do?assetkey=1-26-51081-1
SUNALERT:51081
https://exchange.xforce.ibmcloud.com/vulnerabilities/11436
XF:solaris-ftp-plaintext-password(11436)
CVE-2003-1079
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.
2005-02-08
2017-07-10
CVE-2003-1079
http://www.securityfocus.com/bid/6883
BID:6883
http://www.securitytracker.com/id?1006131
SECTRACK:1006131
http://secunia.com/advisories/8092/
SECUNIA:8092
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50626-1
SUNALERT:50626
https://exchange.xforce.ibmcloud.com/vulnerabilities/11368
XF:solaris-udp-rpc-dos(11368)
CVE-2003-1080
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
2005-02-08
2017-07-10
CVE-2003-1080
http://www.securityfocus.com/bid/6838
BID:6838
http://www.securitytracker.com/id?1006084
SECTRACK:1006084
http://secunia.com/advisories/8058/
SECUNIA:8058
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50751-1
SUNALERT:50751
https://exchange.xforce.ibmcloud.com/vulnerabilities/11303
XF:solaris-mail-unauthorized-access(11303)
CVE-2003-1081
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
2005-02-08
2017-07-10
CVE-2003-1081
http://www.auscert.org.au/render.html?it=3411&cid=1
AUSCERT:ESB-2003.0621
http://www.securityfocus.com/bid/5698
BID:5698
http://www.kb.cert.org/vuls/id/464817
CERT-VN:VU#464817
http://www.ciac.org/ciac/bulletins/o-001.shtml
CIAC:O-001
http://sunsolve.sun.com/search/document.do?assetkey=1-26-46903-1
SUNALERT:46903
https://exchange.xforce.ibmcloud.com/vulnerabilities/10105
XF:solaris-aspppls-tmpfile-symlink(10105)
CVE-2003-1082
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.
2005-02-08
2017-07-10
CVE-2003-1082
http://www.securityfocus.com/bid/6639
BID:6639
http://www.kb.cert.org/vuls/id/596748
CERT-VN:VU#596748
http://www.ciac.org/ciac/bulletins/n-105.shtml
CIAC:N-105
http://www.securitytracker.com/id?1005935
SECTRACK:1005935
http://secunia.com/advisories/7892
SECUNIA:7892
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50008-1
SUNALERT:50008
https://exchange.xforce.ibmcloud.com/vulnerabilities/11083
XF:solaris-utmp-update-bo(11083)
CVE-2003-1083
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
2005-02-13
2017-07-10
CVE-2003-1083
http://www.securityfocus.com/bid/9099
BID:9099
http://www.securityfocus.com/archive/1/345417
BUGTRAQ:20031124 Monit 4.1 HTTP interface multiple security vulnerabilities
http://www.kb.cert.org/vuls/id/623854
CERT-VN:VU#623854
http://www.tildeslash.com/monit/dist/CHANGES.txt
CONFIRM:http://www.tildeslash.com/monit/dist/CHANGES.txt
http://security.gentoo.org/glsa/glsa-200403-14.xml
GENTOO:GLSA-200403-14
http://secunia.com/advisories/10280
SECUNIA:10280
https://exchange.xforce.ibmcloud.com/vulnerabilities/13817
XF:monit-http-bo(13817)
CVE-2003-1084
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
2005-02-13
2017-07-10
CVE-2003-1084
http://www.securityfocus.com/bid/9098
BID:9098
http://www.securityfocus.com/archive/1/345417
BUGTRAQ:20031124 Monit 4.1 HTTP interface multiple security vulnerabilities
http://www.kb.cert.org/vuls/id/206382
CERT-VN:VU#206382
http://www.tildeslash.com/monit/dist/CHANGES.txt
CONFIRM:http://www.tildeslash.com/monit/dist/CHANGES.txt
http://security.gentoo.org/glsa/glsa-200403-14.xml
GENTOO:GLSA-200403-14
http://secunia.com/advisories/10280
SECUNIA:10280
https://exchange.xforce.ibmcloud.com/vulnerabilities/13818
XF:monit-negative-content-dos(13818)
CVE-2003-1085
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.
2005-02-21
2017-07-10
CVE-2003-1085
http://www.securityfocus.com/bid/9091
BID:9091
http://www.securityfocus.com/archive/1/345414
BUGTRAQ:20031123 Thomnson TCM315 Denial of service
http://marc.info/?l=bugtraq&m=110888093214678&w=2
BUGTRAQ:20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014062.html
FULLDISC:20031123 Thomnson TCM315 Denial of service
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014068.html
FULLDISC:20031124 Thomnson TCM315 Denial of service
http://marc.info/?l=full-disclosure&m=110880725322192&w=2
FULLDISC:20050219 Thomson TCW690 Denial Of Service Vulnerability
http://www.shellsec.net/leer_advisory.php?id=2
MISC:http://www.shellsec.net/leer_advisory.php?id=2
http://secunia.com/advisories/10286
SECUNIA:10286
http://secunia.com/advisories/14353
SECUNIA:14353
https://exchange.xforce.ibmcloud.com/vulnerabilities/13815
XF:thomson-http-get-dos(13815)
CVE-2003-1086
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code.
2005-02-23
2016-10-17
CVE-2003-1086
http://marc.info/?l=bugtraq&m=105638414205498&w=2
BUGTRAQ:20030623 pMachine (PHP) : Include() Security Hole
http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C
CONFIRM:http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C
CVE-2003-1087
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.
2005-02-26
2017-07-10
CVE-2003-1087
http://www.securityfocus.com/bid/7827
BID:7827
http://marc.info/?l=bugtraq&m=109292319608851&w=2
HP:SSRT3460
http://secunia.com/advisories/8971
SECUNIA:8971
https://exchange.xforce.ibmcloud.com/vulnerabilities/12199
XF:hp-diagmond-dos(12199)
CVE-2003-1088
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
2005-03-07
2017-07-10
CVE-2003-1088
http://www.securityfocus.com/bid/8388
BID:8388
http://marc.info/?l=bugtraq&m=106063199925536&w=2
BUGTRAQ:20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure
http://securitytracker.com/id?1013365
SECTRACK:1013365
http://secunia.com/advisories/9497
SECUNIA:9497
https://exchange.xforce.ibmcloud.com/vulnerabilities/12867
XF:zorum-index-xss(12867)
CVE-2003-1089
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message.
2005-03-07
2017-07-10
CVE-2003-1089
http://www.securityfocus.com/bid/8396
BID:8396
http://marc.info/?l=bugtraq&m=106063199925536&w=2
BUGTRAQ:20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure
http://securitytracker.com/id?1013365
SECTRACK:1013365
https://exchange.xforce.ibmcloud.com/vulnerabilities/12868
XF:zorum-index-path-disclosure(12868)
CVE-2003-1090
Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.
2005-03-10
2017-07-10
CVE-2003-1090
http://www.securityfocus.com/bid/6785
BID:6785
http://marc.info/?l=bugtraq&m=104454984001076&w=2
BUGTRAQ:20030206 AbsoluteTelnet 2.00 buffer overflow.
http://www.kb.cert.org/vuls/id/666073
CERT-VN:VU#666073
http://www.osvdb.org/16024
OSVDB:16024
https://exchange.xforce.ibmcloud.com/vulnerabilities/11265
XF:absolutetelnet-title-bar-bo(11265)
CVE-2003-1091
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.
2005-03-10
2017-07-10
CVE-2003-1091
http://www.securityfocus.com/bid/7660
BID:7660
http://archives.neohapsis.com/archives/bugtraq/2003-05/0245.html
BUGTRAQ:20030522 QuickTime/Darwin Streaming Server security issues
http://www.kb.cert.org/vuls/id/148564
CERT-VN:VU#148564
http://securitytracker.com/id?1006822
SECTRACK:1006822
https://exchange.xforce.ibmcloud.com/vulnerabilities/12054
XF:darwin-mp3broadcaster-code-execution(12054)
CVE-2003-1092
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
2005-03-10
2017-07-10
CVE-2003-1092
http://www.securityfocus.com/bid/7009
BID:7009
http://www.kb.cert.org/vuls/id/100937
CERT-VN:VU#100937
http://www.securityfocus.com/archive/1/313847
OPENPKG:OpenPKG-SA-2003.017
https://exchange.xforce.ibmcloud.com/vulnerabilities/11488
XF:file-afctr-memory-allocation(11488)
CVE-2003-1093
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
2005-03-10
2017-07-10
CVE-2003-1093
http://www.securityfocus.com/bid/6586
BID:6586
http://www.kb.cert.org/vuls/id/331937
CERT-VN:VU#331937
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/11057
XF:weblogic-error-password-disclosure(11057)
CVE-2003-1094
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
2005-03-10
2017-07-10
CVE-2003-1094
http://www.securityfocus.com/bid/8320
BID:8320
http://www.kb.cert.org/vuls/id/999788
CERT-VN:VU#999788
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/12799
XF:weblogic-gain-privileges(12799)
CVE-2003-1095
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
2005-03-10
2017-07-10
CVE-2003-1095
http://www.securityfocus.com/bid/7130
BID:7130
http://www.kb.cert.org/vuls/id/691153
CERT-VN:VU#691153
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/11555
XF:weblogic-app-reauthentication-bypass(11555)
CVE-2003-1096
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
2005-03-10
2017-07-10
CVE-2003-1096
http://www.securityfocus.com/bid/8755
BID:8755
http://www.securityfocus.com/archive/1/340119
BUGTRAQ:20031003 Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable
http://www.securityfocus.com/archive/1/340365
BUGTRAQ:20031006 Weaknesses in LEAP Challenge/Response
http://marc.info/?l=bugtraq&m=108135227731965&w=2
BUGTRAQ:20040407 Release of Cisco Attack tool Asleap
http://www.kb.cert.org/vuls/id/473108
CERT-VN:VU#473108
http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml
CISCO:20030803 Dictionary Attack on Cisco LEAP Vulnerability
http://www.osvdb.org/15209
OSVDB:15209
https://exchange.xforce.ibmcloud.com/vulnerabilities/12804
XF:cisco-leap-dictionary(12804)
CVE-2003-1097
Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.
2005-03-11
2017-10-09
CVE-2003-1097
http://www.securityfocus.com/bid/7459
BID:7459
http://archives.neohapsis.com/archives/bugtraq/2003-04/0374.html
BUGTRAQ:20030429 HPUX rexec buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/322540
CERT-VN:VU#322540
http://www.ciac.org/ciac/bulletins/n-088.shtml
CIAC:N-088
http://www.kb.cert.org/vuls/id/CRDY-5MJKM4
HP:HPSBUX0304-257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5611
OVAL:oval:org.mitre.oval:def:5611
https://exchange.xforce.ibmcloud.com/vulnerabilities/11890
XF:hp-rexec-command-bo(11890)
CVE-2003-1098
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
2005-03-11
2017-10-09
CVE-2003-1098
http://www.securityfocus.com/bid/6638
BID:6638
http://www.kb.cert.org/vuls/id/862401
CERT-VN:VU#862401
http://www.kb.cert.org/vuls/id/IAFY-5HVQDJ
HP:HPSBUX0301-238
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5765
OVAL:oval:org.mitre.oval:def:5765
http://www.securitytracker.com/id?1005936
SECTRACK:1005936
https://exchange.xforce.ibmcloud.com/vulnerabilities/11094
XF:hp-xserver-gain-privileges(11094)
CVE-2003-1099
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
2005-03-11
2017-10-09
CVE-2003-1099
http://www.securityfocus.com/bid/9141
BID:9141
http://www.kb.cert.org/vuls/id/509454
CERT-VN:VU#509454
http://www.ciac.org/ciac/bulletins/o-032.shtml
CIAC:O-032
http://www.kb.cert.org/vuls/id/CRDY-5VFQA3
HP:HPSBUX0312-304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788
OVAL:oval:org.mitre.oval:def:5788
http://secunia.com/advisories/10339
SECUNIA:10339
https://exchange.xforce.ibmcloud.com/vulnerabilities/13882
XF:hp-shar-tmpfile-symlink(13882)
CVE-2003-1100
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.
2005-03-11
2017-07-10
CVE-2003-1100
http://www.securityfocus.com/bid/8815
BID:8815
http://www.kb.cert.org/vuls/id/488684
CERT-VN:VU#488684
http://www.procheckup.com/security_info/vuln_pr0305.html
MISC:http://www.procheckup.com/security_info/vuln_pr0305.html
http://secunia.com/advisories/9985
SECUNIA:9985
https://exchange.xforce.ibmcloud.com/vulnerabilities/13399
XF:hummingbird-docsfusionserver-multiple-xss(13399)
CVE-2003-1101
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.
2005-03-11
2017-07-10
CVE-2003-1101
http://www.securityfocus.com/bid/8816
BID:8816
http://www.kb.cert.org/vuls/id/715548
CERT-VN:VU#715548
http://www.procheckup.com/security_info/vuln_pr0303.html
MISC:http://www.procheckup.com/security_info/vuln_pr0303.html
http://secunia.com/advisories/9985
SECUNIA:9985
https://exchange.xforce.ibmcloud.com/vulnerabilities/13398
XF:Hummingbird-docsfusionserver-disclose-path(13398)
CVE-2003-1102
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.
2005-03-11
2017-07-10
CVE-2003-1102
http://www.kb.cert.org/vuls/id/989580
CERT-VN:VU#989580
http://www.procheckup.com/security_info/vuln_pr0302.html
MISC:http://www.procheckup.com/security_info/vuln_pr0302.html
http://secunia.com/advisories/9985
SECUNIA:9985
https://exchange.xforce.ibmcloud.com/vulnerabilities/13397
XF:Hummingbird-docsfusionserver-file-access(13397)
CVE-2003-1103
SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.
2005-03-11
2017-07-10
CVE-2003-1103
http://www.securityfocus.com/bid/8800
BID:8800
http://www.kb.cert.org/vuls/id/368300
CERT-VN:VU#368300
http://www.procheckup.com/security_info/vuln_pr0304.html
MISC:http://www.procheckup.com/security_info/vuln_pr0304.html
http://secunia.com/advisories/9985
SECUNIA:9985
https://exchange.xforce.ibmcloud.com/vulnerabilities/13401
XF:hummingbird-docsfusionserver-sql-injection(13401)
CVE-2003-1104
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
2005-03-11
2017-07-10
CVE-2003-1104
http://www.securityfocus.com/bid/7154
BID:7154
http://archives.neohapsis.com/archives/bugtraq/2003-03/0307.html
BUGTRAQ:20030320 IBM Tivoli Firewall Security Toolbox buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/210937
CERT-VN:VU#210937
http://secunia.com/advisories/8349
SECUNIA:8349
https://exchange.xforce.ibmcloud.com/vulnerabilities/11584
XF:tivoli-tfst-relay-bo(11584)
CVE-2003-1105
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
2005-03-11
2018-10-12
CVE-2003-1105
http://www.kb.cert.org/vuls/id/813208
CERT-VN:VU#813208
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032
MS:MS03-032
https://exchange.xforce.ibmcloud.com/vulnerabilities/13029
XF:ie-input-type-dos(13029)
CVE-2003-1106
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
2005-03-11
2006-06-17
CVE-2003-1106
http://www.securityfocus.com/bid/8195
BID:8195
http://www.kb.cert.org/vuls/id/155252
CERT-VN:VU#155252
http://support.microsoft.com/default.aspx?kbid=330716
MSKB:330716
CVE-2003-1107
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
2005-03-11
2017-07-10
CVE-2003-1107
http://www.kb.cert.org/vuls/id/222044
CERT-VN:VU#222044
http://support.microsoft.com/default.aspx?scid=kb;en-us;828026
MSKB:828026
https://exchange.xforce.ibmcloud.com/vulnerabilities/13375
XF:mediaplayer-dhtml-code-execution(13375)
CVE-2003-1108
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-10-09
CVE-2003-1108
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5831
OVAL:oval:org.mitre.oval:def:5831
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1109
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-07-10
CVE-2003-1109
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
CISCO:20030221 Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
http://www.securitytracker.com/id?1006143
SECTRACK:1006143
http://www.securitytracker.com/id?1006144
SECTRACK:1006144
http://www.securitytracker.com/id?1006145
SECTRACK:1006145
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1110
The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-07-10
CVE-2003-1110
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html
CONFIRM:http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
http://securitytracker.com/id?1006167
SECTRACK:1006167
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1111
The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-07-10
CVE-2003-1111
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.dynamicsoft.com/support/advisory/ca-2003-06.php
CONFIRM:http://www.dynamicsoft.com/support/advisory/ca-2003-06.php
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1112
The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-07-10
CVE-2003-1112
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1113
The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-07-10
CVE-2003-1113
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.iptel.org/ser/security/
CONFIRM:http://www.iptel.org/ser/security/
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1114
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-07-10
CVE-2003-1114
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1115
The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
2005-03-11
2017-07-10
CVE-2003-1115
http://www.securityfocus.com/bid/6904
BID:6904
http://www.cert.org/advisories/CA-2003-06.html
CERT:CA-2003-06
http://www.kb.cert.org/vuls/id/528719
CERT-VN:VU#528719
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
https://exchange.xforce.ibmcloud.com/vulnerabilities/11379
XF:sip-invite(11379)
CVE-2003-1116
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.
2005-03-12
2017-07-10
CVE-2003-1116
http://www.securityfocus.com/bid/7325
BID:7325
http://marc.info/?l=bugtraq&m=105012832418415&w=2
BUGTRAQ:20030411 Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability
http://www.kb.cert.org/vuls/id/168873
CERT-VN:VU#168873
http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf
http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm
MISC:http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm
http://securitytracker.com/id?1006550
SECTRACK:1006550
https://exchange.xforce.ibmcloud.com/vulnerabilities/11768
XF:oracle-rra-authentication-bypass(11768)
CVE-2003-1117
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2005-03-12
2017-07-10
CVE-2003-1117
http://www.kb.cert.org/vuls/id/143627
CERT-VN:VU#143627
http://www.kb.cert.org/vuls/id/912219
CERT-VN:VU#912219
http://service.real.com/help/faq/security/bufferoverflow.html
CONFIRM:http://service.real.com/help/faq/security/bufferoverflow.html
http://securitytracker.com/id?1003604
SECTRACK:1003604
https://exchange.xforce.ibmcloud.com/vulnerabilities/11362
XF:realsystem-malformed-url-bo(11362)
CVE-2003-1118
Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.
2005-03-12
2017-07-10
CVE-2003-1118
http://www.securityfocus.com/bid/7292
BID:7292
http://www.kb.cert.org/vuls/id/146785
CERT-VN:VU#146785
http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004383.html
FULLDISC:20030406 Seti@home information leakage and remote compromise
https://exchange.xforce.ibmcloud.com/vulnerabilities/11731
XF:seti@home-newline-bo(11731)
CVE-2003-1119
SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.
2005-03-12
2021-06-15
CVE-2003-1119
http://www.kb.cert.org/vuls/id/333980
CERT-VN:VU#333980
http://www.ssh.com/company/newsroom/article/476/
CONFIRM:http://www.ssh.com/company/newsroom/article/476/
CVE-2003-1120
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
2005-03-12
2017-07-10
CVE-2003-1120
http://www.securityfocus.com/bid/9956
BID:9956
http://www.kb.cert.org/vuls/id/814198
CERT-VN:VU#814198
http://www.ssh.com/company/newsroom/article/520/
CONFIRM:http://www.ssh.com/company/newsroom/article/520/
http://www.osvdb.org/displayvuln.php?osvdb_id=4491
OSVDB:4491
http://securitytracker.com/alerts/2004/Mar/1009532.html
SECTRACK:1009532
http://secunia.com/advisories/11193
SECUNIA:11193
https://exchange.xforce.ibmcloud.com/vulnerabilities/15585
XF:sshtectiaserver-passwdplugin-race-condition(15585)
CVE-2003-1121
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
2005-03-12
2017-07-10
CVE-2003-1121
http://www.securityfocus.com/bid/7475
BID:7475
http://www.securityfocus.com/bid/7477
BID:7477
http://www.kb.cert.org/vuls/id/231705
CERT-VN:VU#231705
http://www.kb.cert.org/vuls/id/609137
CERT-VN:VU#609137
http://www.kb.cert.org/vuls/id/CRDY-5EXQRP
CONFIRM:http://www.kb.cert.org/vuls/id/CRDY-5EXQRP
http://www.kb.cert.org/vuls/id/CRDY-5EXQSV
CONFIRM:http://www.kb.cert.org/vuls/id/CRDY-5EXQSV
https://exchange.xforce.ibmcloud.com/vulnerabilities/11920
XF:scriptlogic-rpc-modify-registry(11920)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11921
XF:scriptlogic-runadmin-admin-access(11921)
CVE-2003-1122
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.
2005-03-12
2017-07-10
CVE-2003-1122
http://www.securityfocus.com/bid/7476
BID:7476
http://www.kb.cert.org/vuls/id/813737
CERT-VN:VU#813737
http://www.kb.cert.org/vuls/id/CRDY-5EXQT9
MISC:http://www.kb.cert.org/vuls/id/CRDY-5EXQT9
https://exchange.xforce.ibmcloud.com/vulnerabilities/11922
XF:scriptlogic-logs$-insecure-permissions(11922)
CVE-2003-1123
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.
2005-03-12
2017-07-10
CVE-2003-1123
http://www.securityfocus.com/bid/7824
BID:7824
http://www.kb.cert.org/vuls/id/393292
CERT-VN:VU#393292
http://securitytracker.com/id?1006935
SECTRACK:1006935
http://secunia.com/advisories/8958
SECUNIA:8958
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55100-1
SUNALERT:55100
https://exchange.xforce.ibmcloud.com/vulnerabilities/12189
XF:sun-applet-access-information(12189)
CVE-2003-1124
Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.
2005-03-12
2017-07-10
CVE-2003-1124
http://www.securityfocus.com/bid/7960
BID:7960
http://www.kb.cert.org/vuls/id/758932
CERT-VN:VU#758932
http://secunia.com/advisories/9073
SECUNIA:9073
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55141-1
SUNALERT:55141
https://exchange.xforce.ibmcloud.com/vulnerabilities/12343
XF:sunmc-files-writable-permissions(12343)
CVE-2003-1125
Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).
2005-03-12
CVE-2003-1125
http://www.kb.cert.org/vuls/id/195644
CERT-VN:VU#195644
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52102-1
SUNALERT:52102
CVE-2003-1126
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
2005-03-12
CVE-2003-1126
http://www.kb.cert.org/vuls/id/636964
CERT-VN:VU#636964
http://secunia.com/advisories/9541
SECUNIA:9541
http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1
SUNALERT:56180
CVE-2003-1127
Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor.
2005-03-12
2017-07-10
CVE-2003-1127
http://www.securityfocus.com/bid/9431
BID:9431
http://www.kb.cert.org/vuls/id/371470
CERT-VN:VU#371470
http://www.procheckup.com/security_info/vuln_pr0307.html
MISC:http://www.procheckup.com/security_info/vuln_pr0307.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/14869
XF:egap-url-information-disclosure(14869)
CVE-2003-1128
XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086.
2005-03-12
2017-07-10
CVE-2003-1128
http://www.securityfocus.com/bid/7534
BID:7534
http://www.kb.cert.org/vuls/id/583020
CERT-VN:VU#583020
http://www.x2studios.com/index.php?page=kb&id=16
CONFIRM:http://www.x2studios.com/index.php?page=kb&id=16
http://secunia.com/advisories/8775
SECUNIA:8775
https://exchange.xforce.ibmcloud.com/vulnerabilities/12139
XF:xmms-remote-command-execution(12139)
CVE-2003-1129
Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
2005-03-12
2017-07-10
CVE-2003-1129
http://www.securityfocus.com/bid/7561
BID:7561
http://www.securityfocus.com/archive/1/323439
BUGTRAQ:20030530 Yahoo! Security Advisory: Yahoo! Voice Chat
http://www.kb.cert.org/vuls/id/272644
CERT-VN:VU#272644
http://help.yahoo.com/help/us/mesg/use/use-45.html
CONFIRM:http://help.yahoo.com/help/us/mesg/use/use-45.html
http://secunia.com/advisories/8924
SECUNIA:8924
https://exchange.xforce.ibmcloud.com/vulnerabilities/12130
XF:yahoo-audio-bo(12130)
CVE-2003-1130
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-03-12
2005-04-05
CVE-2003-1130
CVE-2003-1131
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code.
2005-03-20
2017-07-10
CVE-2003-1131
http://www.securityfocus.com/bid/9292
BID:9292
http://www.securityfocus.com/archive/1/348359
BUGTRAQ:20031224 Remote Code Execution in Knowledge Builder.
http://marc.info/?l=bugtraq&m=111066494323543&w=2
BUGTRAQ:20050312 KnowledgeBase
http://www.osvdb.org/3228
OSVDB:3228
http://secunia.com/advisories/10504
SECUNIA:10504
https://exchange.xforce.ibmcloud.com/vulnerabilities/14078
XF:knowledgebuilder-indexphp-file-include(14078)
CVE-2003-1132
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
2005-04-21
CVE-2003-1132
http://www.kb.cert.org/vuls/id/714121
CERT-VN:VU#714121
http://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml
CISCO:20041008 Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability
CVE-2003-1133
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
2005-05-10
2017-07-10
CVE-2003-1133
http://www.securityfocus.com/bid/8891
BID:8891
http://www.securityfocus.com/archive/1/342485
BUGTRAQ:20031025 Some serious security holes in 'The Bat!'
http://securitytracker.com/id?1008004
SECTRACK:1008004
https://exchange.xforce.ibmcloud.com/vulnerabilities/13527
XF:thebat-access-email(13527)
CVE-2003-1134
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
2005-05-10
CVE-2003-1134
http://www.securityfocus.com/bid/8892
BID:8892
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html
FULLDISC:20031026 Java 1.4.2_02 InsecurityManager JVM crash
CVE-2003-1135
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
2005-05-10
CVE-2003-1135
http://www.securityfocus.com/bid/8894
BID:8894
http://www.securityfocus.com/archive/1/342472
BUGTRAQ:20031026 Buffer Overflow in Yahoo messenger Client
CVE-2003-1136
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
2005-05-10
2017-07-10
CVE-2003-1136
http://www.securityfocus.com/bid/8895
BID:8895
http://www.securityfocus.com/bid/8896
BID:8896
http://www.securityfocus.com/archive/1/342475
BUGTRAQ:20031026 New Vulnerability
http://www.osvdb.org/2718
OSVDB:2718
http://securitytracker.com/id?1008006
SECTRACK:1008006
http://secunia.com/advisories/10080
SECUNIA:10080
https://exchange.xforce.ibmcloud.com/vulnerabilities/13523
XF:guestbook-doublequotation-xss(13523)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13522
XF:guestbook-html-xss(13522)
CVE-2003-1137
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.
2005-05-10
2017-07-10
CVE-2003-1137
http://www.securityfocus.com/bid/8897
BID:8897
http://www.securityfocus.com/archive/1/342473
BUGTRAQ:20031027 sh-httpd `wildcard character' vulnerability
http://www.securityfocus.com/archive/1/342766
BUGTRAQ:20031028 Re: sh-httpd `wildcard character' vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/13519
XF:shtttpd-get-information-disclosure(13519)
CVE-2003-1138
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
2005-05-10
CVE-2003-1138
http://www.securityfocus.com/bid/8898
BID:8898
http://www.securityfocus.com/archive/1/342578
BUGTRAQ:20031027 Root Directory Listing on RH default apache
CVE-2003-1139
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.
2005-05-10
2017-07-10
CVE-2003-1139
http://www.securityfocus.com/bid/8899
BID:8899
http://www.securityfocus.com/archive/1/342476
BUGTRAQ:20031027 Musicqueue multiple local vulnerabilities
http://securitytracker.com/id?1008014
SECTRACK:1008014
http://secunia.com/advisories/10104
SECUNIA:10104
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html
VULNWATCH:20031027 Musicqueue multiple local vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/13520
XF:musicqueue-tmpfile-symlink(13520)
CVE-2003-1140
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
2005-05-10
2017-07-10
CVE-2003-1140
http://www.securityfocus.com/bid/8903
BID:8903
http://www.securityfocus.com/archive/1/342476
BUGTRAQ:20031027 Musicqueue multiple local vulnerabilities
http://securitytracker.com/id?1008014
SECTRACK:1008014
http://secunia.com/advisories/10104
SECUNIA:10104
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html
VULNWATCH:20031027 Musicqueue multiple local vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/13521
XF:musicqueue-getconf-bo(13521)
CVE-2003-1141
Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515.
2005-05-10
2017-07-10
CVE-2003-1141
http://www.securityfocus.com/bid/8968
BID:8968
http://www.securityfocus.com/archive/1/343318
BUGTRAQ:20031104 NIPrint remote exploit
http://www.securityfocus.com/archive/1/343257
BUGTRAQ:20031104 SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
http://www.osvdb.org/2774
OSVDB:2774
http://secunia.com/advisories/10143
SECUNIA:10143
https://exchange.xforce.ibmcloud.com/vulnerabilities/13591
XF:niprint-bo(13591)
CVE-2003-1142
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
2005-05-10
2017-07-10
CVE-2003-1142
http://www.securityfocus.com/bid/8969
BID:8969
http://www.securityfocus.com/archive/1/343258
BUGTRAQ:20031104 SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/13592
XF:niprint-helpapi-gain-privileges(13592)
CVE-2003-1143
Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter.
2005-05-10
2017-07-10
CVE-2003-1143
http://www.securityfocus.com/bid/8936
BID:8936
http://www.securityfocus.com/archive/1/342957
BUGTRAQ:20031030 Serious Sam is not so serious
http://aluigi.altervista.org/adv/ssboom-adv.txt
MISC:http://aluigi.altervista.org/adv/ssboom-adv.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/13618
XF:serioussam-games-packet-dos(13618)
CVE-2003-1144
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
2005-05-10
2017-07-10
CVE-2003-1144
http://www.securityfocus.com/bid/8971
BID:8971
http://www.securityfocus.com/archive/1/343322
BUGTRAQ:20031104 Liteserve Buffer Overflow in Handling Server's Log.
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013231.html
FULLDISC:20031103 Liteserve Buffer Overflow in Handling Server's Log
http://www.osvdb.org/2766
OSVDB:2766
http://securitytracker.com/id?1008093
SECTRACK:1008093
http://secunia.com/advisories/10136
SECUNIA:10136
https://exchange.xforce.ibmcloud.com/vulnerabilities/13599
XF:liteserve-log-entry-bo(13599)
CVE-2003-1145
Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
2005-05-10
2017-07-10
CVE-2003-1145
http://www.securityfocus.com/bid/8972
BID:8972
http://www.securityfocus.com/archive/1/343806
BUGTRAQ:20031107 OpenAutoClassifieds XSS attack
http://www.osvdb.org/2767
OSVDB:2767
http://secunia.com/advisories/10138
SECUNIA:10138
https://exchange.xforce.ibmcloud.com/vulnerabilities/13604
XF:openautoclassifieds-friendmail-xss(13604)
CVE-2003-1146
Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
2005-05-10
CVE-2003-1146
http://www.securityfocus.com/bid/8977
BID:8977
http://security.nnov.ru/docs5347.html
MISC:http://security.nnov.ru/docs5347.html
CVE-2003-1147
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0955. Reason: This candidate is a duplicate of CVE-2003-0955. Notes: All CVE users should reference CVE-2003-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-05-10
2005-11-02
CVE-2003-1147
CVE-2003-1148
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
2005-05-10
2017-07-10
CVE-2003-1148
http://www.securityfocus.com/bid/8902
BID:8902
http://archives.neohapsis.com/archives/bugtraq/2003-10/0262.html
BUGTRAQ:20031026 Les Visiteurs v2.0.1 code injection vulnerability
http://www.osvdb.org/2717
OSVDB:2717
http://www.osvdb.org/3586
OSVDB:3586
http://securitytracker.com/id?1008011
SECTRACK:1008011
http://securitytracker.com/id?1017065
SECTRACK:1017065
http://secunia.com/advisories/10079
SECUNIA:10079
https://exchange.xforce.ibmcloud.com/vulnerabilities/13529
XF:les-visiteurs-file-include(13529)
CVE-2003-1149
Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.
2005-05-10
2017-07-10
CVE-2003-1149
http://www.securityfocus.com/bid/8904
BID:8904
http://www.securityfocus.com/archive/1/342548
BUGTRAQ:20031027 Norton Internet Security 2003 XSS
http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html
http://www.osvdb.org/2714
OSVDB:2714
http://secunia.com/advisories/10067
SECUNIA:10067
https://exchange.xforce.ibmcloud.com/vulnerabilities/13528
XF:norton-is-blocked-xss(13528)
CVE-2003-1150
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
2005-05-10
2017-07-10
CVE-2003-1150
http://www.securityfocus.com/bid/8907
BID:8907
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm
http://secunia.com/advisories/10100
SECUNIA:10100
https://exchange.xforce.ibmcloud.com/vulnerabilities/13564
XF:novell-portmapper-bo(13564)
CVE-2003-1151
Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.
2005-05-10
2017-07-10
CVE-2003-1151
http://www.securityfocus.com/bid/8908
BID:8908
http://www.securityfocus.com/archive/1/342678
BUGTRAQ:20031028 Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability
http://www.osvdb.org/2732
OSVDB:2732
http://securitytracker.com/id?1008020
SECTRACK:1008020
http://secunia.com/advisories/10099
SECUNIA:10099
https://exchange.xforce.ibmcloud.com/vulnerabilities/13535
XF:fastream-nonexistent-url-xss(13535)
CVE-2003-1152
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
2005-05-10
2017-07-10
CVE-2003-1152
http://www.securityfocus.com/bid/8909
BID:8909
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012811.html
FULLDISC:20031028 STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability
http://www.osvdb.org/2719
OSVDB:2719
http://securitytracker.com/id?1008016
SECTRACK:1008016
http://secunia.com/advisories/10078
SECUNIA:10078
https://exchange.xforce.ibmcloud.com/vulnerabilities/13533
XF:webtide-file-disclosure(13533)
CVE-2003-1153
byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php.
2005-05-10
2017-07-10
CVE-2003-1153
http://www.securityfocus.com/bid/8910
BID:8910
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012801.html
FULLDISC:20031027 Bytehoard File Disclosure VUlnerability Sequel
http://www.osvdb.org/2700
OSVDB:2700
http://secunia.com/advisories/10082
SECUNIA:10082
https://exchange.xforce.ibmcloud.com/vulnerabilities/13531
XF:bytehoard-view-file(13531)
CVE-2003-1154
MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.
2005-05-10
2017-07-10
CVE-2003-1154
http://www.securityfocus.com/bid/8982
BID:8982
http://www.computerworld.co.nz/cw.nsf/0/BF9E8E6E2D313E5FCC256DD70016473F?OpenDocument&More=
MISC:http://www.computerworld.co.nz/cw.nsf/0/BF9E8E6E2D313E5FCC256DD70016473F?OpenDocument&More=
http://www.osvdb.org/2772
OSVDB:2772
http://secunia.com/advisories/10148
SECUNIA:10148
https://exchange.xforce.ibmcloud.com/vulnerabilities/13611
XF:mailsweeper-zip-virus-bypass(13611)
CVE-2003-1155
X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file.
2005-05-10
2017-07-10
CVE-2003-1155
http://www.securityfocus.com/bid/8983
BID:8983
http://www.xcdroast.org/xcdr098/changelog-a15.html
CONFIRM:http://www.xcdroast.org/xcdr098/changelog-a15.html
http://www.osvdb.org/2786
OSVDB:2786
http://securitytracker.com/id?1008094
SECTRACK:1008094
http://secunia.com/advisories/10162
SECUNIA:10162
https://exchange.xforce.ibmcloud.com/vulnerabilities/13612
XF:xcdroast-symlink(13612)
CVE-2003-1156
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
2005-05-10
2017-07-10
CVE-2003-1156
http://www.securityfocus.com/bid/8937
BID:8937
http://www.securityfocus.com/archive/1/343038
BUGTRAQ:20031031 Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers
https://exchange.xforce.ibmcloud.com/vulnerabilities/13570
XF:sun-jre-java-symlink(13570)
CVE-2003-1157
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
2005-05-10
2017-07-10
CVE-2003-1157
http://www.securityfocus.com/bid/27948
BID:27948
http://www.securityfocus.com/bid/8939
BID:8939
http://www.securityfocus.com/archive/1/343040
BUGTRAQ:20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting
http://www.osvdb.org/2762
OSVDB:2762
http://secunia.com/advisories/10127
SECUNIA:10127
https://exchange.xforce.ibmcloud.com/vulnerabilities/40782
XF:citrix-webmanager-login-xss(40782)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13569
XF:metaframe-error-message-xss(13569)
CVE-2003-1158
Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands.
2005-05-10
2017-07-10
CVE-2003-1158
http://www.securityfocus.com/bid/8667
BID:8667
http://archives.neohapsis.com/archives/bugtraq/2003-09/0275.html
BUGTRAQ:20030917 Denial Of Service in Plug & Play Web (FTP) Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/13219
XF:plugandplaywebserver-multiple-commands-dos(13219)
CVE-2003-1159
Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080.
2005-05-10
2017-07-10
CVE-2003-1159
http://www.securityfocus.com/bid/8941
BID:8941
http://archives.neohapsis.com/archives/bugtraq/2003-10/0343.html
BUGTRAQ:20031031 DoS in Plug and Play Web Server Proxy Server
http://www.osvdb.org/2764
OSVDB:2764
http://secunia.com/advisories/10131
SECUNIA:10131
https://exchange.xforce.ibmcloud.com/vulnerabilities/13572
XF:plugandplaywebserver-get-dos(13572)
CVE-2003-1160
FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
2005-05-10
2017-07-10
CVE-2003-1160
http://www.securityfocus.com/bid/8942
BID:8942
http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt
MISC:http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt
http://www.osvdb.org/2842
OSVDB:2842
http://securitytracker.com/id?1008049
SECTRACK:1008049
http://secunia.com/advisories/10132
SECUNIA:10132
https://exchange.xforce.ibmcloud.com/vulnerabilities/13567
XF:flexwatch-slash-admin-access(13567)
CVE-2003-1161
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
2005-05-10
CVE-2003-1161
http://www.securityfocus.com/bid/8987
BID:8987
http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0621.html
MLIST:[linux-kernel] 20031105 BK2CVS problem
http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0627.html
MLIST:[linux-kernel] 20031105 Re: BK2CVS problem
http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0630.html
MLIST:[linux-kernel] 20031105 Re: BK2CVS problem
CVE-2003-1162
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.
2005-05-10
2017-07-10
CVE-2003-1162
http://www.securityfocus.com/bid/8944
BID:8944
http://archives.neohapsis.com/archives/bugtraq/2003-10/0348.html
BUGTRAQ:20031031 Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads
http://www.osvdb.org/2770
OSVDB:2770
http://secunia.com/advisories/10135
SECUNIA:10135
https://exchange.xforce.ibmcloud.com/vulnerabilities/13587
XF:tritanium-threadid-view-messages(13587)
CVE-2003-1163
hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.
2005-05-10
2017-07-10
CVE-2003-1163
http://www.securityfocus.com/bid/8988
BID:8988
http://www.securityfocus.com/archive/1/343689
BUGTRAQ:20031106 DoS for Ganglia
http://ganglia.sourceforge.net/
CONFIRM:http://ganglia.sourceforge.net/
http://www.osvdb.org/2787
OSVDB:2787
http://secunia.com/advisories/10166
SECUNIA:10166
https://exchange.xforce.ibmcloud.com/vulnerabilities/13631
XF:ganglia-gmond-dos(13631)
CVE-2003-1164
Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.
2005-05-10
2017-07-10
CVE-2003-1164
http://www.securityfocus.com/bid/8946
BID:8946
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/013070.html
FULLDISC:20031031 XSS In mldonkey - But....
http://secunia.com/advisories/10134
SECUNIA:10134
https://exchange.xforce.ibmcloud.com/vulnerabilities/13615
XF:mldonkey-xss(13615)
CVE-2003-1165
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
2005-05-10
2017-07-10
CVE-2003-1165
http://www.securityfocus.com/bid/8947
BID:8947
http://www.securityfocus.com/archive/1/343111
BUGTRAQ:20031101 BRS WebWeaver 1.06 remote DoS vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/13571
XF:brswebweaver-useragent-bo(13571)
CVE-2003-1166
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
2005-05-10
2017-07-10
CVE-2003-1166
http://www.securityfocus.com/bid/8948
BID:8948
http://www.http-com.com/Default.asp?section=Features
CONFIRM:http://www.http-com.com/Default.asp?section=Features
http://www.osvdb.org/2780
OSVDB:2780
http://secunia.com/advisories/10125
SECUNIA:10125
https://exchange.xforce.ibmcloud.com/vulnerabilities/13622
XF:http-commander-directory-traversal(13622)
CVE-2003-1167
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
2005-05-10
2017-07-10
CVE-2003-1167
http://www.securityfocus.com/bid/8915
BID:8915
http://www.securityfocus.com/archive/1/342736
BUGTRAQ:20031028 Local root vuln in kpopup
http://www.osvdb.org/2742
OSVDB:2742
http://secunia.com/advisories/10105
SECUNIA:10105
https://exchange.xforce.ibmcloud.com/vulnerabilities/13540
XF:kpopup-systemcall-execute-code(13540)
CVE-2003-1168
HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.
2005-05-10
2005-05-25
CVE-2003-1168
http://www.securityfocus.com/bid/8949
BID:8949
http://secunia.com/advisories/10125
SECUNIA:10125
CVE-2003-1169
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
2005-05-10
2017-07-10
CVE-2003-1169
http://www.securityfocus.com/bid/8950
BID:8950
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.html
FULLDISC:20031101 DATEV Nutzungskontrolle Bypassing (REG)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13589
XF:nutzungskontrolle-registry-security-bypass(13589)
CVE-2003-1170
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.
2005-05-10
CVE-2003-1170
http://www.securityfocus.com/bid/8918
BID:8918
http://www.securityfocus.com/archive/1/342736
BUGTRAQ:20031028 Local root vuln in kpopup
http://www.osvdb.org/3290
OSVDB:3290
http://secunia.com/advisories/10105
SECUNIA:10105
CVE-2003-1171
Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
2005-05-10
2017-07-10
CVE-2003-1171
http://www.securityfocus.com/bid/8919
BID:8919
http://www.securityfocus.com/archive/1/342767
BUGTRAQ:20031028 mod_security 1.7RC1 to 1.7.1 vulnerability
http://www.modsecurity.org/download/CHANGES
CONFIRM:http://www.modsecurity.org/download/CHANGES
http://adsystems.com.pl/adg-mod_security171.txt
MISC:http://adsystems.com.pl/adg-mod_security171.txt
http://securitytracker.com/id?1008025
SECTRACK:1008025
http://secunia.com/advisories/10085
SECUNIA:10085
https://exchange.xforce.ibmcloud.com/vulnerabilities/13543
XF:mod-security-secfilterout-bo(13543)
CVE-2003-1172
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
2005-05-10
2017-07-10
CVE-2003-1172
http://www.securityfocus.com/bid/8883
BID:8883
http://issues.apache.org/bugzilla/show_bug.cgi?id=23949
CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=23949
http://www.securiteam.com/securitynews/6W00L0U8KC.html
MISC:http://www.securiteam.com/securitynews/6W00L0U8KC.html
http://www.osvdb.org/2749
OSVDB:2749
http://securitytracker.com/id?1007993
SECTRACK:1007993
http://secunia.com/advisories/10064
SECUNIA:10064
https://exchange.xforce.ibmcloud.com/vulnerabilities/13499
XF:apachecocoon-directory-traversal-bootini(13499)
CVE-2003-1173
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
2005-05-10
2017-07-10
CVE-2003-1173
http://www.securityfocus.com/bid/8920
BID:8920
http://www.securityfocus.com/archive/1/342765
BUGTRAQ:20031028 FirstClass 7.1 HTTP Server: Remote Directory Listing
http://www.securityfocus.com/archive/1/342909
BUGTRAQ:20031030 Re: FirstClass 7.1 HTTP Server: Remote Directory Listing
http://www.osvdb.org/2723
OSVDB:2723
http://secunia.com/advisories/10084
SECUNIA:10084
https://exchange.xforce.ibmcloud.com/vulnerabilities/13546
XF:firstclass-view-unauthorized-files(13546)
CVE-2003-1174
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
2005-05-10
2017-07-10
CVE-2003-1174
http://www.securityfocus.com/bid/8954
BID:8954
http://www.securityfocus.com/archive/1/343177
BUGTRAQ:20031102 ShoutCast server 1.9.2/win32
http://www.osvdb.org/2776
OSVDB:2776
http://securitytracker.com/id?1008080
SECTRACK:1008080
http://secunia.com/advisories/10146
SECUNIA:10146
https://exchange.xforce.ibmcloud.com/vulnerabilities/13586
XF:shoutcast-long-icy-dos(13586)
CVE-2003-1175
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
2005-05-10
2017-07-10
CVE-2003-1175
http://www.securityfocus.com/bid/8956
BID:8956
http://sourceforge.net/tracker/index.php?func=detail&aid=834374&group_id=64442&atid=507493
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=834374&group_id=64442&atid=507493
http://www.osvdb.org/2790
OSVDB:2790
http://secunia.com/advisories/10165
SECUNIA:10165
https://exchange.xforce.ibmcloud.com/vulnerabilities/13630
XF:sympoll-indexphp-xss(13630)
CVE-2003-1176
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
2005-05-10
2017-07-10
CVE-2003-1176
http://www.securityfocus.com/bid/8957
BID:8957
http://www.securityfocus.com/archive/1/343175
BUGTRAQ:20031102 Unauthorized access in Web Wiz Forum
http://www.securityfocus.com/archive/1/343314
BUGTRAQ:20031104 Re: Unauthorized access in Web Wiz Forum
http://www.osvdb.org/2768
OSVDB:2768
http://securitytracker.com/id?1008100
SECTRACK:1008100
http://secunia.com/advisories/10137
SECUNIA:10137
https://exchange.xforce.ibmcloud.com/vulnerabilities/13581
XF:webwizforums-quotemode-message-access(13581)
CVE-2003-1177
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.
2005-05-10
2017-07-10
CVE-2003-1177
http://www.securityfocus.com/bid/8861
BID:8861
http://www.securityfocus.com/bid/8889
BID:8889
http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html
CONFIRM:http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html
http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html
FULLDISC:20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below
http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html
MISC:http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html
http://www.osvdb.org/2688
OSVDB:2688
http://secunia.com/advisories/10038
SECUNIA:10038
https://exchange.xforce.ibmcloud.com/vulnerabilities/13468
XF:mercur-auth-command-dos(13468)
CVE-2003-1178
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.
2005-05-10
2018-10-19
CVE-2003-1178
http://www.securityfocus.com/bid/8890
BID:8890
http://www.securityfocus.com/archive/1/342493
BUGTRAQ:20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
http://www.securityfocus.com/archive/1/448007/100/0/threaded
BUGTRAQ:20061008 Advanced Poll v2.02 :) <= Remote File Inclusion
http://www.osvdb.org/2743
OSVDB:2743
http://secunia.com/advisories/10068
SECUNIA:10068
http://attrition.org/pipermail/vim/2006-October/001080.html
VIM:Advanced Poll v2.02 :) <= Remote File Inclusion
https://exchange.xforce.ibmcloud.com/vulnerabilities/29396
XF:advanced-poll-comments-file-include(29396)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13513
XF:advancedpoll-php-injection(13513)
CVE-2003-1179
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
2005-05-10
2018-10-19
CVE-2003-1179
http://www.securityfocus.com/bid/19105
BID:19105
http://www.securityfocus.com/bid/8890
BID:8890
http://www.securityfocus.com/archive/1/342493
BUGTRAQ:20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
http://www.securityfocus.com/archive/1/440780/100/0/threaded
BUGTRAQ:20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion
http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt
MISC:http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt
http://www.solpotcrew.org/adv/solpot-adv-02.txt
MISC:http://www.solpotcrew.org/adv/solpot-adv-02.txt
http://www.osvdb.org/28988
OSVDB:28988
http://www.osvdb.org/3291
OSVDB:3291
http://secunia.com/advisories/10068
SECUNIA:10068
https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
XF:advancedpoll-php-file-include(13514)
CVE-2003-1180
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
2005-05-10
2017-07-10
CVE-2003-1180
http://www.securityfocus.com/bid/8890
BID:8890
http://www.securityfocus.com/archive/1/342493
BUGTRAQ:20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
http://www.osvdb.org/3291
OSVDB:3291
http://secunia.com/advisories/10068
SECUNIA:10068
https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
XF:advancedpoll-php-file-include(13514)
CVE-2003-1181
Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.
2005-05-10
2017-07-10
CVE-2003-1181
http://www.securityfocus.com/bid/8890
BID:8890
http://www.securityfocus.com/archive/1/342493
BUGTRAQ:20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
http://www.osvdb.org/3292
OSVDB:3292
http://secunia.com/advisories/10068
SECUNIA:10068
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html
VULNWATCH:20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
https://exchange.xforce.ibmcloud.com/vulnerabilities/13515
XF:advancedpoll-phpinfo-obtain-information(13515)
CVE-2003-1182
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
2005-05-10
2017-07-10
CVE-2003-1182
http://www.securityfocus.com/bid/8958
BID:8958
http://www.osvdb.org/2754
OSVDB:2754
http://secunia.com/advisories/10122
SECUNIA:10122
https://exchange.xforce.ibmcloud.com/vulnerabilities/13575
XF:mpmguestbook-ing-xss(13575)
CVE-2003-1183
The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.
2005-05-10
2017-07-10
CVE-2003-1183
http://www.securityfocus.com/bid/8923
BID:8923
http://www.oracle.com/technology/deploy/security/pdf/2003alert60.pdf
CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/2003alert60.pdf
http://www.osvdb.org/2727
OSVDB:2727
http://secunia.com/advisories/10088
SECUNIA:10088
https://exchange.xforce.ibmcloud.com/vulnerabilities/13545
XF:oraclecollaborationsuite-file-access(13545)
CVE-2003-1184
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."
2005-05-10
2017-07-10
CVE-2003-1184
http://www.securityfocus.com/bid/8959
BID:8959
http://sourceforge.net/project/shownotes.php?release_id=195009
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=195009
http://www.osvdb.org/3077
OSVDB:3077
http://www.osvdb.org/4825
OSVDB:4825
http://www.osvdb.org/4826
OSVDB:4826
http://www.osvdb.org/4827
OSVDB:4827
http://www.osvdb.org/4828
OSVDB:4828
http://www.osvdb.org/4829
OSVDB:4829
http://secunia.com/advisories/10120
SECUNIA:10120
https://exchange.xforce.ibmcloud.com/vulnerabilities/13582
XF:thwboard-multiple-fields-xss(13582)
CVE-2003-1185
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
2005-05-10
2017-07-10
CVE-2003-1185
http://www.securityfocus.com/bid/8961
BID:8961
http://sourceforge.net/project/shownotes.php?release_id=195009
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=195009
http://www.osvdb.org/2758
OSVDB:2758
http://www.osvdb.org/4838
OSVDB:4838
http://www.osvdb.org/4840
OSVDB:4840
http://www.osvdb.org/4841
OSVDB:4841
http://secunia.com/advisories/10120
SECUNIA:10120
https://exchange.xforce.ibmcloud.com/vulnerabilities/13583
XF:thwboard-multiple-sql-injection(13583)
CVE-2003-1186
Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.
2005-05-10
2017-07-10
CVE-2003-1186
http://www.securityfocus.com/bid/8925
BID:8925
http://www.securityfocus.com/archive/1/342785
BUGTRAQ:20031029 TelCondex SimpleWebserver Buffer Overflow
http://www.osvdb.org/10101
OSVDB:10101
https://exchange.xforce.ibmcloud.com/vulnerabilities/13549
XF:simplewebserver-referer-bo(13549)
CVE-2003-1187
Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.
2005-05-10
2017-07-10
CVE-2003-1187
http://www.securityfocus.com/bid/8960
BID:8960
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013139.html
FULLDISC:20031102 [bWM#017] Cross-Site-Scripting @ PHPKIT
http://badwebmasters.net/advisory/017/
MISC:http://badwebmasters.net/advisory/017/
https://exchange.xforce.ibmcloud.com/vulnerabilities/13590
XF:phpkit-include-xss(13590)
CVE-2003-1188
Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit.
2005-05-10
2017-07-10
CVE-2003-1188
http://www.securityfocus.com/bid/8962
BID:8962
http://www.securityfocus.com/archive/1/343182
BUGTRAQ:20031102 Unichat Vulnerabilities
http://www.osvdb.org/2844
OSVDB:2844
http://secunia.com/advisories/10163
SECUNIA:10163
https://exchange.xforce.ibmcloud.com/vulnerabilities/13610
XF:unichat-nonalphanumeric-character-dos(13610)
CVE-2003-1189
Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.
2005-05-10
2017-07-10
CVE-2003-1189
http://www.securityfocus.com/bid/8928
BID:8928
http://www.osvdb.org/2724
OSVDB:2724
http://securitytracker.com/id?1007992
SECTRACK:1007992
http://secunia.com/advisories/10083
SECUNIA:10083
https://exchange.xforce.ibmcloud.com/vulnerabilities/13539
XF:nokia-ipso-ipcluster-dos(13539)
CVE-2003-1190
Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe.
2005-05-10
2017-07-10
CVE-2003-1190
http://www.securityfocus.com/bid/8963
BID:8963
http://sourceforge.net/project/shownotes.php?release_id=193940
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=193940
http://www.osvdb.org/2755
OSVDB:2755
http://secunia.com/advisories/10109
SECUNIA:10109
https://exchange.xforce.ibmcloud.com/vulnerabilities/13574
XF:phprecipebook-recipe-xss(13574)
CVE-2003-1191
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
2005-05-10
2017-07-10
CVE-2003-1191
http://www.securityfocus.com/bid/8930
BID:8930
http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html
BUGTRAQ:20031029 E107 DoS vulnerability
http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21
MISC:http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21
http://www.osvdb.org/2753
OSVDB:2753
http://secunia.com/advisories/10115
SECUNIA:10115
https://exchange.xforce.ibmcloud.com/vulnerabilities/13553
XF:e107chatboxdos(13553)
CVE-2003-1192
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
2005-05-10
2017-07-10
CVE-2003-1192
http://www.securityfocus.com/bid/8965
BID:8965
http://www.elitehaven.net/iawebmail.txt
MISC:http://www.elitehaven.net/iawebmail.txt
http://www.securiteam.com/windowsntfocus/6B002158UQ.html
MISC:http://www.securiteam.com/windowsntfocus/6B002158UQ.html
http://www.osvdb.org/2757
OSVDB:2757
http://securitytracker.com/id?1008075
SECTRACK:1008075
http://secunia.com/advisories/10107
SECUNIA:10107
http://www.derkeiler.com/Mailing-Lists/VulnWatch/2003-11/0001.html
VULNWATCH:20031103 IA WebMail Server 3.x Buffer Overflow Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/13580
XF:iawebmailserver-get-bo(13580)
CVE-2003-1193
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
2005-05-10
2017-07-10
CVE-2003-1193
http://www.securityfocus.com/bid/8966
BID:8966
http://www.securityfocus.com/archive/1/343520
BUGTRAQ:20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)
http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13593
XF:oracle-portal-sql-injection(13593)
CVE-2003-1194
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
2005-05-10
2017-07-10
CVE-2003-1194
http://www.securityfocus.com/bid/8932
BID:8932
http://sourceforge.net/project/shownotes.php?release_id=193878
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=193878
http://securitytracker.com/id?1008056
SECTRACK:1008056
http://secunia.com/advisories/10110
SECUNIA:10110
https://exchange.xforce.ibmcloud.com/vulnerabilities/13557
XF:booby-error-message-xss(13557)
CVE-2003-1195
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable.
2005-05-10
2017-07-10
CVE-2003-1195
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014065.html
FULLDISC:20031123 VieNuke VieBoard SQL Injection Vulnerability... again
http://www.osvdb.org/4606
OSVDB:4606
https://exchange.xforce.ibmcloud.com/vulnerabilities/13819
XF:vieboard-getmember-sql-injection(13819)
CVE-2003-1196
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
2005-05-10
2017-07-10
CVE-2003-1196
http://www.securityfocus.com/bid/8967
BID:8967
http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1
CONFIRM:http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1
http://www.osvdb.org/2789
OSVDB:2789
https://exchange.xforce.ibmcloud.com/vulnerabilities/13629
XF:vieboard-viewtopic-sql-injection(13629)
CVE-2003-1197
Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
2005-05-10
2017-07-10
CVE-2003-1197
http://www.securityfocus.com/bid/8934
BID:8934
http://www.securityfocus.com/archive/1/342913
BUGTRAQ:20031030 Multiple Vulnerabilities in Led-Forums
http://secunia.com/advisories/10113
SECUNIA:10113
https://exchange.xforce.ibmcloud.com/vulnerabilities/13562
XF:ledforums-indexphp-xss(13562)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13563
XF:ledforums-topicfield-redirect(13563)
CVE-2003-1198
connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field.
2005-05-10
2017-07-10
CVE-2003-1198
http://www.securityfocus.com/bid/9345
BID:9345
http://freshmeat.net/redir/cherokee/20646/url_changelog/ChangeLog
CONFIRM:http://freshmeat.net/redir/cherokee/20646/url_changelog/ChangeLog
http://www.osvdb.org/3306
OSVDB:3306
http://secunia.com/advisories/10518
SECUNIA:10518
https://exchange.xforce.ibmcloud.com/vulnerabilities/14119
XF:cherokee-post-request-dos(14119)
CVE-2003-1199
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
2005-05-10
2017-07-10
CVE-2003-1199
http://www.securityfocus.com/bid/9846
BID:9846
http://marc.info/?l=bugtraq&m=107902444305344&w=2
BUGTRAQ:20030311 XSS in MyProxy 20030629
http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt
CONFIRM:http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt
http://www.osvdb.org/4202
OSVDB:4202
http://secunia.com/advisories/11090
SECUNIA:11090
https://exchange.xforce.ibmcloud.com/vulnerabilities/15438
XF:myproxy-xss(15438)
CVE-2003-1200
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
2005-05-10
2017-07-10
CVE-2003-1200
http://www.securityfocus.com/bid/9317
BID:9317
http://www.securityfocus.com/archive/1/348454
BUGTRAQ:20031229 [Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler
http://marc.info/?l=bugtraq&m=107936753929354&w=2
BUGTRAQ:20040314 Rosiello Security's exploit for MDaemon
http://hat-squad.com/bugreport/mdaemon-raw.txt
MISC:http://hat-squad.com/bugreport/mdaemon-raw.txt
http://www.osvdb.org/3255
OSVDB:3255
http://secunia.com/advisories/10512
SECUNIA:10512
https://exchange.xforce.ibmcloud.com/vulnerabilities/14097
XF:mdaemon-form2raw-from-bo(14097)
CVE-2003-1201
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
2005-05-10
2017-07-10
CVE-2003-1201
http://www.securityfocus.com/bid/7656
BID:7656
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685
CONECTIVA:CLSA-2003:685
http://www.openldap.org/its/index.cgi?findid=2390
CONFIRM:http://www.openldap.org/its/index.cgi?findid=2390
http://security.gentoo.org/glsa/glsa-200403-12.xml
GENTOO:GLSA-200403-12
http://www.osvdb.org/17000
OSVDB:17000
http://secunia.com/advisories/11261
SECUNIA:11261
http://secunia.com/advisories/9203
SECUNIA:9203
https://exchange.xforce.ibmcloud.com/vulnerabilities/12520
XF:openldap-back-ldbm-dos(12520)
CVE-2003-1202
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
2005-05-10
2017-07-10
CVE-2003-1202
http://www.securityfocus.com/bid/8451
BID:8451
http://marc.info/?l=bugtraq&m=106149679129042&w=2
BUGTRAQ:20030821 Re: Remote Execution of Commands in Omail Webmail 0.98.4 and earlier
http://marc.info/?l=bugtraq&m=106132514828641&w=2
BUGTRAQ:20030821 Remote Execution of Commands in Omail Webmail 0.98.4 and earlier
http://secunia.com/advisories/9585
SECUNIA:9585
https://exchange.xforce.ibmcloud.com/vulnerabilities/12948
XF:omailwebmail-checklogin-code-execution(12948)
CVE-2003-1203
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
2005-05-19
2017-07-10
CVE-2003-1203
http://www.securityfocus.com/bid/7135
BID:7135
http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html
BUGTRAQ:20030318 Some XSS vulns
https://exchange.xforce.ibmcloud.com/vulnerabilities/11601
XF:mambo-option-index-xss(11601)
CVE-2003-1204
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
2005-05-19
2017-07-10
CVE-2003-1204
http://www.securityfocus.com/bid/6571
BID:6571
http://www.securityfocus.com/archive/1/306206
BUGTRAQ:20030110 Mambo Site Server Remote Code Execution
http://www.osvdb.org/7495
OSVDB:7495
http://www.osvdb.org/7496
OSVDB:7496
http://www.osvdb.org/7497
OSVDB:7497
http://www.osvdb.org/7498
OSVDB:7498
http://www.osvdb.org/7499
OSVDB:7499
http://www.osvdb.org/7500
OSVDB:7500
http://www.osvdb.org/7501
OSVDB:7501
http://www.osvdb.org/7502
OSVDB:7502
http://www.osvdb.org/7503
OSVDB:7503
http://www.osvdb.org/7504
OSVDB:7504
http://www.osvdb.org/7505
OSVDB:7505
https://exchange.xforce.ibmcloud.com/vulnerabilities/11050
XF:mambo-multiple-scripts-xss(11050)
CVE-2003-1205
Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name.
2005-05-19
2017-07-10
CVE-2003-1205
http://marc.info/?l=bugtraq&m=106019292611151&w=2
BUGTRAQ:20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1
http://www.crob.net/studio/ftpserver/
MISC:http://www.crob.net/studio/ftpserver/
http://www.osvdb.org/2378
OSVDB:2378
http://secunia.com/advisories/9467
SECUNIA:9467
https://exchange.xforce.ibmcloud.com/vulnerabilities/12838
XF:crob-rename-file-dos(12838)
CVE-2003-1206
Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir.
2005-05-19
2017-07-10
CVE-2003-1206
http://marc.info/?l=bugtraq&m=106019292611151&w=2
BUGTRAQ:20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-08/0087.html
BUGTRAQ:20030807 Re: DoS Vulnerabilities in Crob FTP Server 2.60.1
http://www.crob.net/studio/ftpserver/
MISC:http://www.crob.net/studio/ftpserver/
http://secunia.com/advisories/8929
SECUNIA:8929
https://exchange.xforce.ibmcloud.com/vulnerabilities/12834
XF:crob-login-dos(12834)
CVE-2003-1207
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.
2005-05-19
2017-07-10
CVE-2003-1207
http://www.securityfocus.com/bid/9549
BID:9549
http://www.securityfocus.com/archive/1/352329
BUGTRAQ:20040201 Vulnerabilities in Crob FTP Server V3.5.1
http://securitytracker.com/id?1008908
SECTRACK:1008908
http://secunia.com/advisories/10778
SECUNIA:10778
https://exchange.xforce.ibmcloud.com/vulnerabilities/15105
XF:crob-dir-dos(15105)
CVE-2003-1208
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
2005-05-19
2017-07-10
CVE-2003-1208
http://www.securityfocus.com/bid/9587
BID:9587
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html
BUGTRAQ:20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow
http://www.kb.cert.org/vuls/id/240174
CERT-VN:VU#240174
http://www.kb.cert.org/vuls/id/399806
CERT-VN:VU#399806
http://www.kb.cert.org/vuls/id/819126
CERT-VN:VU#819126
http://www.kb.cert.org/vuls/id/846582
CERT-VN:VU#846582
http://www.ciac.org/ciac/bulletins/o-093.shtml
CIAC:O-093
http://www.nextgenss.com/advisories/ora_from_tz.txt
MISC:http://www.nextgenss.com/advisories/ora_from_tz.txt
http://www.nextgenss.com/advisories/ora_numtodsinterval.txt
MISC:http://www.nextgenss.com/advisories/ora_numtodsinterval.txt
http://www.nextgenss.com/advisories/ora_numtoyminterval.txt
MISC:http://www.nextgenss.com/advisories/ora_numtoyminterval.txt
http://www.nextgenss.com/advisories/ora_time_zone.txt
MISC:http://www.nextgenss.com/advisories/ora_time_zone.txt
http://www.osvdb.org/3837
OSVDB:3837
http://www.osvdb.org/3838
OSVDB:3838
http://www.osvdb.org/3839
OSVDB:3839
http://www.osvdb.org/3840
OSVDB:3840
http://secunia.com/advisories/10805
SECUNIA:10805
https://exchange.xforce.ibmcloud.com/vulnerabilities/15060
XF:oracle-multiple-function-bo(15060)
CVE-2003-1209
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.
2005-05-19
2017-07-10
CVE-2003-1209
http://www.securityfocus.com/bid/7201
BID:7201
http://monkeyd.sourceforge.net/Changelog.txt
CONFIRM:http://monkeyd.sourceforge.net/Changelog.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/11650
XF:monkey-content-type-dos(11650)
CVE-2003-1210
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
2005-05-19
2017-07-10
CVE-2003-1210
http://www.securityfocus.com/bid/7588
BID:7588
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
BUGTRAQ:20030513 More and More SQL injection on PHP-Nuke 6.5.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984
XF:phpnuke-multiple-sql-injection(11984)
CVE-2003-1211
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
2005-05-19
2017-07-10
CVE-2003-1211
http://www.securityfocus.com/bid/7837
BID:7837
http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html
BUGTRAQ:20030606 Critical Vulnerabilities In Max Web Portal
http://www.osvdb.org/3281
OSVDB:3281
http://secunia.com/advisories/8979
SECUNIA:8979
https://exchange.xforce.ibmcloud.com/vulnerabilities/12277
XF:maxwebportal-search-xss(12277)
CVE-2003-1212
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
2005-05-19
2017-07-10
CVE-2003-1212
http://www.securityfocus.com/bid/7837
BID:7837
http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html
BUGTRAQ:20030606 Critical Vulnerabilities In Max Web Portal
http://www.osvdb.org/4933
OSVDB:4933
http://secunia.com/advisories/8979
SECUNIA:8979
https://exchange.xforce.ibmcloud.com/vulnerabilities/12278
XF:maxwebportal-form-field-modify(12278)
CVE-2003-1213
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
2005-05-19
2017-07-10
CVE-2003-1213
http://www.securityfocus.com/bid/7837
BID:7837
http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html
BUGTRAQ:20030606 Critical Vulnerabilities In Max Web Portal
http://secunia.com/advisories/8979
SECUNIA:8979
https://exchange.xforce.ibmcloud.com/vulnerabilities/12279
XF:maxwebportal-database-access(12279)
CVE-2003-1214
Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions.
2005-05-19
2017-07-10
CVE-2003-1214
http://www.ezcontents.org/forum/viewtopic.php?t=361
CONFIRM:http://www.ezcontents.org/forum/viewtopic.php?t=361
http://secunia.com/advisories/10839
SECUNIA:10839
https://exchange.xforce.ibmcloud.com/vulnerabilities/15136
XF:ezcontents-login-bypass(15136)
CVE-2003-1215
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
2005-05-27
2017-07-10
CVE-2003-1215
http://www.securityfocus.com/bid/9314
BID:9314
http://marc.info/?l=bugtraq&m=107273069130885&w=2
BUGTRAQ:20031229 SQL Injection in phpBB's groupcp.php
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943
CONFIRM:http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943
https://exchange.xforce.ibmcloud.com/vulnerabilities/14096
XF:phpbb-groupcp-sql-injection(14096)
CVE-2003-1216
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
2005-05-27
2017-07-10
CVE-2003-1216
http://www.securityfocus.com/bid/9122
BID:9122
http://marc.info/?l=bugtraq&m=106997132425576&w=2
BUGTRAQ:20031127 phpBB 2.06 search.php SQL injection
http://marc.info/?l=bugtraq&m=107005608726609&w=2
BUGTRAQ:20031128 [Hat-Squad] phpBB search_id injection exploit
http://marc.info/?l=bugtraq&m=107196735102970&w=2
BUGTRAQ:20031220 phpBB v2.06 search_id sql injection exploit
http://www.phpbb.com/phpBB/viewtopic.php?t=153818
CONFIRM:http://www.phpbb.com/phpBB/viewtopic.php?t=153818
https://exchange.xforce.ibmcloud.com/vulnerabilities/13867
XF:phpbb-searchphp-sql-injection(13867)
CVE-2003-1217
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-1217
CVE-2003-1218
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none.
2017-05-11
2017-05-11
CVE-2003-1218
CVE-2003-1219
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.
2005-08-04
2012-12-13
CVE-2003-1219
http://www.securityfocus.com/bid/9238
BID:9238
http://www.securityfocus.com/archive/1/347831
BUGTRAQ:20031217 osCommerce Malformed Session ID XSS Vuln
http://www.oscommerce.com/community/bugs,1546
CONFIRM:http://www.oscommerce.com/community/bugs,1546
http://osdir.com/ml/web.oscommerce.cvs/2003-12/msg00024.html
MLIST:[tep-commits] 20031217 [TEP-COMMIT] CVS: catalog/catalog/includes/functions html_output.php,1.58,1.59
CVE-2003-1220
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
2005-08-16
2006-04-04
CVE-2003-1220
http://dev2dev.bea.com/pub/advisory/25
BEA:BEA03-39.00
http://www.securityfocus.com/bid/9034
BID:9034
CVE-2003-1221
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
2005-08-16
2006-04-04
CVE-2003-1221
http://dev2dev.bea.com/pub/advisory/32
BEA:BEA03-40.00
http://www.securityfocus.com/bid/9034
BID:9034
CVE-2003-1222
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
2005-08-16
2006-04-04
CVE-2003-1222
http://dev2dev.bea.com/pub/advisory/63
BEA:BEA03-41.00
http://www.securityfocus.com/bid/9034
BID:9034
CVE-2003-1223
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
2005-08-16
2006-04-04
CVE-2003-1223
http://dev2dev.bea.com/pub/advisory/48
BEA:BEA03-42.00
http://www.securityfocus.com/bid/9034
BID:9034
CVE-2003-1224
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
2005-08-16
2005-08-19
CVE-2003-1224
http://dev2dev.bea.com/pub/advisory/22
BEA:BEA03-30.00
http://www.securityfocus.com/bid/7563
BID:7563
CVE-2003-1225
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
2005-08-16
2006-04-04
CVE-2003-1225
http://dev2dev.bea.com/pub/advisory/22
BEA:BEA03-30.00
http://www.securityfocus.com/bid/7563
BID:7563
CVE-2003-1226
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
2005-08-16
2006-04-04
CVE-2003-1226
http://dev2dev.bea.com/pub/advisory/22
BEA:BEA03-30.00
http://www.securityfocus.com/bid/7563
BID:7563
http://www.securityfocus.com/bid/7587
BID:7587
CVE-2003-1227
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
2005-08-16
2017-07-10
CVE-2003-1227
http://www.securityfocus.com/bid/8814
BID:8814
http://www.securityfocus.com/archive/1/341044
BUGTRAQ:20031011 Gallery 1.4 including file vulnerability
http://www.securityfocus.com/archive/1/341094
BUGTRAQ:20031011 RE: Gallery 1.4 including file vulnerability
http://www.securityfocus.com/archive/1/341098
BUGTRAQ:20031012 Re: Gallery 1.4 including file vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/13419
XF:gallery-indexphp-file-include(13419)
CVE-2003-1228
Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path.
2005-08-16
2017-07-10
CVE-2003-1228
http://www.securityfocus.com/bid/9871
BID:9871
http://marc.info/?l=bugtraq&m=107064887507504&w=2
BUGTRAQ:20031205 [Fwd: Security Alert; possible buffer overflow in all Mathopd versions]
http://marc.info/?l=bugtraq&m=107090601705839&w=2
BUGTRAQ:20031208 Re: [Fwd: Security Alert; possible buffer overflow in all Mathopd
http://www.securiteam.com/unixfocus/5FP0C1FCAW.html
MISC:http://www.securiteam.com/unixfocus/5FP0C1FCAW.html
http://secunia.com/advisories/10385/
SECUNIA:10385
https://exchange.xforce.ibmcloud.com/vulnerabilities/15474
XF:mathopd-preparereply-bo(15474)
CVE-2003-1229
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
2005-08-17
2017-10-09
CVE-2003-1229
http://www.securityfocus.com/bid/6682
BID:6682
http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html
BUGTRAQ:20030128 Incorrect Certificate Validation in Java Secure Socket Extension
http://java.sun.com/products/jsse/CHANGES.txt
CONFIRM:http://java.sun.com/products/jsse/CHANGES.txt
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239
HP:HPSBUX0301-239
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883
OVAL:oval:org.mitre.oval:def:5883
http://www.securitytracker.com/id?1006001
SECTRACK:1006001
http://securitytracker.com/id?1006007
SECTRACK:1006007
http://securitytracker.com/id?1007483
SECTRACK:1007483
http://secunia.com/advisories/7943
SECUNIA:7943
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1
SUNALERT:50081
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182
XF:sun-java-improper-validation(11182)
CVE-2003-1230
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
2005-08-17
2017-07-10
CVE-2003-1230
http://www.securityfocus.com/bid/6920
BID:6920
http://www.securityfocus.com/advisories/5013
FREEBSD:FreeBSD-SA-03:03
http://www.osvdb.org/19785
OSVDB:19785
http://secunia.com/advisories/8142/
SECUNIA:8142
https://exchange.xforce.ibmcloud.com/vulnerabilities/11397
XF:freebsd-syncookie-brute-force(11397)
CVE-2003-1231
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
2005-08-19
2017-07-10
CVE-2003-1231
http://www.securityfocus.com/bid/9244
BID:9244
http://www.securiteam.com/unixfocus/6D00F2A95C.html
MISC:http://www.securiteam.com/unixfocus/6D00F2A95C.html
http://securitytracker.com/id?1008522
SECTRACK:1008522
http://secunia.com/advisories/10458
SECUNIA:10458
https://exchange.xforce.ibmcloud.com/vulnerabilities/14032
XF:ecwshop-cat-xss(14032)
CVE-2003-1232
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
2005-09-26
2006-02-02
CVE-2003-1232
http://www.securityfocus.com/bid/15375
BID:15375
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183
FULLDISC:20030519 emacs 21.3 fixes security bugs
http://www.mandriva.com/security/advisories?name=MDKSA-2005:208
MANDRIVA:MDKSA-2005:208
http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f
MISC:http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f
http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html
MISC:http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html
http://secunia.com/advisories/17496
SECUNIA:17496
CVE-2003-1233
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
2005-10-28
2017-07-10
CVE-2003-1233
http://www.securityfocus.com/bid/6511
BID:6511
http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.html
BUGTRAQ:20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)
http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.html
BUGTRAQ:20030103 Pedestal Software Security Notice
http://www.phrack.org/show.php?p=59&a=16
MISC:http://www.phrack.org/show.php?p=59&a=16
http://secunia.com/advisories/7816
SECUNIA:7816
https://exchange.xforce.ibmcloud.com/vulnerabilities/10979
XF:ipd-ntcreatesymboliclinkobject-subs-symlink(10979)
CVE-2003-1234
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
2005-11-16
2018-10-19
CVE-2003-1234
http://www.securityfocus.com/bid/6524
BID:6524
http://www.securityfocus.com/archive/1/305308/30/26420/threaded
BUGTRAQ:20030106 PDS: Integer overflow in FreeBSD kernel
http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html
BUGTRAQ:20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc
FREEBSD:FreeBSD-SA-02:44
http://www.pine.nl/press/pine-cert-20030101.txt
MISC:http://www.pine.nl/press/pine-cert-20030101.txt
http://www.securitytracker.com/id?1005898
SECTRACK:1005898
http://secunia.com/advisories/7821
SECUNIA:7821
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html
VULNWATCH:20030106 PDS: Integer overflow in FreeBSD kernel
http://www.iss.net/security_center/static/10993.php
XF:freebsd-kernel-integer-overflow(10993)
CVE-2003-1235
BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory.
2005-11-16
CVE-2003-1235
http://www.securityfocus.com/bid/7283
BID:7283
http://archives.neohapsis.com/archives/bugtraq/2003-04/0014.html
BUGTRAQ:20030331 BRS WebWeaver: full disclosure
http://www.iss.net/security_center/static/11686.php
XF:webweaver-testcgi-info-disclosure(11686)
CVE-2003-1236
Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
2005-11-16
2008-02-12
CVE-2003-1236
http://www.securityfocus.com/bid/6553
BID:6553
http://www.securityfocus.com/archive/1/305460
BUGTRAQ:20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.
http://www.securityfocus.com/archive/1/305663
BUGTRAQ:20030108 Tanne Remote format string exploit (Proof of Concept)
http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2
CONFIRM:http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2
http://www.securitytracker.com/id?1005900
SECTRACK:1005900
http://secunia.com/advisories/7831
SECUNIA:7831
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html
VULNWATCH:20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.
http://www.iss.net/security_center/static/11006.php
XF:tanne-logger-format-string(11006)
CVE-2003-1237
Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.
2005-11-16
2016-11-17
CVE-2003-1237
http://www.securityfocus.com/bid/6918
BID:6918
http://archives.neohapsis.com/archives/bugtraq/2003-02/0274.html
BUGTRAQ:20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard
http://www.iss.net/security_center/static/11383.php
XF:wwwboard-message-xss(11383)
CVE-2003-1238
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.
2005-11-16
CVE-2003-1238
http://www.securityfocus.com/bid/6916
BID:6916
http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html
BUGTRAQ:20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan
http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html
BUGTRAQ:20030318 Some XSS vulns
http://www.iss.net/security_center/static/11420.php
XF:nuked-klan-team-xss(11420)
CVE-2003-1239
Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.
2005-11-16
2016-11-17
CVE-2003-1239
http://www.securityfocus.com/bid/6929
BID:6929
http://www.securityfocus.com/archive/1/312966
BUGTRAQ:20030223 WihPhoto (PHP)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html
VULNWATCH:20030223 WihPhoto (PHP)
http://www.iss.net/security_center/static/11429.php
XF:wihphoto-sendphoto-file-disclosure(11429)
CVE-2003-1240
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.
2005-11-16
2007-10-18
CVE-2003-1240
http://www.securityfocus.com/bid/6935
BID:6935
http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html
BUGTRAQ:20030225 PHP code injection in CuteNews
http://www.iss.net/security_center/static/11417.php
XF:cutenews-php-file-include(11417)
CVE-2003-1241
Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.
2005-11-16
2008-04-01
CVE-2003-1241
http://www.securityfocus.com/bid/6906
BID:6906
http://www.securityfocus.com/archive/1/312762
BUGTRAQ:20030221 Myguestbook (PHP)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0089.html
VULNWATCH:20030221 Myguestbook (PHP)
CVE-2003-1242
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
2005-11-16
CVE-2003-1242
http://www.securityfocus.com/bid/6893
BID:6893
http://archives.neohapsis.com/archives/bugtraq/2003-02/0236.html
BUGTRAQ:20030219 XSS and Path Disclosure in Sage
http://www.iss.net/security_center/static/11372.php
XF:sage-module-path-disclosure(11372)
CVE-2003-1243
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
2005-11-16
2017-07-10
CVE-2003-1243
http://www.securityfocus.com/bid/6894
BID:6894
http://archives.neohapsis.com/archives/bugtraq/2003-02/0236.html
BUGTRAQ:20030219 XSS and Path Disclosure in Sage
https://exchange.xforce.ibmcloud.com/vulnerabilities/11371
XF:sage-mod-xss(11371)
CVE-2003-1244
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
2005-11-16
2007-10-18
CVE-2003-1244
http://www.securityfocus.com/bid/6888
BID:6888
http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html
BUGTRAQ:20030220 phpBB Security Bugs
http://www.iss.net/security_center/static/11376.php
XF:phpbb-pageheader-sql-injection(11376)
CVE-2003-1245
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
2005-11-16
2017-07-10
CVE-2003-1245
http://www.securityfocus.com/bid/6926
BID:6926
http://archives.neohapsis.com/archives/bugtraq/2003-02/0302.html
BUGTRAQ:20030224 Mambo SiteServer exploit gains administrative privileges
https://exchange.xforce.ibmcloud.com/vulnerabilities/11398
XF:mambo-sessionid-gain-privileges(11398)
CVE-2003-1246
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
2005-11-16
CVE-2003-1246
http://www.securityfocus.com/bid/6511
BID:6511
http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.html
BUGTRAQ:20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)
http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.html
BUGTRAQ:20030103 Pedestal Software Security Notice
http://www.iss.net/security_center/static/10979.php
XF:ipd-ntcreatesymboliclinkobject-subs-symlink(10979)
CVE-2003-1247
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.
2005-11-16
2008-02-12
CVE-2003-1247
http://www.securityfocus.com/bid/6527
BID:6527
http://www.securityfocus.com/bid/6537
BID:6537
http://www.securityfocus.com/bid/6538
BID:6538
http://www.securityfocus.com/bid/6540
BID:6540
http://www.securityfocus.com/archive/1/305313
BUGTRAQ:20030106 Remote root vuln in HSphere WebShell
http://psoft.net/misc/webshell_patch.html
MISC:http://psoft.net/misc/webshell_patch.html
http://www.securitytracker.com/id?1005893
SECTRACK:1005893
http://secunia.com/advisories/7832
SECUNIA:7832
http://www.iss.net/security_center/static/11002.php
XF:hsphere-webshell-diskusage-bo(11002)
http://www.iss.net/security_center/static/11003.php
XF:hsphere-webshell-flist-bo(11003)
http://www.iss.net/security_center/static/10999.php
XF:hsphere-webshell-readfile-bo(10999)
CVE-2003-1248
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
2005-11-16
2008-02-12
CVE-2003-1248
http://www.securityfocus.com/bid/6537
BID:6537
http://www.securityfocus.com/bid/6539
BID:6539
http://www.securityfocus.com/archive/1/305313
BUGTRAQ:20030106 Remote root vuln in HSphere WebShell
http://psoft.net/misc/webshell_patch.html
MISC:http://psoft.net/misc/webshell_patch.html
http://www.securitytracker.com/id?1005893
SECTRACK:1005893
http://www.iss.net/security_center/static/11001.php
XF:hsphere-webshell-encodefilename-execution(11001)
CVE-2003-1249
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
2005-11-16
2008-02-12
CVE-2003-1249
http://www.securityfocus.com/bid/6569
BID:6569
http://www.securityfocus.com/archive/1/305991
BUGTRAQ:20030109 WebIntelligence session hijacking vulnerability
http://www.securitytracker.com/id?1005906
SECTRACK:1005906
http://secunia.com/advisories/7846
SECUNIA:7846
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html
VULNWATCH:20030109 WebIntelligence session hijacking vulnerability
http://www.iss.net/security_center/static/11026.php
XF:webintelligence-session-hijacking(11026)
CVE-2003-1250
Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap.
2005-11-16
2008-03-11
CVE-2003-1250
http://www.securityfocus.com/bid/6573
BID:6573
http://www.securityfocus.com/archive/1/306081
BUGTRAQ:20030110 Efficient Networks 5861 DSL Router
http://www.securityfocus.com/archive/1/308008
BUGTRAQ:20030123 5861 IP Filtering issues
http://www.securitytracker.com/id?1005910
SECTRACK:1005910
http://securitytracker.com/id?1005980
SECTRACK:1005980
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0015.html
VULNWATCH:20030110 Efficient Networks 5861 DSL Router
http://www.iss.net/security_center/static/11032.php
XF:efficient-dsl-portscan-dos(11032)
CVE-2003-1251
The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.
2005-11-16
2008-02-12
CVE-2003-1251
http://www.securityfocus.com/bid/6500
BID:6500
http://archives.neohapsis.com/archives/bugtraq/2003-01/0005.html
BUGTRAQ:20030102 N/X (PHP)
http://secunia.com/advisories/7808
SECUNIA:7808
http://www.iss.net/security_center/static/10969.php
XF:nx-file-include(10969)
CVE-2003-1252
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
2005-11-16
2008-02-12
CVE-2003-1252
http://www.securityfocus.com/bid/6547
BID:6547
http://www.securityfocus.com/archive/1/305406
BUGTRAQ:20030105 A security vulnerability in S8Forum
http://www.securitytracker.com/id?1005881
SECTRACK:1005881
http://secunia.com/advisories/7819
SECUNIA:7819
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0004.html
VULNWATCH:20030105 A security vulnerability in S8Forum
http://www.iss.net/security_center/static/10974.php
XF:s8forum-register-command-execution(10974)
CVE-2003-1253
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
2005-11-16
2007-02-28
CVE-2003-1253
http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html
BUGTRAQ:20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities
http://www.iss.net/security_center/static/11009.php
XF:bookmark4u-file-include(11009)
CVE-2003-1254
Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code.
2005-11-16
CVE-2003-1254
http://www.securityfocus.com/bid/6545
BID:6545
http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html
BUGTRAQ:20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities
http://www.iss.net/security_center/static/11010.php
XF:apb-apbsettings-file-include(11010)
CVE-2003-1255
add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter.
2005-11-16
2017-07-10
CVE-2003-1255
http://www.securityfocus.com/bid/6546
BID:6546
http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html
BUGTRAQ:20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11011
XF:apb-addbookmark-authentication-bypass(11011)
CVE-2003-1256
aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.
2005-11-16
CVE-2003-1256
http://www.securityfocus.com/bid/6970
BID:6970
http://www.securityfocus.com/archive/1/305381
BUGTRAQ:20030106 E-theni (PHP)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0009.html
VULNWATCH:20030106 E-theni (PHP)
http://www.iss.net/security_center/static/11013.php
XF:etheni-afflistelangue-file-include(11013)
CVE-2003-1257
find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo.
2005-11-16
CVE-2003-1257
http://www.securityfocus.com/archive/1/305381
BUGTRAQ:20030106 E-theni (PHP)
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0009.html
VULNWATCH:20030106 E-theni (PHP)
http://www.iss.net/security_center/static/11012.php
XF:etheni-findthenihome-information-disclosure(11012)
CVE-2003-1258
activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid.
2005-11-16
CVE-2003-1258
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0017.html
VULNWATCH:20030110 vulnerability in versatile BulletinBoard Allows Gaining Administrative Privileges.
http://www.iss.net/security_center/static/11044.php
XF:vbb-unauthorized-privileges(11044)
CVE-2003-1259
Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
2005-11-16
CVE-2003-1259
http://www.securityfocus.com/bid/6518
BID:6518
http://archives.neohapsis.com/archives/bugtraq/2003-01/0026.html
BUGTRAQ:20030104 CuteFTP: buffer overflow
http://www.securityfocus.com/archive/1/325659
BUGTRAQ:20030618 Re: CuteFTP 5.0 XP, Buffer Overflow
http://www.iss.net/security_center/static/10984.php
XF:cuteftp-ftp-banner-bo(10984)
CVE-2003-1260
Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.
2005-11-16
2016-11-17
CVE-2003-1260
http://www.securityfocus.com/bid/6642
BID:6642
http://archives.neohapsis.com/archives/bugtraq/2003-01/0123.html
BUGTRAQ:20030118 CuteFTP 5.0 XP, Buffer Overflow
http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html
BUGTRAQ:20030205 Re: CuteFTP 5.0 XP, Buffer Overflow
http://www.securityfocus.com/archive/1/325659
BUGTRAQ:20030618 Re: CuteFTP 5.0 XP, Buffer Overflow
http://seclists.org/lists/fulldisclosure/2003/Jan/0126.html
FULLDISC:20030107 CuteFTP 5.0 XP, Buffer Overflow
http://www.osvdb.org/2181
OSVDB:2181
http://secunia.com/advisories/7898
SECUNIA:7898
http://www.iss.net/security_center/static/11093.php
XF:cuteftp-list-command-bo(11093)
CVE-2003-1261
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.
2005-11-16
2007-10-23
CVE-2003-1261
http://www.securityfocus.com/bid/6786
BID:6786
http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html
BUGTRAQ:20030205 Re: CuteFTP 5.0 XP, Buffer Overflow
http://www.securityfocus.com/archive/1/310710
BUGTRAQ:20030206 Re: CuteFTP 5.0 XP, Buffer Overflow
http://www.securityfocus.com/archive/1/325659
BUGTRAQ:20030618 Re: CuteFTP 5.0 XP, Buffer Overflow
http://www.iss.net/security_center/static/11275.php
XF:cuteftp-url-clipboard-bo(11275)
CVE-2003-1262
Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value.
2005-11-16
2016-10-17
CVE-2003-1262
http://www.securityfocus.com/bid/6531
BID:6531
http://www.securityfocus.com/archive/1/305340
BUGTRAQ:20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.
http://marc.info/?l=bugtraq&m=104195613529429&w=2
BUGTRAQ:20030107 GLSA: http-fetcher
http://www.linuxsecurity.com/content/view/104480/104/
GENTOO:GLSA-200301-6
http://secunia.com/advisories/7823
SECUNIA:7823
http://www.iss.net/security_center/static/11000.php
XF:http-fetcher-httpfetch-bo(11000)
CVE-2003-1263
ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name.
2005-11-16
2008-04-01
CVE-2003-1263
http://www.securityfocus.com/bid/6505
BID:6505
http://www.securityfocus.com/bid/6506
BID:6506
http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html
BUGTRAQ:20030103 ical 3.7 remote dos
http://www.iss.net/security_center/static/10973.php
XF:ical-icalexe-port-dos(10973)
CVE-2003-1264
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
2005-11-16
2008-02-12
CVE-2003-1264
http://www.securityfocus.com/bid/6533
BID:6533
http://www.securityfocus.com/archive/1/305344
BUGTRAQ:20030106 Longshine WLAN Access-Point LCS-883R VU#310201
http://www.securityfocus.com/archive/1/305391
BUGTRAQ:20030106 Re: Longshine WLAN Access-Point LCS-883R VU#310201
http://www.securitytracker.com/id?1005897
SECTRACK:1005897
http://www.iss.net/security_center/static/10997.php
XF:longshine-ap-tftp-access(10997)
CVE-2003-1265
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
2005-11-16
2008-03-11
CVE-2003-1265
http://www.securityfocus.com/bid/6499
BID:6499
http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html
BUGTRAQ:20030101 Potential disclosure of sensitive information in Netscape 7.0 email client
http://www.securitytracker.com/id?1005871
SECTRACK:1005871
http://www.iss.net/security_center/static/10963.php
XF:netscape-email-deletion-failure(10963)
CVE-2003-1266
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
2005-11-16
CVE-2003-1266
http://www.securityfocus.com/bid/6519
BID:6519
http://www.securityfocus.com/bid/6520
BID:6520
http://www.securityfocus.com/bid/6521
BID:6521
http://www.securityfocus.com/bid/6522
BID:6522
http://archives.neohapsis.com/archives/bugtraq/2003-01/0022.html
BUGTRAQ:20030104 EServ/2.97 remote DoS
http://www.iss.net/security_center/static/10975.php
XF:eserv-remote-data-dos(10975)
CVE-2003-1267
GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1.
2005-11-16
2008-02-12
CVE-2003-1267
http://www.securiteam.com/windowsntfocus/5SP030A8UO.html
MISC:http://www.securiteam.com/windowsntfocus/5SP030A8UO.html
http://www.securitytracker.com/id?1005864
SECTRACK:1005864
http://www.iss.net/security_center/static/10964.php
XF:guildftpd-aux-port-dos(10964)
CVE-2003-1268
Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.
2005-11-16
2007-10-31
CVE-2003-1268
http://www.securityfocus.com/bid/6558
BID:6558
http://www.securityfocus.com/archive/1/305685
BUGTRAQ:20030108 a.shopKart Shopping Cart remote vulnerabilities
http://www.centaura.com.ar/infosec/adv/ashopkart.txt
MISC:http://www.centaura.com.ar/infosec/adv/ashopkart.txt
http://www.osvdb.org/37036
OSVDB:37036
http://www.osvdb.org/37037
OSVDB:37037
http://www.osvdb.org/37038
OSVDB:37038
http://www.securitytracker.com/id?1005903
SECTRACK:1005903
http://secunia.com/advisories/7838
SECUNIA:7838
http://www.iss.net/security_center/static/11029.php
XF:ashopkart-multiple-sql-injection(11029)
CVE-2003-1269
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message.
2005-11-16
CVE-2003-1269
http://www.securityfocus.com/bid/6528
BID:6528
http://www.securityfocus.com/archive/1/305234
BUGTRAQ:20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack
http://www.iss.net/security_center/static/10976.php
XF:an-http-path-disclosure(10976)
CVE-2003-1270
AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability.
2005-11-16
CVE-2003-1270
http://www.securityfocus.com/archive/1/305234
BUGTRAQ:20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack
http://www.iss.net/security_center/static/10978.php
XF:an-http-script-dos(10978)
CVE-2003-1271
Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script.
2005-11-16
CVE-2003-1271
http://www.securityfocus.com/bid/6529
BID:6529
http://www.securityfocus.com/archive/1/305234
BUGTRAQ:20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack
http://www.iss.net/security_center/static/10977.php
XF:an-http-script-xss(10977)
CVE-2003-1272
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
2005-11-16
2017-07-10
CVE-2003-1272
http://www.securityfocus.com/bid/6515
BID:6515
http://www.securityfocus.com/bid/6516
BID:6516
http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html
BUGTRAQ:20030104 WinAmp v.3.0: buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/10981
XF:winamp-b4s-path-bo(10981)
http://www.iss.net/security_center/static/10980.php
XF:winamp-b4s-playlistname-bo(10980)
CVE-2003-1273
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
2005-11-16
2017-07-10
CVE-2003-1273
http://www.securityfocus.com/bid/6517
BID:6517
http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html
BUGTRAQ:20030104 WinAmp v.3.0: buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/10982
XF:winamp-b4s-playlistname-dos(10982)
CVE-2003-1274
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
2005-11-16
2017-07-10
CVE-2003-1274
http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html
BUGTRAQ:20030104 WinAmp v.3.0: buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/10983
XF:winamp-b4s-path-dos(10983)
CVE-2003-1275
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
2005-11-16
CVE-2003-1275
http://www.securityfocus.com/bid/6507
BID:6507
http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html
BUGTRAQ:20030103 JS Bug makes it possible to deliberately crash Pocket PC IE
http://www.iss.net/security_center/static/11004.php
XF:pie-javascript-objectinnerhtml-dos(11004)
CVE-2003-1276
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts.
2005-11-16
CVE-2003-1276
http://archives.neohapsis.com/archives/bugtraq/2003-01/0046.html
BUGTRAQ:20030103 Multiple Issues in Nettelephone Dialer
http://www.iss.net/security_center/static/11007.php
XF:nettelephone-insecure-account-information(11007)
CVE-2003-1277
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html
2005-11-16
CVE-2003-1277
http://www.securiteam.com/unixfocus/5BP051F8VE.html
MISC:http://www.securiteam.com/unixfocus/5BP051F8VE.html
http://www.securiteam.com/unixfocus/5BP061F8US.html
MISC:http://www.securiteam.com/unixfocus/5BP061F8US.html
http://www.iss.net/security_center/static/10989.php
XF:yabb-newstemplate-xss(10989)
http://www.iss.net/security_center/static/10990.php
XF:yabb-se-index-xss(10990)
CVE-2003-1278
Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.
2005-11-16
CVE-2003-1278
http://www.securityfocus.com/bid/6523
BID:6523
http://www.securityfocus.com/archive/1/305232
BUGTRAQ:20030104 OpenTopic security hole
http://www.iss.net/security_center/static/10985.php
XF:opentopic-img-xss(10985)
CVE-2003-1279
S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html.
2005-11-16
2008-02-12
CVE-2003-1279
http://www.securityfocus.com/bid/6530
BID:6530
http://www.securityfocus.com/archive/1/305342
BUGTRAQ:20030105 S-plus /tmp usage
http://www.securitytracker.com/id?1005896
SECTRACK:1005896
http://secunia.com/advisories/7833
SECUNIA:7833
http://www.iss.net/security_center/static/11005.php
XF:splus-tmp-file-symlink(11005)
CVE-2003-1280
Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads.
2005-11-16
CVE-2003-1280
http://www.securityfocus.com/bid/6550
BID:6550
http://www.securityfocus.com/archive/1/305469
BUGTRAQ:20030107 Multiple cgihtml vulnerabilities
http://www.iss.net/security_center/static/11022.php
XF:cgihtml-dotdot-directory-traversal(11022)
CVE-2003-1281
cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files.
2005-11-16
CVE-2003-1281
http://www.securityfocus.com/bid/6552
BID:6552
http://www.securityfocus.com/archive/1/305469
BUGTRAQ:20030107 Multiple cgihtml vulnerabilities
http://www.iss.net/security_center/static/11023.php
XF:cgihtml-tmpfile-symlink(11023)
CVE-2003-1282
IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.
2005-11-16
2008-02-12
CVE-2003-1282
http://www.securiteam.com/securitynews/5CP061F8VS.html
MISC:http://www.securiteam.com/securitynews/5CP061F8VS.html
http://www.securitytracker.com/id?1005890
SECTRACK:1005890
http://www.iss.net/security_center/static/11016.php
XF:ibm-netdata-view-variables(11016)
CVE-2003-1283
KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code.
2005-11-16
CVE-2003-1283
http://www.securityfocus.com/bid/6543
BID:6543
http://archives.neohapsis.com/archives/bugtraq/2003-01/0056.html
BUGTRAQ:20030107 KaZaA - Bad Zone
http://www.iss.net/security_center/static/11031.php
XF:kazaa-ad-local-zone(11031)
CVE-2003-1284
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe.
2005-11-21
2017-07-10
CVE-2003-1284
http://www.sambar.com/security.htm
CONFIRM:http://www.sambar.com/security.htm
http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true
IDEFENSE:20030925 Sambar Server Multiple Vulnerabilities
http://securitytracker.com/id?1007819
SECTRACK:1007819
http://secunia.com/advisories/9578
SECUNIA:9578
https://exchange.xforce.ibmcloud.com/vulnerabilities/13305
XF:sambar-multiple-vulnerabilities(13305)
CVE-2003-1285
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).
2005-11-21
2017-07-10
CVE-2003-1285
http://www.sambar.com/security.htm
CONFIRM:http://www.sambar.com/security.htm
http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true
IDEFENSE:20030925 Sambar Server Multiple Vulnerabilities
http://www.osvdb.org/5782
OSVDB:5782
http://www.osvdb.org/5783
OSVDB:5783
http://www.osvdb.org/5784
OSVDB:5784
http://www.osvdb.org/5785
OSVDB:5785
http://www.osvdb.org/5805
OSVDB:5805
http://securitytracker.com/id?1007819
SECTRACK:1007819
http://secunia.com/advisories/9578
SECUNIA:9578
https://exchange.xforce.ibmcloud.com/vulnerabilities/13305
XF:sambar-multiple-vulnerabilities(13305)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16056
XF:sambar-multiple-xss(16056)
CVE-2003-1286
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
2005-11-21
2017-07-10
CVE-2003-1286
http://www.securityfocus.com/bid/10256
BID:10256
http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html
BUGTRAQ:20040430 SECURITY.NNOV: Sambar security quest
http://www.sambar.com/security.htm
CONFIRM:http://www.sambar.com/security.htm
http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true
IDEFENSE:20030925 Sambar Server Multiple Vulnerabilities
http://securitytracker.com/id?1007819
SECTRACK:1007819
http://secunia.com/advisories/9578
SECUNIA:9578
https://exchange.xforce.ibmcloud.com/vulnerabilities/16054
XF:sambar-http-gain-access(16054)
CVE-2003-1287
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
2005-11-21
2017-07-10
CVE-2003-1287
http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html
BUGTRAQ:20040430 SECURITY.NNOV: Sambar security quest
http://www.sambar.com/security.htm
CONFIRM:http://www.sambar.com/security.htm
http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true
IDEFENSE:20030925 Sambar Server Multiple Vulnerabilities
http://www.osvdb.org/5781
OSVDB:5781
http://securitytracker.com/id?1007819
SECTRACK:1007819
http://secunia.com/advisories/9578
SECUNIA:9578
https://exchange.xforce.ibmcloud.com/vulnerabilities/16059
XF:sambar-post-code-execution(16059)
CVE-2003-1288
Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.
2005-12-04
2005-12-08
CVE-2003-1288
http://linux-vserver.org/ChangeLog
CONFIRM:http://linux-vserver.org/ChangeLog
http://list.linux-vserver.org/archive/vserver/msg05630.html
MLIST:[Vserver] 20031218 SMP oops 2.4.23 v1.22
http://list.linux-vserver.org/archive/vserver/msg05631.html
MLIST:[Vserver] 20031219 Re: SMP oops 2.4.23 v1.22
http://list.linux-vserver.org/archive/vserver/msg05658.html
MLIST:[Vserver] 20031220 Re: SMP oops 2.4.23 v1.22
http://www.osvdb.org/7587
OSVDB:7587
CVE-2003-1289
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
2005-12-17
2017-07-19
CVE-2003-1289
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc
FREEBSD:FreeBSD-SA-03:10
NETBSD:NetBSD-SA2003-013
http://www.osvdb.org/2406
OSVDB:2406
http://securitytracker.com/id?1007460
SECTRACK:1007460
http://secunia.com/advisories/9504
SECUNIA:9504
https://exchange.xforce.ibmcloud.com/vulnerabilities/12892
XF:freebsd-ibcs2-kernel-memory(12892)
CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
2006-01-13
2017-07-19
CVE-2003-1290
http://dev2dev.bea.com/pub/advisory/162
BEA:BEA03-43.00
http://www.securityfocus.com/bid/16215
BID:16215
http://www.securityfocus.com/bid/9034
BID:9034
http://www.osvdb.org/3064
OSVDB:3064
http://secunia.com/advisories/10218
SECUNIA:10218
http://secunia.com/advisories/18396
SECUNIA:18396
https://exchange.xforce.ibmcloud.com/vulnerabilities/13752
XF:weblogic-mbeanhome-obtain-information(13752)
CVE-2003-1291
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.
2006-02-01
CVE-2003-1291
http://www.vmware.com/download/esx/esx152-patch4.html
CONFIRM:http://www.vmware.com/download/esx/esx152-patch4.html
http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk%2ABWh&p_lva=&p_faqid=1108
CONFIRM:http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1108
http://www.osvdb.org/21585
OSVDB:21585
CVE-2003-1292
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.
2006-02-02
2017-10-09
CVE-2003-1292
http://www.securityfocus.com/bid/16436
BID:16436
http://www.securityfocus.com/bid/18248
BID:18248
http://www.securityfocus.com/archive/1/329910
BUGTRAQ:20030720 sorry, wrong file
http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
CONFIRM:http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
https://www.exploit-db.com/exploits/1864
EXPLOIT-DB:1864
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html
FULLDISC:20060130 Re: ashnews Cross-Site Scripting Vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html
FULLDISC:20060131 Re: ashnews Cross-Site Scripting Vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html
FULLDISC:20060131 Re: ashnews Cross-Site Scripting Vulnerability
http://secunia.com/advisories/9331
SECUNIA:9331
CVE-2003-1293
Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook.
2006-02-03
CVE-2003-1293
http://www.securityfocus.com/bid/8025
BID:8025
http://www.securityfocus.com/archive/1/326506
BUGTRAQ:20030724 GuestBookHost : Cross Site Scripting
CVE-2003-1294
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
2006-02-27
2023-02-12
CVE-2003-1294
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
MISC:20060602-01-U
http://secunia.com/advisories/20224
MISC:20224
http://secunia.com/advisories/20226
MISC:20226
http://secunia.com/advisories/20456
MISC:20456
http://secunia.com/advisories/20782
MISC:20782
http://www.securityfocus.com/bid/9125
MISC:9125
http://www.vupen.com/english/advisories/2006/1948
MISC:ADV-2006-1948
http://www.redhat.com/support/errata/RHSA-2006-0498.html
MISC:RHSA-2006:0498
http://jwz.livejournal.com/310943.html
MISC:http://jwz.livejournal.com/310943.html
http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm
http://www.novell.com/linux/download/updates/90_i386.html
MISC:http://www.novell.com/linux/download/updates/90_i386.html
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968
MISC:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848
MISC:oval:org.mitre.oval:def:10848
CVE-2003-1295
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
2006-02-27
CVE-2003-1295
http://www.securityfocus.com/bid/9125
BID:9125
http://www.novell.com/linux/download/updates/90_i386.html
CONFIRM:http://www.novell.com/linux/download/updates/90_i386.html
CVE-2003-1296
Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data in the Your Message field, possibly a long argument.
2006-03-19
2017-07-19
CVE-2003-1296
http://archives.neohapsis.com/archives/bugtraq/2003-10/0083.html
BUGTRAQ:20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13360
XF:easyfilesharing-title-dos(13360)
CVE-2003-1297
Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.
2006-03-19
CVE-2003-1297
http://archives.neohapsis.com/archives/bugtraq/2003-10/0083.html
BUGTRAQ:20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)
http://www.osvdb.org/23794
OSVDB:23794
http://www.osvdb.org/23795
OSVDB:23795
CVE-2003-1298
Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).
2006-03-23
2017-07-19
CVE-2003-1298
http://www.securityfocus.com/bid/17197
BID:17197
http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152
MISC:http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152
http://www.osvdb.org/23984
OSVDB:23984
http://secunia.com/advisories/19359
SECUNIA:19359
http://www.vupen.com/english/advisories/2006/1053
VUPEN:ADV-2006-1053
https://exchange.xforce.ibmcloud.com/vulnerabilities/25396
XF:anyportalphp-siteman-directory-traversal(25396)
CVE-2003-1299
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.
2006-03-24
2016-11-25
CVE-2003-1299
http://www.securityfocus.com/bid/7749
BID:7749
http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
CONFIRM:http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
http://packetstormsecurity.org/0305-exploits/baby.txt
MISC:http://packetstormsecurity.org/0305-exploits/baby.txt
http://www.osvdb.org/24538
OSVDB:24538
CVE-2003-1300
Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation.
2006-03-24
2006-04-18
CVE-2003-1300
http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
CONFIRM:http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
http://packetstormsecurity.org/0305-exploits/baby.txt
MISC:http://packetstormsecurity.org/0305-exploits/baby.txt
http://www.osvdb.org/24539
OSVDB:24539
CVE-2003-1301
Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
2006-05-25
2018-10-19
CVE-2003-1301
http://www.securityfocus.com/bid/18058
BID:18058
http://www.securityfocus.com/archive/1/434705/100/0/threaded
BUGTRAQ:20060521 Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719
MISC:http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300
MISC:http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300
http://www.illegalaccess.org/exploit/ObjectStackOverflow.html
MISC:http://www.illegalaccess.org/exploit/ObjectStackOverflow.html
CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
2006-06-14
2023-02-12
CVE-2003-1302
http://bugs.php.net/bug.php?id=22048
MISC:http://bugs.php.net/bug.php?id=22048
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
CVE-2003-1303
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.
2006-06-14
2023-02-12
CVE-2003-1303
http://bugs.php.net/bug.php?id=24150
MISC:http://bugs.php.net/bug.php?id=24150
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346
MISC:oval:org.mitre.oval:def:10346
CVE-2003-1304
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.
2006-07-12
2018-10-19
CVE-2003-1304
http://www.securityfocus.com/bid/8112
BID:8112
http://www.securityfocus.com/archive/1/438189/100/200/threaded
BUGTRAQ:20060622 productcart soltan_defacer
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0081.html
FULLDISC:20030705 [Vulnerability] : ProductCart database file can be downloaded remotely
http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf
MISC:http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf
http://secunia.com/advisories/9195
SECUNIA:9195
https://exchange.xforce.ibmcloud.com/vulnerabilities/9816
XF:shopping-cart-database-access(9816)
CVE-2003-1305
Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page.
2006-08-29
CVE-2003-1305
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00068.html
BUGTRAQ:20030707 Internet Explorer Crash
http://www.osvdb.org/2291
OSVDB:2291
CVE-2003-1306
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
2006-10-09
CVE-2003-1306
http://archives.neohapsis.com/archives/sf/www-mobile/2003-q3/0021.html
MLIST:[WWW-Mobile-Code] 20030706 can - IIS Version Disclosure
http://www.osvdb.org/29370
OSVDB:29370
http://secunia.com/advisories/9194
SECUNIA:9194
CVE-2003-1307
** DISPUTED **
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
2006-10-23
2018-10-19
CVE-2003-1307
http://www.securityfocus.com/bid/9302
BID:9302
http://www.securityfocus.com/archive/1/348368
BUGTRAQ:20031226 Hijacking Apache https by mod_php
http://www.securityfocus.com/archive/1/449234/100/0/threaded
BUGTRAQ:20061019 PHP "exec", "system", "popen" problem
http://www.securityfocus.com/archive/1/449298/100/0/threaded
BUGTRAQ:20061020 Re: PHP "exec", "system", "popen" (+small POC)
http://bugs.php.net/38915
MISC:http://bugs.php.net/38915
http://hackerdom.ru/~dimmo/phpexpl.c
MISC:http://hackerdom.ru/~dimmo/phpexpl.c
CVE-2003-1308
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
2006-11-17
CVE-2003-1308
http://www.securityfocus.com/bid/9161
BID:9161
http://www.fvwm.org/news/
CONFIRM:http://www.fvwm.org/news/
CVE-2003-1309
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
2006-11-30
2017-07-28
CVE-2003-1309
http://www.securityfocus.com/bid/8342
BID:8342
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
CONFIRM:http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt
MISC:http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt
http://sec-labs.hack.pl/papers/win32ddc.php
MISC:http://sec-labs.hack.pl/papers/win32ddc.php
http://www.osvdb.org/2375
OSVDB:2375
http://www.osvdb.org/4362
OSVDB:4362
http://secunia.com/advisories/9459
SECUNIA:9459
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html
VULNWATCH:20030805 Local ZoneAlarm Firewall (probably all versions - tested on v3.1)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12824
XF:device-driver-gain-privileges(12824)
CVE-2003-1310
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
2006-11-30
2017-07-28
CVE-2003-1310
http://www.securityfocus.com/bid/8329
BID:8329
http://sec-labs.hack.pl/papers/win32ddc.php
MISC:http://sec-labs.hack.pl/papers/win32ddc.php
http://www.osvdb.org/4362
OSVDB:4362
http://secunia.com/advisories/9460
SECUNIA:9460
https://exchange.xforce.ibmcloud.com/vulnerabilities/12824
XF:device-driver-gain-privileges(12824)
CVE-2003-1311
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
2006-12-15
CVE-2003-1311
http://curl.haxx.se/mail/archive-2003-05/0172.html
MLIST:[curl-users] 20030529 Re: https, redirection and authentication using POST
http://www.osvdb.org/30741
OSVDB:30741
CVE-2003-1312
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
2006-12-15
CVE-2003-1312
http://curl.haxx.se/mail/archive-2003-05/0172.html
MLIST:[curl-users] 20030529 Re: https, redirection and authentication using POST
http://www.osvdb.org/30741
OSVDB:30741
CVE-2003-1313
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php.
2006-12-26
CVE-2003-1313
http://www.securityfocus.com/bid/8767
BID:8767
http://securitytracker.com/id?1007884
SECTRACK:1007884
http://www.securityfocus.com/archive/1/340244
VULNWATCH:20031004 EMML, EMGB : Include() hole
CVE-2003-1314
PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.
2006-12-26
2017-10-18
CVE-2003-1314
http://www.securityfocus.com/bid/21720
BID:21720
http://www.securityfocus.com/bid/8767
BID:8767
https://www.exploit-db.com/exploits/2980
EXPLOIT-DB:2980
http://securitytracker.com/id?1007885
SECTRACK:1007885
http://www.securityfocus.com/archive/1/340244
VULNWATCH:20031004 EMML, EMGB : Include() hole
CVE-2003-1315
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.
2006-12-29
2017-07-28
CVE-2003-1315
http://www.securityfocus.com/bid/9168
BID:9168
http://www.neocrome.net/index.php?m=single&id=76
MISC:http://www.neocrome.net/index.php?m=single&id=76
http://www.neocrome.net/page.php?id=1250
MISC:http://www.neocrome.net/page.php?id=1250
http://www.osvdb.org/2943
OSVDB:2943
http://securitytracker.com/id?1008416
SECTRACK:1008416
http://secunia.com/advisories/10396
SECUNIA:10396
https://exchange.xforce.ibmcloud.com/vulnerabilities/13922
XF:landdownunder-auth-sql-injection(13922)
CVE-2003-1316
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
2007-01-04
2017-07-28
CVE-2003-1316
http://www.securityfocus.com/bid/8507
BID:8507
http://www.osvdb.org/3666
OSVDB:3666
http://securitytracker.com/id?1007592
SECTRACK:1007592
http://secunia.com/advisories/9622
SECUNIA:9622
https://exchange.xforce.ibmcloud.com/vulnerabilities/13042
XF:endonesia-mod-path-disclosure(13042)
CVE-2003-1317
Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
2007-01-04
2017-07-28
CVE-2003-1317
http://www.securityfocus.com/bid/8506
BID:8506
http://www.osvdb.org/2480
OSVDB:2480
http://securitytracker.com/id?1007592
SECTRACK:1007592
http://secunia.com/advisories/9622
SECUNIA:9622
https://exchange.xforce.ibmcloud.com/vulnerabilities/13041
XF:endonesia-mod-xss(13041)
CVE-2003-1318
Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.
2007-01-18
2016-10-17
CVE-2003-1318
http://www.securityfocus.com/bid/22090
BID:22090
http://marc.info/?l=bugtraq&m=105820430209748&w=2
BUGTRAQ:20030713 TA-2003-07 Denial of Service Attack against Twilight WebServer v1.3.3.0
http://www.tripbit.org/advisories/twilight_advisory.txt
MISC:http://www.tripbit.org/advisories/twilight_advisory.txt
CVE-2003-1319
Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.
2007-02-07
2017-07-28
CVE-2003-1319
http://www.securityfocus.com/bid/7858
BID:7858
http://www.securityfocus.com/bid/7861
BID:7861
http://archives.neohapsis.com/archives/bugtraq/2003-06/0083.html
BUGTRAQ:20030608 [SmartFTP] Two Buffer Overflow Vulnerabilities
http://security.nnov.ru/docs4679.html
MISC:http://security.nnov.ru/docs4679.html
http://securitytracker.com/id?1006956
SECTRACK:1006956
http://secunia.com/advisories/8998
SECUNIA:8998
https://exchange.xforce.ibmcloud.com/vulnerabilities/12231
XF:smartftp-long-list-bo(12231)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12228
XF:smartftp-pwd-directory-bo(12228)
CVE-2003-1320
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.
2007-02-26
CVE-2003-1320
http://www.kb.cert.org/vuls/id/287771
CERT-VN:VU#287771
http://www.kb.cert.org/vuls/id/AAMN-5L74VD
MISC:http://www.kb.cert.org/vuls/id/AAMN-5L74VD
CVE-2003-1321
Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
2007-03-19
2017-07-28
CVE-2003-1321
http://www.securityfocus.com/bid/8471
BID:8471
http://marc.info/?l=bugtraq&m=106150462504484&w=2
BUGTRAQ:20030821 Buffer overflow in Avant Browser 8.02
https://exchange.xforce.ibmcloud.com/vulnerabilities/12974
XF:avantbrowser-http-bo(12974)
CVE-2003-1322
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
2007-03-21
2007-10-27
CVE-2003-1322
http://www.securityfocus.com/bid/7842
BID:7842
http://www.securityfocus.com/archive/1/324136
BUGTRAQ:20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol
http://www.iss.net/security_center/static/12203.php
XF:mercur-multiple-bo(12203)
CVE-2003-1323
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
2007-03-29
CVE-2003-1323
http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz
CONFIRM:http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz
CVE-2003-1324
Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group.
2007-03-29
CVE-2003-1324
http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz
CONFIRM:http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz
CVE-2003-1325
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.
2007-04-12
CVE-2003-1325
http://aluigi.altervista.org/adv/csdos.txt
MISC:http://aluigi.altervista.org/adv/csdos.txt
http://packetstormsecurity.org/0304-exploits/hl-headnut.c
MISC:http://packetstormsecurity.org/0304-exploits/hl-headnut.c
CVE-2003-1326
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
2004-09-01
2006-10-31
CVE-2003-1326
http://www.securityfocus.com/bid/6779
BID:6779
http://www.ciac.org/ciac/bulletins/n-038.shtml
CIAC:N-038
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004
MS:MS03-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126
OVAL:oval:org.mitre.oval:def:126
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178
OVAL:oval:org.mitre.oval:def:178
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49
OVAL:oval:org.mitre.oval:def:49
http://www.iss.net/security_center/static/11258.php
XF:ie-dialog-zone-bypass(11258)
CVE-2003-1327
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
2007-05-15
2017-07-28
CVE-2003-1327
http://www.securityfocus.com/bid/8668
BID:8668
http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html
BUGTRAQ:20030922 Wu_ftpd all versions (not) vulnerability.
http://www.osvdb.org/2594
OSVDB:2594
http://securitytracker.com/id?1007775
SECTRACK:1007775
http://secunia.com/advisories/9835
SECUNIA:9835
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971
SLACKWARE:SSA:2003-259-03
https://exchange.xforce.ibmcloud.com/vulnerabilities/13269
XF:wuftp-mailadmin-sockprintf-bo(13269)
CVE-2003-1328
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
2004-09-01
2007-11-12
CVE-2003-1328
http://www.securityfocus.com/bid/6780
BID:6780
http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html
BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11
http://www.kb.cert.org/vuls/id/400577
CERT-VN:VU#400577
http://www.ciac.org/ciac/bulletins/n-038.shtml
CIAC:N-038
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004
MS:MS03-004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57
OVAL:oval:org.mitre.oval:def:57
http://www.iss.net/security_center/static/11259.php
XF:ie-showhelp-zone-bypass(11259)
CVE-2003-1329
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
2007-05-21
CVE-2003-1329
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch
CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch
http://www.osvdb.org/34670
OSVDB:34670
CVE-2003-1330
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
2007-05-30
2017-07-28
CVE-2003-1330
http://www.securityfocus.com/bid/7226
BID:7226
http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm
MISC:http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/11745
XF:mailsweeper-onstrip-bypass-filter(11745)
CVE-2003-1331
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
2007-06-25
2017-07-28
CVE-2003-1331
http://www.securityfocus.com/bid/7887
BID:7887
http://bugs.mysql.com/bug.php?id=564
CONFIRM:http://bugs.mysql.com/bug.php?id=564
http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html
FULLDISC:20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.
https://exchange.xforce.ibmcloud.com/vulnerabilities/12337
XF:mysql-mysqlrealconnect-bo(12337)
CVE-2003-1332
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
2007-06-25
2017-07-28
CVE-2003-1332
http://www.securiteam.com/exploits/5TP0M2AAKS.html
MISC:http://www.securiteam.com/exploits/5TP0M2AAKS.html
http://www.redhat.com/support/errata/RHSA-2003-096.html
REDHAT:RHSA-2003:096
https://exchange.xforce.ibmcloud.com/vulnerabilities/12749
XF:samba-reply-nttrans-bo(12749)
CVE-2003-1333
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
2007-08-20
CVE-2003-1333
http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43
CONFIRM:http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43
CVE-2003-1334
Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2007-08-22
CVE-2003-1334
http://www.bitfolge.de/snif-en.html
CONFIRM:http://www.bitfolge.de/snif-en.html
CVE-2003-1335
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
2007-08-22
CVE-2003-1335
http://www.bitfolge.de/snif-en.html
CONFIRM:http://www.bitfolge.de/snif-en.html
CVE-2003-1336
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
2007-09-23
2017-07-28
CVE-2003-1336
http://www.securityfocus.com/bid/8819
BID:8819
http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html
MISC:http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0060.html
NTBUGTRAQ:20031015 mIRC Buffer Overflow in irc protocol handler
http://www.osvdb.org/2665
OSVDB:2665
http://secunia.com/advisories/9996
SECUNIA:9996
https://exchange.xforce.ibmcloud.com/vulnerabilities/13405
XF:mirc-ircprotocol-execute-code(13405)
CVE-2003-1337
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
2007-09-23
2017-07-28
CVE-2003-1337
http://www.securityfocus.com/bid/8062
BID:8062
http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html
BUGTRAQ:20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection
https://exchange.xforce.ibmcloud.com/vulnerabilities/12466
XF:abyss-http-get-bo(12466)
CVE-2003-1338
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.
2007-09-23
CVE-2003-1338
http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html
BUGTRAQ:20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection
CVE-2003-1339
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.
2007-09-23
2017-10-09
CVE-2003-1339
http://marc.info/?l=bugtraq&m=107090390002654&w=2
BUGTRAQ:20031207 eZ Multiple Packages Stack Overflow Vulnerability
http://seclists.org/bugtraq/2003/Dec/0195.html
BUGTRAQ:20031211 eZ and eZphotoshare fixes
https://www.exploit-db.com/exploits/133
EXPLOIT-DB:133
http://www.governmentsecurity.org/archive/t5390.html
MISC:http://www.governmentsecurity.org/archive/t5390.html
http://securitytracker.com/id?1008412
SECTRACK:1008412
CVE-2003-1340
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
2007-09-30
2018-10-19
CVE-2003-1340
http://www.securityfocus.com/archive/1/323425
BUGTRAQ:20030530 Php-Nuke:users and admins password hashes vulnerability
http://www.securityfocus.com/archive/1/480866/100/0/threaded
BUGTRAQ:20070927 Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11
http://securityreason.com/securityalert/3185
SREASON:3185
CVE-2003-1341
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
2007-10-14
2017-07-28
CVE-2003-1341
http://www.securityfocus.com/bid/6616
BID:6616
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353
CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353
http://www.osvdb.org/6181
OSVDB:6181
http://secunia.com/advisories/7881
SECUNIA:7881
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html
VULNWATCH:20030114 Assorted Trend Vulns Rev 2.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/11059
XF:officescan-cgichkmasterpwd-auth-bypass(11059)
CVE-2003-1342
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe.
2007-10-14
2017-07-28
CVE-2003-1342
http://www.securityfocus.com/bid/6617
BID:6617
http://www.osvdb.org/6185
OSVDB:6185
http://secunia.com/advisories/7881
SECUNIA:7881
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html
VULNWATCH:20030114 Assorted Trend Vulns Rev 2.0
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html
VULNWATCH:20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/11060
XF:trend-vcs-activesupport-dos(11060)
CVE-2003-1343
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".
2007-10-14
2017-07-28
CVE-2003-1343
http://www.securityfocus.com/bid/6619
BID:6619
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352
CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352
http://secunia.com/advisories/7881
SECUNIA:7881
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html
VULNWATCH:20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/11061
XF:scanmail-smgsmxcfg30-password-bypass(11061)
CVE-2003-1344
Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files.
2007-10-14
2017-07-28
CVE-2003-1344
http://www.securityfocus.com/bid/6618
BID:6618
http://secunia.com/advisories/7881
SECUNIA:7881
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html
VULNWATCH:20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/11063
XF:trend-vcs-weak-encryption(11063)
CVE-2003-1345
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.
2007-10-14
2017-07-28
CVE-2003-1345
http://www.securityfocus.com/bid/6574
BID:6574
http://marc.info/?l=bugtraq&m=104261317218210&w=2
BUGTRAQ:20030114 Vulnerability in WebCollection Plus (TM)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11064
XF:webcollection-plus-directory-traversal(11064)
CVE-2003-1346
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
2007-10-14
2017-07-28
CVE-2003-1346
http://www.securityfocus.com/bid/6609
BID:6609
http://marc.info/?l=bugtraq&m=104267037431451&w=2
BUGTRAQ:20030114 D-Link DWL-900AP+ Security Hole
http://marc.info/?l=bugtraq&m=104311601319909&w=2
BUGTRAQ:20030116 Re: D-Link DWL-900AP+ Security Hole
http://www.securitytracker.com/id?1005926
SECTRACK:1005926
https://exchange.xforce.ibmcloud.com/vulnerabilities/11074
XF:dlink-airplus-restore-default(11074)
CVE-2003-1347
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
2007-10-14
2017-07-28
CVE-2003-1347
http://www.securityfocus.com/bid/6601
BID:6601
http://www.securityfocus.com/bid/6602
BID:6602
http://www.securityfocus.com/bid/6603
BID:6603
http://www.securityfocus.com/bid/6604
BID:6604
http://www.securityfocus.com/archive/1/306770
BUGTRAQ:20030114 Multiple XSS in Geeklog 1.3.7
http://www.geeklog.net/filemgmt/visit.php?lid=101
CONFIRM:http://www.geeklog.net/filemgmt/visit.php?lid=101
http://securityreason.com/securityalert/3226
SREASON:3226
https://exchange.xforce.ibmcloud.com/vulnerabilities/11075
XF:geeklog-php-scripts-xss(11075)
CVE-2003-1348
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.
2007-10-14
2017-07-28
CVE-2003-1348
http://www.securityfocus.com/bid/6686
BID:6686
http://www.securityfocus.com/archive/1/308312
BUGTRAQ:20030125 ftls.org Guestbook 1.1 Script Injection
http://securityreason.com/securityalert/3227
SREASON:3227
https://exchange.xforce.ibmcloud.com/vulnerabilities/11155
XF:guestbook-multiple-field-xss(11155)
CVE-2003-1349
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
2007-10-14
2017-07-28
CVE-2003-1349
http://www.securityfocus.com/bid/6648
BID:6648
http://www.securitytracker.com/id?1005923
SECTRACK:1005923
http://secunia.com/advisories/7879
SECUNIA:7879
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0022.html
VULNWATCH:20030115 Directory traversal vulnerabilities found in NITE ftp-server version 1.83
https://exchange.xforce.ibmcloud.com/vulnerabilities/11062
XF:niteserver-dotdot-directory-traversal(11062)
CVE-2003-1350
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
2007-10-14
2017-07-28
CVE-2003-1350
http://www.securityfocus.com/bid/6685
BID:6685
http://www.securityfocus.com/archive/1/308300
BUGTRAQ:20030124 List Site Pro v2 user account Hijacking vulnerablity
http://securityreason.com/securityalert/3230
SREASON:3230
https://exchange.xforce.ibmcloud.com/vulnerabilities/11156
XF:listsitepro-account-hijacking(11156)
CVE-2003-1351
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
2007-10-14
2017-07-28
CVE-2003-1351
http://www.securityfocus.com/bid/6675
BID:6675
http://www.securityfocus.com/archive/1/308162
BUGTRAQ:20030124 Vulnerability in edittag.pl
http://securityreason.com/securityalert/3231
SREASON:3231
https://exchange.xforce.ibmcloud.com/vulnerabilities/11159
XF:edittag-dotdot-directory-traversal(11159)
CVE-2003-1352
Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing.
2007-10-14
2017-07-28
CVE-2003-1352
http://www.securityfocus.com/bid/6624
BID:6624
http://archives.neohapsis.com/archives/bugtraq/2003-01/0179.html
BUGTRAQ:20030115 Gabber 0.8.7 leaks presence information without user authorization
https://exchange.xforce.ibmcloud.com/vulnerabilities/11115
XF:gabber-information-leak(11115)
CVE-2003-1353
Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field.
2007-10-14
2017-07-28
CVE-2003-1353
http://www.securityfocus.com/bid/6631
BID:6631
http://archives.neohapsis.com/archives/bugtraq/2003-01/0119.html
BUGTRAQ:20030116 Outreach Project Tool
https://exchange.xforce.ibmcloud.com/vulnerabilities/11096
XF:opt-news-post-xss(11096)
CVE-2003-1354
Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.
2007-10-14
2017-07-28
CVE-2003-1354
http://www.securityfocus.com/bid/6636
BID:6636
http://seclists.org/lists/bugtraq/2003/Jan/0178.html
BUGTRAQ:20030122 PivX Multi-Vendor Game Server dDoS Advisory
http://www.pivx.com/kristovich/adv/mk001/
MISC:http://www.pivx.com/kristovich/adv/mk001/
http://www.securiteam.com/securitynews/5EP0O0K8UO.html
MISC:http://www.securiteam.com/securitynews/5EP0O0K8UO.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11084
XF:battlefield-udp-query-dos(11084)
CVE-2003-1355
Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password.
2007-10-14
2017-07-28
CVE-2003-1355
http://www.securityfocus.com/bid/6967
BID:6967
http://archives.neohapsis.com/archives/bugtraq/2003-02/0342.html
BUGTRAQ:20030226 [VSA0307] Battlefield 1942 remote DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/11426
XF:battlefield-remoteconsole-username-dos(11426)
CVE-2003-1356
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.
2007-10-14
2017-10-09
CVE-2003-1356
http://www.securityfocus.com/bid/6640
BID:6640
http://archives.neohapsis.com/archives/hp/2003-q1/0009.html
HP:HPSBUX0301-237
http://archives.neohapsis.com/archives/hp/2003-q1/0009.html
HP:SSRT3454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758
OVAL:oval:org.mitre.oval:def:5758
https://exchange.xforce.ibmcloud.com/vulnerabilities/11107
XF:hpux-sort-file-handling(11107)
CVE-2003-1357
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
2007-10-14
2017-07-28
CVE-2003-1357
http://www.securityfocus.com/bid/6708
BID:6708
http://www.securityfocus.com/archive/1/308733
BUGTRAQ:20030128 ProxyView default undocumented password
http://securityreason.com/securityalert/3228
SREASON:3228
https://exchange.xforce.ibmcloud.com/vulnerabilities/11185
XF:proxyview-administrator-default-password(11185)
CVE-2003-1358
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.
2007-10-16
2017-07-28
CVE-2003-1358
http://www.securityfocus.com/bid/6837
BID:6837
http://www.securityfocus.com/archive/1/324381
BUGTRAQ:20030710 [LSD] HP-UX security vulnerabilities
http://www.securityfocus.com/advisories/4960
HP:HPSBUX0302-240
http://securityreason.com/securityalert/3236
SREASON:3236
https://exchange.xforce.ibmcloud.com/vulnerabilities/11312
XF:hp-rsf3000-daemon-access(11312)
CVE-2003-1359
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
2007-10-16
2017-10-09
CVE-2003-1359
http://www.securityfocus.com/bid/6836
BID:6836
http://www.securityfocus.com/archive/1/324381
BUGTRAQ:20030610 [LSD] HP-UX security vulnerabilities
http://www.securityfocus.com/advisories/4959
HP:HPSBUX0302-241
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5587
OVAL:oval:org.mitre.oval:def:5587
http://securityreason.com/securityalert/3236
SREASON:3236
https://exchange.xforce.ibmcloud.com/vulnerabilities/11313
XF:hp-stmkfont-bo(11313)
CVE-2003-1360
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
2007-10-16
2017-07-28
CVE-2003-1360
http://www.securityfocus.com/bid/6834
BID:6834
http://www.securityfocus.com/archive/1/324381
BUGTRAQ:20030610 [LSD] HP-UX security vulnerabilities
http://www.securityfocus.com/advisories/4957
HP:HPSBUX0302-243
http://securityreason.com/securityalert/3236
SREASON:3236
https://exchange.xforce.ibmcloud.com/vulnerabilities/11314
XF:hp-landiag-lanadmin-bo(11314)
CVE-2003-1361
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
2007-10-16
2017-07-28
CVE-2003-1361
http://www.securityfocus.com/bid/6928
BID:6928
http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html
BUGTRAQ:20030225 VERITAS Software Technical Advisory (fwd)
http://seer.support.veritas.com/docs/252933.htm
CONFIRM:http://seer.support.veritas.com/docs/252933.htm
http://seer.support.veritas.com/docs/254442.htm
CONFIRM:http://seer.support.veritas.com/docs/254442.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/11418
XF:veritas-bmr-root-access(11418)
CVE-2003-1362
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
2007-10-16
2017-07-28
CVE-2003-1362
http://www.securityfocus.com/bid/6878
BID:6878
http://archives.neohapsis.com/archives/hp/2003-q1/0033.html
HP:HPSBUX0302-245
https://exchange.xforce.ibmcloud.com/vulnerabilities/11366
XF:hp-bastille-info-disclosure(11366)
CVE-2003-1363
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
2007-10-16
CVE-2003-1363
http://www.securityfocus.com/bid/6842
BID:6842
http://archives.neohapsis.com/archives/bugtraq/2003-02/0149.html
BUGTRAQ:20030212 Abyss WebServer Brute Force Vulnerability
http://www.iss.net/security_center/static/11310.php
XF:abyss-web-admin-bruteforce(11310)
CVE-2003-1364
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
2007-10-16
2017-07-28
CVE-2003-1364
http://www.securityfocus.com/bid/7287
BID:7287
http://archives.neohapsis.com/archives/bugtraq/2003-04/0095.html
BUGTRAQ:20030405 Abyss X1 1.1.2 remote crash
https://exchange.xforce.ibmcloud.com/vulnerabilities/11718
XF:abyss-http-get-dos(11718)
CVE-2003-1365
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
2007-10-16
2017-07-28
CVE-2003-1365
http://www.securityfocus.com/bid/6833
BID:6833
http://www.securityfocus.com/archive/1/311414
BUGTRAQ:20030211 Security bug in CGI::Lite::escape_dangerous_chars() function
http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm
CONFIRM:http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm
http://use.perl.org/~cbrooks/journal/10542
MISC:http://use.perl.org/~cbrooks/journal/10542
http://securityreason.com/securityalert/3237
SREASON:3237
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html
VULNWATCH:20030211 Security bug in CGI::Lite::escape_dangerous_chars() function
https://exchange.xforce.ibmcloud.com/vulnerabilities/11308
XF:cgilite-shell-command-execution(11308)
CVE-2003-1366
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
2007-10-16
2017-07-28
CVE-2003-1366
http://www.securityfocus.com/bid/6748
BID:6748
http://www.securityfocus.com/archive/1/309962
BUGTRAQ:20030203 ASA-0001: OpenBSD chpass/chfn/chsh file content leak
http://www.epita.fr/~bevand_m/asa/asa-0001
MISC:http://www.epita.fr/~bevand_m/asa/asa-0001
http://www.securitytracker.com/id?1006035
SECTRACK:1006035
http://securityreason.com/securityalert/3238
SREASON:3238
https://exchange.xforce.ibmcloud.com/vulnerabilities/11233
XF:openbsd-chpass-information-disclosure(11233)
CVE-2003-1367
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
2007-10-16
2017-07-28
CVE-2003-1367
http://www.securityfocus.com/bid/6761
BID:6761
http://www.securityfocus.com/archive/1/310113
BUGTRAQ:20030204 Majordomo info leakage, all versions
http://securityreason.com/securityalert/3235
SREASON:3235
https://exchange.xforce.ibmcloud.com/vulnerabilities/11243
XF:majordomo-whichaccess-email-disclosure(11243)
CVE-2003-1368
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
2007-10-16
2017-07-28
CVE-2003-1368
http://www.securityfocus.com/bid/6764
BID:6764
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html
VULNWATCH:20030204 Banner Buffer Overflows found in Multible FTP Clients
https://exchange.xforce.ibmcloud.com/vulnerabilities/11234
XF:32bit-ftp-banner-bo(11234)
CVE-2003-1369
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
2007-10-16
2017-07-28
CVE-2003-1369
http://www.securityfocus.com/bid/6762
BID:6762
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html
VULNWATCH:20030204 Banner Buffer Overflows found in Multible FTP Clients
https://exchange.xforce.ibmcloud.com/vulnerabilities/11235
XF:bytecatcher-ftp-banner-bo(11235)
CVE-2003-1370
Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.
2007-10-16
2017-07-28
CVE-2003-1370
http://www.securityfocus.com/bid/6697
BID:6697
http://www.securityfocus.com/bid/6699
BID:6699
http://www.securityfocus.com/bid/6700
BID:6700
http://archives.neohapsis.com/archives/bugtraq/2003-01/0330.html
BUGTRAQ:20030127 [SCSA-003] Multiple Cross Site Scripting & Script Injection Vulnerabilities in Nuked-Klan
https://exchange.xforce.ibmcloud.com/vulnerabilities/11176
XF:nuked-klan-index-xss(11176)
CVE-2003-1371
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.
2007-10-16
2017-07-28
CVE-2003-1371
http://www.securityfocus.com/bid/6917
BID:6917
http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html
BUGTRAQ:20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan
https://exchange.xforce.ibmcloud.com/vulnerabilities/11424
XF:nukedklan-information-disclosure(11424)
CVE-2003-1372
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
2007-10-16
2017-07-28
CVE-2003-1372
http://www.securityfocus.com/bid/6892
BID:6892
http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html
BUGTRAQ:20030219 myphpnuke xss
http://www.osvdb.org/3931
OSVDB:3931
http://secunia.com/advisories/8125
SECUNIA:8125
https://exchange.xforce.ibmcloud.com/vulnerabilities/11376
XF:phpbb-index-sql-injection(11376)
CVE-2003-1373
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
2007-10-16
2017-07-28
CVE-2003-1373
http://www.securityfocus.com/bid/6889
BID:6889
http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html
BUGTRAQ:20030220 phpBB Security Bugs
https://exchange.xforce.ibmcloud.com/vulnerabilities/11407
XF:phpbb-auth-read-files(11407)
CVE-2003-1374
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
2007-10-19
2017-07-28
CVE-2003-1374
http://www.securityfocus.com/bid/6845
BID:6845
http://archives.neohapsis.com/archives/bugtraq/2003-02/0156.html
BUGTRAQ:20030213 HPUX disable buffer overflow vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/11316
XF:hp-lp-disable-bo(11316)
CVE-2003-1375
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
2007-10-19
2017-10-09
CVE-2003-1375
http://www.securityfocus.com/bid/6800
BID:6800
http://www.securityfocus.com/archive/1/310908
BUGTRAQ:20030207 HPUX Wall Buffer Overflow
http://www.securityfocus.com/advisories/5369
HP:HPSBUX0305-258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5439
OVAL:oval:org.mitre.oval:def:5439
http://securityreason.com/securityalert/3264
SREASON:3264
https://exchange.xforce.ibmcloud.com/vulnerabilities/11272
XF:hp-wall-bo(11272)
CVE-2003-1376
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
2007-10-19
2017-07-28
CVE-2003-1376
http://www.securityfocus.com/bid/6805
BID:6805
http://www.securityfocus.com/archive/1/311059
BUGTRAQ:20030208 Yet another plaintext attack to ZIP encryption scheme.
http://securityreason.com/securityalert/3265
SREASON:3265
https://exchange.xforce.ibmcloud.com/vulnerabilities/11296
XF:winzip-pkzip-weak-encryption(11296)
CVE-2003-1377
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
2007-10-19
2017-07-28
CVE-2003-1377
http://www.securityfocus.com/bid/6924
BID:6924
http://www.securityfocus.com/archive/1/312924
BUGTRAQ:20030223 sircd proof-of-concept / advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11409
XF:sircd-reverse-dns-bo(11409)
CVE-2003-1378
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
2007-10-19
2017-07-28
CVE-2003-1378
http://www.securityfocus.com/bid/6923
BID:6923
http://www.securityfocus.com/archive/1/312910
BUGTRAQ:20030223 O UT LO OK E XPRE SS 6 .00 : broken
http://www.securityfocus.com/archive/1/312929
BUGTRAQ:20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken
https://exchange.xforce.ibmcloud.com/vulnerabilities/11411
XF:outlook-codebase-execute-programs(11411)
CVE-2003-1379
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.
2007-10-19
2017-07-28
CVE-2003-1379
http://www.securityfocus.com/bid/6934
BID:6934
http://www.securityfocus.com/archive/1/313080
BUGTRAQ:20030225 clarkconnect(d) information disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/11419
XF:clarkconnect-clarkconnectd-info-disclosure(11419)
CVE-2003-1380
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
2007-10-19
2017-07-28
CVE-2003-1380
http://www.securityfocus.com/bid/6873
BID:6873
http://www.securityfocus.com/archive/1/312032
BUGTRAQ:20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP
https://exchange.xforce.ibmcloud.com/vulnerabilities/11347
XF:bisonftp-ls-view-files(11347)
CVE-2003-1381
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
2007-10-19
2017-07-28
CVE-2003-1381
http://www.securityfocus.com/bid/6968
BID:6968
http://www.securityfocus.com/archive/1/313273
BUGTRAQ:20030226 [VSA0308] Half-Life AMX-Mod remote (root) hole
http://securityreason.com/securityalert/3258
SREASON:3258
https://exchange.xforce.ibmcloud.com/vulnerabilities/11427
XF:amx-amxsay-format-string(11427)
CVE-2003-1382
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
2007-10-19
2017-07-28
CVE-2003-1382
http://www.securityfocus.com/bid/6972
BID:6972
http://www.securityfocus.com/archive/1/313363
BUGTRAQ:20030227 ISMAIL (All Versions) Remote Buffer Overrun
http://securityreason.com/securityalert/3254
SREASON:3254
https://exchange.xforce.ibmcloud.com/vulnerabilities/11432
XF:ismail-smtp-domain-bo(11432)
CVE-2003-1383
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
2007-10-19
2017-07-28
CVE-2003-1383
http://www.securityfocus.com/bid/6996
BID:6996
http://www.securityfocus.com/archive/1/313575
BUGTRAQ:20030301 web-erp 0.1.4 database access vulnerability
http://securityreason.com/securityalert/3257
SREASON:3257
https://exchange.xforce.ibmcloud.com/vulnerabilities/11443
XF:weberp-logicworks-ini-access(11443)
CVE-2003-1384
Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields.
2007-10-19
2017-07-28
CVE-2003-1384
http://www.securityfocus.com/bid/6997
BID:6997
http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00024.html
BUGTRAQ:20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004015.html
FULLDISC:20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
http://www.security-corp.org/advisories/SCSA-008.txt
MISC:http://www.security-corp.org/advisories/SCSA-008.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0102.html
VULNWATCH:20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
https://exchange.xforce.ibmcloud.com/vulnerabilities/11448
XF:pylivredor-guestbook-xss(11448)
CVE-2003-1385
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
2007-10-19
2017-07-28
CVE-2003-1385
http://www.securityfocus.com/bid/6976
BID:6976
http://www.osvdb.org/3357
OSVDB:3357
http://secunia.com/advisories/8182
SECUNIA:8182
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html
VULNWATCH:20030227 Invision Power Board (PHP)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11435
XF:invision-ipchat-file-include(11435)
CVE-2003-1386
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
2007-10-19
2017-07-28
CVE-2003-1386
http://www.securityfocus.com/bid/6980
BID:6980
http://archives.neohapsis.com/archives/bugtraq/2003-02/0377.html
BUGTRAQ:20030228 axis2400 webcams
http://archives.neohapsis.com/archives/bugtraq/2003-03/0370.html
BUGTRAQ:20030325 Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI
http://www.websec.org/adv/axis2400.txt.html
MISC:http://www.websec.org/adv/axis2400.txt.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11440
XF:axis-messages-unauth-access(11440)
CVE-2003-1387
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
2007-10-19
2017-07-28
CVE-2003-1387
http://www.securityfocus.com/bid/6811
BID:6811
http://www.securityfocus.com/archive/1/311194
BUGTRAQ:20030209 Opera Username Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/315794
BUGTRAQ:20030320 Opara 6.06 Released, Security-Hole Left
http://securityreason.com/securityalert/3253
SREASON:3253
https://exchange.xforce.ibmcloud.com/vulnerabilities/11281
XF:opera-username-url-bo(11281)
CVE-2003-1388
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
2007-10-19
2017-07-28
CVE-2003-1388
http://archives.neohapsis.com/archives/bugtraq/2003-04/0116.html
BUGTRAQ:20030407 Unchecked Buffer in Opera 7.02
https://exchange.xforce.ibmcloud.com/vulnerabilities/11740
XF:opera-long-url-bo(11740)
CVE-2003-1389
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
2007-10-19
2017-07-28
CVE-2003-1389
http://www.securityfocus.com/bid/6815
BID:6815
http://www.securityfocus.com/archive/1/311176
BUGTRAQ:20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11294
XF:cryptobuddy-truncate-weak-security(11294)
CVE-2003-1390
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.
2007-10-19
2017-07-28
CVE-2003-1390
http://www.securityfocus.com/archive/1/311176
BUGTRAQ:20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11297
XF:cryptobuddy-plaintext-password-bytes(11297)
CVE-2003-1391
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.
2007-10-19
2017-07-28
CVE-2003-1391
http://www.securityfocus.com/bid/6810
BID:6810
http://www.securityfocus.com/archive/1/311176
BUGTRAQ:20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11298
XF:cryptobuddy-password-dictionary(11298)
CVE-2003-1392
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
2007-10-19
2017-07-28
CVE-2003-1392
http://www.securityfocus.com/bid/6812
BID:6812
http://www.securityfocus.com/archive/1/311176
BUGTRAQ:20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11317
XF:cryptobuddy-password-information-disclosure(11317)
CVE-2003-1393
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.
2007-10-19
2017-07-28
CVE-2003-1393
http://www.securityfocus.com/bid/6808
BID:6808
http://www.securityfocus.com/archive/1/311159
BUGTRAQ:20030210 Buffer OverFlow in SQLBase 8.1.0 - NII Advisory
http://www.securityfocus.com/archive/1/314379
BUGTRAQ:20030308 NII Advisory - Buffer Overflow in SQLBase (Revised)
http://secunia.com/advisories/8023
SECUNIA:8023
http://securityreason.com/securityalert/3256
SREASON:3256
https://exchange.xforce.ibmcloud.com/vulnerabilities/11269
XF:sqlbase-execute-long-bo(11269)
CVE-2003-1394
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.
2007-10-19
2017-07-28
CVE-2003-1394
http://www.securityfocus.com/bid/6995
BID:6995
http://www.securityfocus.com/archive/1/313580
BUGTRAQ:20030228 Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions
http://securityreason.com/securityalert/3259
SREASON:3259
https://exchange.xforce.ibmcloud.com/vulnerabilities/11447
XF:coffeecup-password-file-retrieval(11447)
CVE-2003-1395
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
2007-10-19
2017-07-28
CVE-2003-1395
http://www.securityfocus.com/bid/6747
BID:6747
http://www.securityfocus.com/archive/1/309935
BUGTRAQ:20030202 Denial of service against Kazaa Media Desktop v2
http://securityreason.com/securityalert/3252
SREASON:3252
https://exchange.xforce.ibmcloud.com/vulnerabilities/11228
XF:kazaa-automated-ad-bo(11228)
CVE-2003-1396
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
2007-10-19
2017-07-28
CVE-2003-1396
http://www.securityfocus.com/bid/7450
BID:7450
http://archives.neohapsis.com/archives/bugtraq/2003-04/0346.html
BUGTRAQ:20030427 [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11894
XF:opera-file-extension-bo(11894)
CVE-2003-1397
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
2007-10-19
2017-07-28
CVE-2003-1397
http://www.securityfocus.com/bid/6814
BID:6814
http://www.securityfocus.com/archive/1/311214
BUGTRAQ:20030210 Java-Applet crashes Opera 6.05 and 7.01
http://securityreason.com/securityalert/3255
SREASON:3255
https://exchange.xforce.ibmcloud.com/vulnerabilities/11280
XF:opera-plugincontextshowdocument-bo(11280)
CVE-2003-1398
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
2007-10-19
2017-07-28
CVE-2003-1398
http://www.securityfocus.com/bid/6823
BID:6823
http://archives.neohapsis.com/archives/bugtraq/2003-02/0131.html
BUGTRAQ:20030211 Field Notice - IOS Accepts ICMP Redirects in Non-default Configuration Settings
http://securitytracker.com/id?1006075
SECTRACK:1006075
https://exchange.xforce.ibmcloud.com/vulnerabilities/11306
XF:cisco-ios-icmp-redirect(11306)
CVE-2003-1399
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
2007-10-19
2017-07-28
CVE-2003-1399
http://www.securityfocus.com/bid/6914
BID:6914
http://archives.neohapsis.com/archives/bugtraq/2003-02/0278.html
BUGTRAQ:20030222 eject 2.0.10 vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/11380
XF:linux-eject-information-disclosure(11380)
CVE-2003-1400
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
2007-10-19
2017-07-28
CVE-2003-1400
http://www.securityfocus.com/bid/6750
BID:6750
http://www.securityfocus.com/archive/1/309959
BUGTRAQ:20030203 PHP-Nuke Avatar Code injection vulnerability
http://www.securityfocus.com/archive/1/310115
BUGTRAQ:20030204 Re: PHP-Nuke Avatar Code injection vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/11229
XF:phpnuke-avatar-code-execution(11229)
CVE-2003-1401
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
2007-10-20
2017-07-28
CVE-2003-1401
http://www.securityfocus.com/bid/6862
BID:6862
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0069.html
VULNWATCH:20030215 php-Board (php)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11338
XF:phpboard-login-plaintext-passwords(11338)
CVE-2003-1402
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.
2007-10-20
2017-07-28
CVE-2003-1402
http://www.securityfocus.com/bid/6863
BID:6863
http://www.osvdb.org/3777
OSVDB:3777
http://secunia.com/advisories/10754
SECUNIA:10754
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0071.html
VULNWATCH:20030215 Kietu ( PHP )
https://exchange.xforce.ibmcloud.com/vulnerabilities/11341
XF:kietu-hit-file-include(11341)
CVE-2003-1403
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
2007-10-20
2017-07-28
CVE-2003-1403
http://www.securityfocus.com/bid/6864
BID:6864
http://www.osvdb.org/5091
OSVDB:5091
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html
VULNWATCH:20030215 DotBr (PHP)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11353
XF:dotbr-foo-info-disclosure(11353)
CVE-2003-1404
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
2007-10-20
2017-07-28
CVE-2003-1404
http://www.securityfocus.com/bid/6865
BID:6865
http://www.osvdb.org/5092
OSVDB:5092
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html
VULNWATCH:20030215 DotBr (PHP)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11354
XF:dotbr-config-info-disclosure(11354)
CVE-2003-1405
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
2007-10-20
2017-07-28
CVE-2003-1405
http://www.securityfocus.com/bid/6866
BID:6866
http://www.securityfocus.com/bid/6867
BID:6867
http://www.osvdb.org/5089
OSVDB:5089
http://www.osvdb.org/5090
OSVDB:5090
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html
VULNWATCH:20030215 DotBr (PHP)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11355
XF:dotbr-exec-execute-commands(11355)
CVE-2003-1406
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
2007-10-20
2017-07-28
CVE-2003-1406
http://www.securityfocus.com/bid/6879
BID:6879
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.html
VULNWATCH:20030216 D-Forum (PHP)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11342
XF:dform-header-file-include(11342)
CVE-2003-1407
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
2007-10-20
2017-07-28
CVE-2003-1407
http://www.securityfocus.com/bid/6829
BID:6829
http://www.securityfocus.com/archive/1/311359
BUGTRAQ:20030211 SECURITY.NNOV: Windows NT 4.0/2000 cmd.exe long path buffer overflow/DoS
http://securityreason.com/securityalert/3251
SREASON:3251
https://exchange.xforce.ibmcloud.com/vulnerabilities/11329
XF:win-cmd-cd-bo(11329)
CVE-2003-1408
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
2007-10-20
2017-07-28
CVE-2003-1408
http://www.securityfocus.com/bid/6841
BID:6841
http://www.securityfocus.com/archive/1/311660
BUGTRAQ:20030212 Lotus Domino DOT Bug Allows for Source Code Viewing
http://www.securityfocus.com/archive/1/311806
BUGTRAQ:20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing
https://exchange.xforce.ibmcloud.com/vulnerabilities/11311
XF:lotus-domino-dot-file-download(11311)
CVE-2003-1409
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.
2007-10-20
2017-07-28
CVE-2003-1409
http://www.securityfocus.com/bid/6768
BID:6768
http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html
BUGTRAQ:20030204 TOPo 1.43 and prior - Path Disclosure (in.php, out.php)
http://secunia.com/advisories/8008
SECUNIA:8008
https://exchange.xforce.ibmcloud.com/vulnerabilities/11248
XF:topo-path-disclosure(11248)
CVE-2003-1410
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
2007-10-20
2017-07-28
CVE-2003-1410
http://www.securityfocus.com/bid/6818
BID:6818
http://www.securityfocus.com/archive/1/311173
BUGTRAQ:20030209 Cedric Email Reader (PHP)
http://www.osvdb.org/5487
OSVDB:5487
http://secunia.com/advisories/8024
SECUNIA:8024
https://exchange.xforce.ibmcloud.com/vulnerabilities/11278
XF:cedric-email-file-include(11278)
CVE-2003-1411
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
2007-10-20
2017-07-28
CVE-2003-1411
http://www.securityfocus.com/bid/6820
BID:6820
http://www.securityfocus.com/archive/1/311173
BUGTRAQ:20030209 Cedric Email Reader (PHP)
http://www.osvdb.org/5900
OSVDB:5900
http://secunia.com/advisories/8024
SECUNIA:8024
https://exchange.xforce.ibmcloud.com/vulnerabilities/11278
XF:cedric-email-file-include(11278)
CVE-2003-1412
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
2007-10-20
2018-10-19
CVE-2003-1412
http://www.securityfocus.com/bid/6922
BID:6922
http://www.securityfocus.com/archive/1/313282/30/25760/threaded
BUGTRAQ:20030224 GOnicus System Administrator php injection
http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html
FULLDISC:20030223 GOnicus System Administrator php injection
http://www.securitytracker.com/id?1006162
SECTRACK:1006162
http://secunia.com/advisories/8120
SECUNIA:8120
https://exchange.xforce.ibmcloud.com/vulnerabilities/11408
XF:gosa-plugin-file-include(11408)
CVE-2003-1413
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
2007-10-20
2017-07-28
CVE-2003-1413
http://www.securityfocus.com/bid/6992
BID:6992
http://www.securityfocus.com/archive/1/313517
BUGTRAQ:20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://securityreason.com/securityalert/3260
SREASON:3260
https://exchange.xforce.ibmcloud.com/vulnerabilities/11445
XF:darwin-dotdot-file-existence(11445)
CVE-2003-1414
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
2007-10-20
2017-07-28
CVE-2003-1414
http://www.securityfocus.com/bid/6990
BID:6990
http://www.securityfocus.com/archive/1/313517
BUGTRAQ:20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
http://securityreason.com/securityalert/3260
SREASON:3260
https://exchange.xforce.ibmcloud.com/vulnerabilities/11446
XF:darwin-dotdotdot-directory-traversal(11446)
CVE-2003-1415
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification.
2007-10-20
2017-07-28
CVE-2003-1415
http://www.securityfocus.com/bid/6877
BID:6877
http://www.securityfocus.com/archive/1/312187
BUGTRAQ:20030218 [SecurityOffice] Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability
http://secunia.com/advisories/8091
SECUNIA:8091
http://securityreason.com/securityalert/3261
SREASON:3261
https://exchange.xforce.ibmcloud.com/vulnerabilities/11345
XF:netcharts-chunked-encoding-bo(11345)
CVE-2003-1416
BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command.
2007-10-20
2017-07-28
CVE-2003-1416
http://www.securityfocus.com/bid/6869
BID:6869
http://www.securityfocus.com/archive/1/312032
BUGTRAQ:20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP
https://exchange.xforce.ibmcloud.com/vulnerabilities/11346
XF:bisonftp-ls-cwd-dos(11346)
CVE-2003-1417
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
2007-10-20
2017-07-28
CVE-2003-1417
http://www.securityfocus.com/bid/6927
BID:6927
http://marc.info/?l=bugtraq&m=104619088801750&w=2
BUGTRAQ:20030225 nCipher Advisory #7: Unexpected copies of imported software keys
http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html
CONFIRM:http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11422
XF:ncipher-duplicate-keys(11422)
CVE-2003-1418
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
2007-10-20
2017-10-19
CVE-2003-1418
http://www.securityfocus.com/bid/6939
BID:6939
http://www.securityfocus.com/bid/6943
BID:6943
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.openbsd.org/errata32.html
OPENBSD:[3.2] 008: SECURITY FIX: February 25, 2003
https://exchange.xforce.ibmcloud.com/vulnerabilities/11438
XF:apache-mime-information-disclosure(11438)
CVE-2003-1419
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
2007-10-20
2017-07-28
CVE-2003-1419
http://www.securityfocus.com/bid/6959
BID:6959
http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html
BUGTRAQ:20030225 Re: Netscape 6/7 crashes by a simple stylesheet...
https://exchange.xforce.ibmcloud.com/vulnerabilities/11444
XF:netscape-javascript-reformatdate-dos(11444)
CVE-2003-1420
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.
2007-10-20
2017-07-28
CVE-2003-1420
http://www.securityfocus.com/bid/6962
BID:6962
http://www.securityfocus.com/archive/1/313216
BUGTRAQ:20030226 Secunia Research: Opera browser Cross Site Scripting
https://exchange.xforce.ibmcloud.com/vulnerabilities/11423
XF:opera-automatic-redirection-xss(11423)
CVE-2003-1421
Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors.
2007-10-20
2017-07-28
CVE-2003-1421
http://www.securityfocus.com/bid/6854
BID:6854
https://exchange.xforce.ibmcloud.com/vulnerabilities/11340
XF:suckbot-modmysqllogger-dos(11340)
CVE-2003-1422
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
2007-10-20
2017-07-28
CVE-2003-1422
http://www.securityfocus.com/bid/6876
BID:6876
http://syslinux.zytor.com/history.php
CONFIRM:http://syslinux.zytor.com/history.php
http://secunia.com/advisories/8077
SECUNIA:8077
https://exchange.xforce.ibmcloud.com/vulnerabilities/11351
XF:syslinux-gain-privileges(11351)
CVE-2003-1423
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
2007-10-20
2017-07-28
CVE-2003-1423
http://securitytracker.com/id?1006117
SECTRACK:1006117
https://exchange.xforce.ibmcloud.com/vulnerabilities/11358
XF:petitforum-liste-info-disclosure(11358)
CVE-2003-1424
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
2007-10-20
2017-07-28
CVE-2003-1424
http://securitytracker.com/id?1006117
SECTRACK:1006117
https://exchange.xforce.ibmcloud.com/vulnerabilities/11359
XF:petitforum-message-auth-bypass(11359)
CVE-2003-1425
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
2007-10-20
2017-07-28
CVE-2003-1425
http://www.securityfocus.com/bid/6882
BID:6882
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html
VULNWATCH:20030218 Cpanel 5 and below remote command execution and local root vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11356
XF:cpanel-guestbook-command-execution(11356)
CVE-2003-1426
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
2007-10-20
2017-07-28
CVE-2003-1426
http://www.securityfocus.com/bid/6885
BID:6885
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html
VULNWATCH:20030218 Cpanel 5 and below remote command execution and local root vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/11357
XF:cpanel-scriptfilename-gain-privileges(11357)
CVE-2003-1427
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
2007-10-20
2017-07-28
CVE-2003-1427
http://www.securityfocus.com/bid/6807
BID:6807
http://www.securityfocus.com/archive/1/311160
BUGTRAQ:20030209 Bug in Netgear FM114P Wireless Router firmware
https://exchange.xforce.ibmcloud.com/vulnerabilities/11279
XF:netgear-fm114p-directory-traversal(11279)
CVE-2003-1428
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
2007-10-20
2017-07-28
CVE-2003-1428
http://www.securityfocus.com/bid/6809
BID:6809
http://www.securityfocus.com/archive/1/311161
BUGTRAQ:20030210 Gallery 1.3.3
https://exchange.xforce.ibmcloud.com/vulnerabilities/11284
XF:gallery-album-insecure-directory(11284)
CVE-2003-1429
Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request.
2007-10-22
2017-07-28
CVE-2003-1429
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0088.html
VULNWATCH:20030219 [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/11364
XF:proxomitron-parameter-length-bo(11364)
CVE-2003-1430
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
2007-10-22
2017-07-28
CVE-2003-1430
http://www.securityfocus.com/bid/6775
BID:6775
http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
BUGTRAQ:20030205 Unreal engine: results of my research
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
BUGTRAQ:20030211 Re: Epic Games threatens to sue security researchers
https://exchange.xforce.ibmcloud.com/vulnerabilities/11299
XF:ut-file-directory-traversal(11299)
CVE-2003-1431
Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.
2007-10-22
2017-07-28
CVE-2003-1431
http://www.securityfocus.com/bid/6774
BID:6774
http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
BUGTRAQ:20030205 Unreal engine: results of my research
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
BUGTRAQ:20030211 Re: Epic Games threatens to sue security researchers
http://www.pivx.com/luigi/adv/ueng-adv.txt
MISC:http://www.pivx.com/luigi/adv/ueng-adv.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/11301
XF:ut-url-memory-corruption(11301)
CVE-2003-1432
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
2007-10-22
2017-07-28
CVE-2003-1432
http://www.securityfocus.com/bid/6770
BID:6770
http://www.securityfocus.com/bid/6772
BID:6772
http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
BUGTRAQ:20030205 Unreal engine: results of my research
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
BUGTRAQ:20030211 Re: Epic Games threatens to sue security researchers
http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html
BUGTRAQ:20030513 UT2003 client passive DoS exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/11305
XF:ut-negative-memory-corruption(11305)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12012
XF:ut-negative-udp-dos(12012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11302
XF:ut-packet-dos(11302)
CVE-2003-1433
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
2007-10-22
2017-07-28
CVE-2003-1433
http://www.securityfocus.com/bid/6771
BID:6771
http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
BUGTRAQ:20030205 Unreal engine: results of my research
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
BUGTRAQ:20030211 Re: Epic Games threatens to sue security researchers
http://www.pivx.com/luigi/adv/ueng-adv.txt
MISC:http://www.pivx.com/luigi/adv/ueng-adv.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/11304
XF:ut-join-request-dos(11304)
CVE-2003-1434
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
2007-10-22
2017-07-28
CVE-2003-1434
http://www.securityfocus.com/bid/6903
BID:6903
http://archives.neohapsis.com/archives/bugtraq/2003-02/0244.html
BUGTRAQ:20030220 login_ldap security announcement
https://exchange.xforce.ibmcloud.com/vulnerabilities/11374
XF:loginldap-password-bypass(11374)
CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
2007-10-22
2017-07-28
CVE-2003-1435
http://www.securityfocus.com/bid/6887
BID:6887
http://archives.neohapsis.com/archives/bugtraq/2003-02/0246.html
BUGTRAQ:20030220 PHPNuke SQL Injection
https://exchange.xforce.ibmcloud.com/vulnerabilities/11375
XF:phpnuke-search-sql-injection(11375)
CVE-2003-1436
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
2007-10-22
2017-07-28
CVE-2003-1436
http://www.securityfocus.com/bid/6731
BID:6731
http://securitytracker.com/id?1006031
SECTRACK:1006031
http://secunia.com/advisories/7986
SECUNIA:7986
https://exchange.xforce.ibmcloud.com/vulnerabilities/11217
XF:nukebrowser-php-file-include(11217)
CVE-2003-1437
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
2007-10-22
2017-07-28
CVE-2003-1437
http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp
BEA:BEA03-25.00
http://www.securityfocus.com/bid/6719
BID:6719
https://exchange.xforce.ibmcloud.com/vulnerabilities/11220
XF:weblogic-keystore-plaintext-passwords(11220)
CVE-2003-1438
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
2007-10-22
2017-07-28
CVE-2003-1438
http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp
BEA:BEA03-26.01
http://www.securityfocus.com/bid/6717
BID:6717
http://www.securitytracker.com/id?1006018
SECTRACK:1006018
https://exchange.xforce.ibmcloud.com/vulnerabilities/11221
XF:weblogic-clustered-race-condition(11221)
CVE-2003-1439
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
2007-10-22
2018-10-19
CVE-2003-1439
http://www.securityfocus.com/bid/6743
BID:6743
http://www.securityfocus.com/archive/1/309941/30/26090/threaded
BUGTRAQ:20030201 Re: silc question - insecure memory
http://www.securityfocus.com/archive/1/309775
BUGTRAQ:20030201 silc question - insecure memory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11244
XF:silc-plaintext-account-information(11244)
CVE-2003-1440
SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.
2007-10-22
2017-07-28
CVE-2003-1440
http://www.securityfocus.com/bid/6739
BID:6739
http://sourceforge.net/project/shownotes.php?release_id=137128
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137128
http://www.securitytracker.com/id?1006038
SECTRACK:1006038
http://secunia.com/advisories/7994
SECUNIA:7994
https://exchange.xforce.ibmcloud.com/vulnerabilities/11247
XF:spamprobe-newlines-href-dos(11247)
CVE-2003-1441
Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference.
2007-10-22
2017-07-28
CVE-2003-1441
http://www.securityfocus.com/bid/6799
BID:6799
http://www.posadis.org/advisories/pos_adv_003.txt
CONFIRM:http://www.posadis.org/advisories/pos_adv_003.txt
http://www.osvdb.org/3522
OSVDB:3522
http://secunia.com/advisories/8018
SECUNIA:8018
https://exchange.xforce.ibmcloud.com/vulnerabilities/11285
XF:posadis-dns-packet-dos(11285)
CVE-2003-1442
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
2007-10-22
2017-07-28
CVE-2003-1442
http://www.securityfocus.com/bid/6824
BID:6824
http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html
BUGTRAQ:20030211 Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability
http://marc.info/?l=bugtraq&m=104619331706574&w=2
BUGTRAQ:20030225 RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne
https://exchange.xforce.ibmcloud.com/vulnerabilities/11290
XF:ericsson-hm220dp-auth-bypass(11290)
CVE-2003-1443
Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.
2007-10-22
2017-07-28
CVE-2003-1443
http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html
BUGTRAQ:20030211 SECURITY.NNOV: Kaspersky Antivirus DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/11292
XF:kav-device-name-bypass(11292)
CVE-2003-1444
Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.
2007-10-22
2017-07-28
CVE-2003-1444
http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html
BUGTRAQ:20030211 SECURITY.NNOV: Kaspersky Antivirus DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/11291
XF:kav-long-path-dos(11291)
CVE-2003-1445
Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.
2007-10-22
2017-07-28
CVE-2003-1445
http://www.securityfocus.com/bid/6822
BID:6822
http://www.securityfocus.com/archive/1/311334
BUGTRAQ:20030211 SECURITY.NNOV: Far buffer overflow
http://securityreason.com/securityalert/3281
SREASON:3281
https://exchange.xforce.ibmcloud.com/vulnerabilities/11293
XF:far-long-path-bo(11293)
CVE-2003-1446
Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde).
2007-10-22
2017-07-28
CVE-2003-1446
http://www.securityfocus.com/bid/6912
BID:6912
http://archives.neohapsis.com/archives/bugtraq/2003-02/0260.html
BUGTRAQ:20030221 Rogue buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/11382
XF:rogue-saveintofile-bo(11382)
CVE-2003-1447
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
2007-10-22
2017-07-28
CVE-2003-1447
http://www.securityfocus.com/bid/6758
BID:6758
http://www.securityfocus.com/archive/1/310118
BUGTRAQ:20030204 Weak password protection in WebSphere 4.0.4 XML configuration export
http://www.securityfocus.com/archive/1/310796
BUGTRAQ:20030206 Re: Weak password protection in WebSphere 4.0.4 XML configuration export
http://securityreason.com/securityalert/3277
SREASON:3277
https://exchange.xforce.ibmcloud.com/vulnerabilities/11245
XF:websphere-xml-weak-encryption(11245)
CVE-2003-1448
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
2007-10-22
2017-07-28
CVE-2003-1448
http://www.securityfocus.com/bid/6766
BID:6766
http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.html
MISC:http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11274
XF:win2k-netbios-continuation-dos(11274)
CVE-2003-1449
Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection.
2007-10-22
2017-07-28
CVE-2003-1449
http://www.securityfocus.com/bid/6787
BID:6787
http://archives.neohapsis.com/archives/bugtraq/2003-02/0088.html
BUGTRAQ:20030206 FW-1 NG FP3 Bug - Data flow problem when transferring large files
https://exchange.xforce.ibmcloud.com/vulnerabilities/11295
XF:esafe-gateway-filter-bypass(11295)
CVE-2003-1450
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
2007-10-22
2017-07-28
CVE-2003-1450
http://www.securityfocus.com/bid/6880
BID:6880
http://www.securityfocus.com/archive/1/312133
BUGTRAQ:20030217 [argv] BitchX-353 Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003850.html
FULLDISC:20030217 [argv] BitchX-353 Vulnerability
http://www.linuxsecurity.com/content/view/104622/104/
GENTOO:200302-11
http://securityreason.com/securityalert/3279
SREASON:3279
https://exchange.xforce.ibmcloud.com/vulnerabilities/11363
XF:bitchx-irc-namreply-dos(11363)
CVE-2003-1451
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
2007-10-22
2017-07-28
CVE-2003-1451
http://www.securityfocus.com/bid/6886
BID:6886
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-02/0233.html
BUGTRAQ:20030219 [SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability
http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html
CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html
http://www.lac.co.jp/security/english/snsadv_e/61_e.html
MISC:http://www.lac.co.jp/security/english/snsadv_e/61_e.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11365
XF:nav-email-filename-bo(11365)
CVE-2003-1452
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
2007-10-22
2017-07-28
CVE-2003-1452
http://www.securityfocus.com/bid/7447
BID:7447
http://www.securityfocus.com/archive/1/319811
BUGTRAQ:20030428 Qpopper v4.0.x poppassd local root exploit
http://securityreason.com/securityalert/3268
SREASON:3268
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0047.html
VULNWATCH:20030429 [INetCop Security Advisory] Qpopper v4.0.x poppassd local root
https://exchange.xforce.ibmcloud.com/vulnerabilities/11877
XF:qpopper-poppassd-root-access(11877)
CVE-2003-1453
Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.
2007-10-22
2017-07-28
CVE-2003-1453
http://www.securityfocus.com/bid/7434
BID:7434
http://www.securityfocus.com/archive/1/319715
BUGTRAQ:20030425 XOOPS MyTextSanitizer CSS 1.3x & 2.x
http://securityreason.com/securityalert/3269
SREASON:3269
https://exchange.xforce.ibmcloud.com/vulnerabilities/11872
XF:xoops-mytextsanitizer-xss(11872)
CVE-2003-1454
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
2007-10-22
2017-07-28
CVE-2003-1454
http://www.securityfocus.com/bid/7440
BID:7440
http://www.securityfocus.com/archive/1/319747
BUGTRAQ:20030425 Invision Power Board Plaintext Password Disclosure Vuln
http://securityreason.com/securityalert/3276
SREASON:3276
https://exchange.xforce.ibmcloud.com/vulnerabilities/11871
XF:invision-admin-plaintext-password(11871)
CVE-2003-1455
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.
2007-10-22
2017-07-28
CVE-2003-1455
http://www.securityfocus.com/bid/7582
BID:7582
http://www.securityfocus.com/bid/7590
BID:7590
http://sourceforge.net/project/shownotes.php?release_id=138437
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=138437
https://exchange.xforce.ibmcloud.com/vulnerabilities/12101
XF:poptop-launchbcrelay-pptpctrlc-bo(12101)
CVE-2003-1456
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
2007-10-22
2017-07-28
CVE-2003-1456
http://www.securityfocus.com/bid/7444
BID:7444
http://www.securityfocus.com/archive/1/319763
BUGTRAQ:20030426 Album.pl Vulnerability - Remote Command Execution
http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720
CONFIRM:http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720
http://securityreason.com/securityalert/3270
SREASON:3270
https://exchange.xforce.ibmcloud.com/vulnerabilities/11878
XF:albumpl-command-execution(11878)
CVE-2003-1457
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
2007-10-22
2017-07-28
CVE-2003-1457
http://www.securityfocus.com/bid/7458
BID:7458
http://www.securityfocus.com/archive/1/319946
BUGTRAQ:20030429 Auerswald COMsuite/ Back Door
http://securityreason.com/securityalert/3282
SREASON:3282
https://exchange.xforce.ibmcloud.com/vulnerabilities/11923
XF:comsuite-runasositron-backdoor-account(11923)
CVE-2003-1458
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
2007-10-22
2017-07-28
CVE-2003-1458
http://www.securityfocus.com/bid/7543
BID:7543
http://www.securityfocus.com/archive/1/321000
BUGTRAQ:20030509 ttcms and ttforum exploits
http://securityreason.com/securityalert/3278
SREASON:3278
https://exchange.xforce.ibmcloud.com/vulnerabilities/12273
XF:ttcms-profile-sql-injection(12273)
CVE-2003-1459
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
2007-10-22
2017-07-28
CVE-2003-1459
http://www.securityfocus.com/bid/7542
BID:7542
http://www.securityfocus.com/archive/1/321000
BUGTRAQ:20030509 ttcms and ttforum exploits
http://securityreason.com/securityalert/3278
SREASON:3278
https://exchange.xforce.ibmcloud.com/vulnerabilities/12271
XF:ttcms-ttforum-file-include(12271)
CVE-2003-1460
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
2007-10-22
CVE-2003-1460
http://www.securityfocus.com/bid/7460
BID:7460
http://www.boomerangsworld.de/worker/wchanges.php3?lang=en
CONFIRM:http://www.boomerangsworld.de/worker/wchanges.php3?lang=en
CVE-2003-1461
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
2007-10-22
2017-10-09
CVE-2003-1461
http://www.securityfocus.com/bid/7489
BID:7489
http://www.securityfocus.com/archive/1/320323
BUGTRAQ:20030502 HP-UX 11.0 /usr/lbin/rwrite
http://www.securityfocus.com/archive/1/320371
BUGTRAQ:20030503 rwrite buffer overflow in hp-ux
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4897
OVAL:oval:org.mitre.oval:def:4897
http://securityreason.com/securityalert/3283
SREASON:3283
https://exchange.xforce.ibmcloud.com/vulnerabilities/11919
XF:hp-rwrite-bo(11919)
CVE-2003-1462
mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash).
2007-10-24
2017-07-28
CVE-2003-1462
http://www.securityfocus.com/bid/7498
BID:7498
http://archives.neohapsis.com/archives/bugtraq/2003-05/0058.html
BUGTRAQ:20030504 Mod_Survey SYSBASE vulnerability
http://gathering.itm.mh.se/modsurvey/SA20030504.txt
CONFIRM:http://gathering.itm.mh.se/modsurvey/SA20030504.txt
http://gathering.itm.mh.se/modsurvey/changelog.php
CONFIRM:http://gathering.itm.mh.se/modsurvey/changelog.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/11861
XF:modsurvey-nonexistent-survey-dos(11861)
CVE-2003-1463
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
2007-10-24
2017-07-28
CVE-2003-1463
http://www.securityfocus.com/bid/7438
BID:7438
http://www.securityfocus.com/bid/7439
BID:7439
http://www.securityfocus.com/archive/1/319735
BUGTRAQ:20030425 Path disclosure and file access on WebAdmin
http://securityreason.com/securityalert/3286
SREASON:3286
https://exchange.xforce.ibmcloud.com/vulnerabilities/11874
XF:webadmin-webadmindll-path-disclosure(11874)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11875
XF:webadmin-webadmindll-view-files(11875)
CVE-2003-1464
Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.
2007-10-24
2017-07-28
CVE-2003-1464
http://www.securityfocus.com/bid/7507
BID:7507
http://www.securityfocus.com/archive/1/320555
BUGTRAQ:20030506 Siemens Mobile Phone - Buffer Overflow
http://securityreason.com/securityalert/3287
SREASON:3287
https://exchange.xforce.ibmcloud.com/vulnerabilities/11950
XF:siemens-sms-image-bo(11950)
CVE-2003-1465
Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.
2007-10-24
2017-07-28
CVE-2003-1465
http://www.securityfocus.com/bid/7569
BID:7569
http://www.securityfocus.com/archive/1/321310
BUGTRAQ:20030513 Phorum Vulnerabilities
http://securityreason.com/securityalert/3288
SREASON:3288
https://exchange.xforce.ibmcloud.com/vulnerabilities/12482
XF:phorum-download-directory-traversal(12482)
CVE-2003-1466
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
2007-10-24
2007-11-28
CVE-2003-1466
http://www.securityfocus.com/bid/7581
BID:7581
http://www.securityfocus.com/bid/7583
BID:7583
http://www.securityfocus.com/archive/1/321310
BUGTRAQ:20030513 Phorum Vulnerabilities
http://securityreason.com/securityalert/3288
SREASON:3288
CVE-2003-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
2007-10-24
2017-07-28
CVE-2003-1467
http://www.securityfocus.com/bid/7572
BID:7572
http://www.securityfocus.com/bid/7573
BID:7573
http://www.securityfocus.com/bid/7576
BID:7576
http://www.securityfocus.com/bid/7577
BID:7577
http://www.securityfocus.com/bid/7584
BID:7584
http://www.securityfocus.com/archive/1/321310
BUGTRAQ:20030513 Phorum Vulnerabilities
http://securityreason.com/securityalert/3288
SREASON:3288
https://exchange.xforce.ibmcloud.com/vulnerabilities/12487
XF:phorum-multiple-xss(12487)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12502
XF:phorum-register-html-injection(12502)
CVE-2003-1468
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
2007-10-24
2017-07-28
CVE-2003-1468
http://www.securityfocus.com/bid/7589
BID:7589
http://www.securityfocus.com/archive/1/321313
BUGTRAQ:20030512 Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12436
XF:phpnuke-weblinks-path-disclosure(12436)
CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
2007-10-24
2017-07-28
CVE-2003-1469
http://www.securityfocus.com/bid/7443
BID:7443
http://www.securityfocus.com/archive/1/319867
BUGTRAQ:20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server
http://www.nii.co.in/vuln/pdmac.html
MISC:http://www.nii.co.in/vuln/pdmac.html
http://securityreason.com/securityalert/3307
SREASON:3307
https://exchange.xforce.ibmcloud.com/vulnerabilities/11879
XF:coldfusion-mx-path-disclosure(11879)
CVE-2003-1470
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
2007-10-24
2017-07-28
CVE-2003-1470
http://www.securityfocus.com/bid/7446
BID:7446
http://www.securityfocus.com/archive/1/319879
BUGTRAQ:20030427 MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow
http://securityreason.com/securityalert/3296
SREASON:3296
https://exchange.xforce.ibmcloud.com/vulnerabilities/11896
XF:mdaemon-imap-create-bo(11896)
CVE-2003-1471
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
2007-10-24
2017-07-28
CVE-2003-1471
http://www.securityfocus.com/bid/7445
BID:7445
http://archive.cert.uni-stuttgart.de/bugtraq/2003/04/msg00364.html
BUGTRAQ:20030428 MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
http://archives.neohapsis.com/archives/bugtraq/2003-04/0359.html
BUGTRAQ:20030428 RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/11882
XF:mdaemon-pop3-negative-dos(11882)
CVE-2003-1472
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.
2007-10-24
2017-07-28
CVE-2003-1472
http://www.securityfocus.com/bid/7451
BID:7451
http://www.securityfocus.com/archive/1/319818
BUGTRAQ:20030428 Buffer overflow in 3D-ftp
http://securityreason.com/securityalert/3297
SREASON:3297
https://exchange.xforce.ibmcloud.com/vulnerabilities/11883
XF:3dftp-ftp-banner-bo(11883)
CVE-2003-1473
Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable.
2007-10-24
2017-07-28
CVE-2003-1473
http://www.securityfocus.com/bid/7537
BID:7537
http://www.securityfocus.com/archive/1/321001
BUGTRAQ:20030508 ltris-and-slashem-tty possible trouble
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html
FULLDISC:20030509 ltris-and-slashem-tty possible trouble
https://exchange.xforce.ibmcloud.com/vulnerabilities/11978
XF:ltris-bo(11978)
CVE-2003-1474
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
2007-10-24
CVE-2003-1474
http://www.securityfocus.com/archive/1/321001
BUGTRAQ:20030508 ltris-and-slashem-tty possible trouble
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html
FULLDISC:20030509 ltris-and-slashem-tty possible trouble
http://www.iss.net/security_center/static/11979.php
XF:slashem-tty-insecure-permissions(11979)
CVE-2003-1475
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.
2007-10-24
2017-07-28
CVE-2003-1475
http://www.securityfocus.com/bid/7538
BID:7538
http://www.securityfocus.com/archive/1/320980
BUGTRAQ:20030509 Netbus 1.x exploit
http://securityreason.com/securityalert/3289
SREASON:3289
https://exchange.xforce.ibmcloud.com/vulnerabilities/11982
XF:netbus-password-authentication-bypass(11982)
CVE-2003-1476
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.
2007-10-24
CVE-2003-1476
http://www.securityfocus.com/bid/7556
BID:7556
http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues
CONFIRM:http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues
CVE-2003-1477
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."
2007-10-24
2017-07-28
CVE-2003-1477
http://www.securityfocus.com/bid/7562
BID:7562
http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm
CONFIRM:http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/12052
XF:mailsweeper-powerpoint-file-dos(12052)
CVE-2003-1478
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
2007-10-24
2017-07-28
CVE-2003-1478
http://www.securityfocus.com/bid/7486
BID:7486
http://www.securityfocus.com/archive/1/320266
BUGTRAQ:20030502 Re: April appeared to be a month of IE bugs. Here
https://exchange.xforce.ibmcloud.com/vulnerabilities/11971
XF:kde-konqueror-dos(11971)
CVE-2003-1479
Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field.
2007-10-24
2017-07-28
CVE-2003-1479
http://www.securityfocus.com/bid/7490
BID:7490
http://www.securityfocus.com/archive/1/320345
BUGTRAQ:20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature
http://www.frame4.com/content/advisories/FSA-2003-002.txt
MISC:http://www.frame4.com/content/advisories/FSA-2003-002.txt
http://securityreason.com/securityalert/3304
SREASON:3304
https://exchange.xforce.ibmcloud.com/vulnerabilities/11952
XF:webcamxp-multiple-xss(11952)
CVE-2003-1480
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
2007-10-24
CVE-2003-1480
http://www.securityfocus.com/bid/7500
BID:7500
http://www.securiteam.com/tools/5WP031FA0U.html
MISC:http://www.securiteam.com/tools/5WP031FA0U.html
http://secunia.com/advisories/8753
SECUNIA:8753
CVE-2003-1481
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
2007-10-24
2017-07-28
CVE-2003-1481
http://www.securityfocus.com/bid/7501
BID:7501
http://www.securityfocus.com/archive/1/320438
BUGTRAQ:20030504 CommuniGatePro 4.0.6 [EXPLOIT]
http://securityreason.com/securityalert/3290
SREASON:3290
https://exchange.xforce.ibmcloud.com/vulnerabilities/11932
XF:communigate-pro-session-hijacking(11932)
CVE-2003-1482
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
2007-10-24
CVE-2003-1482
http://www.securityfocus.com/bid/7496
BID:7496
http://www.kurczaba.com/html/security/0305031.htm
MISC:http://www.kurczaba.com/html/security/0305031.htm
http://securitytracker.com/id?1006691
SECTRACK:1006691
CVE-2003-1483
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
2007-10-24
2017-07-28
CVE-2003-1483
http://www.securityfocus.com/bid/7499
BID:7499
http://downloads.securityfocus.com/vulnerabilities/exploits/flashfxp_decrypt.c
MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/flashfxp_decrypt.c
http://securitytracker.com/id?1006730
SECTRACK:1006730
https://exchange.xforce.ibmcloud.com/vulnerabilities/12298
XF:flashfxp-weak-password-encryption(12298)
CVE-2003-1484
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
2007-10-24
2017-07-28
CVE-2003-1484
http://www.securityfocus.com/bid/7502
BID:7502
http://www.securityfocus.com/archive/1/320544
BUGTRAQ:20030505 Crash in Internet Explorer 6.0 Sp1
http://securityreason.com/securityalert/3292
SREASON:3292
https://exchange.xforce.ibmcloud.com/vulnerabilities/11946
XF:ie-anchorclick-dos(11946)
CVE-2003-1485
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
2007-10-24
CVE-2003-1485
http://www.securityfocus.com/bid/7568
BID:7568
http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm
CONFIRM:http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm
CVE-2003-1486
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.
2007-10-24
2017-07-28
CVE-2003-1486
http://www.securityfocus.com/bid/7571
BID:7571
http://www.securityfocus.com/archive/1/321310
BUGTRAQ:20030513 Phorum Vulnerabilities
http://securityreason.com/securityalert/3288
SREASON:3288
https://exchange.xforce.ibmcloud.com/vulnerabilities/12499
XF:phorum-multiple-path-disclosure(12499)
CVE-2003-1487
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
2007-10-24
2017-07-28
CVE-2003-1487
http://www.securityfocus.com/bid/7574
BID:7574
http://www.securityfocus.com/bid/7578
BID:7578
http://www.securityfocus.com/bid/7579
BID:7579
http://www.securityfocus.com/archive/1/321310
BUGTRAQ:20030513 Phorum Vulnerabilities
http://securityreason.com/securityalert/3288
SREASON:3288
https://exchange.xforce.ibmcloud.com/vulnerabilities/12500
XF:phorum-command-execution(12500)
CVE-2003-1488
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
2007-10-24
2017-07-28
CVE-2003-1488
http://www.securityfocus.com/bid/7427
BID:7427
http://secunia.com/advisories/8683
SECUNIA:8683
http://marc.info/?l=vulnwatch&m=105128431109082&w=2
VULNWATCH:20030425 True Galerie 1.0 : Admin Access & File Copy
https://exchange.xforce.ibmcloud.com/vulnerabilities/11886
XF:truegalerie-verifadmin-admin-access(11886)
CVE-2003-1489
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
2007-10-24
2016-10-17
CVE-2003-1489
http://secunia.com/advisories/8683
SECUNIA:8683
http://marc.info/?l=vulnwatch&m=105128431109082&w=2
VULNWATCH:20030425 True Galerie 1.0 : Admin Access & File Copy
CVE-2003-1490
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
2007-10-24
2017-07-28
CVE-2003-1490
http://www.securityfocus.com/bid/7435
BID:7435
http://www.securityfocus.com/archive/1/319712
BUGTRAQ:20030424 SonicWall Pro DoS?
http://securityreason.com/securityalert/3291
SREASON:3291
https://exchange.xforce.ibmcloud.com/vulnerabilities/11876
XF:sonicwallpro-http-post-dos(11876)
CVE-2003-1491
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
2007-10-24
2017-07-28
CVE-2003-1491
http://www.securityfocus.com/bid/7436
BID:7436
http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/0352.html
FULLDISC:20030422 UDP bypassing in Kerio Firewall 2.1.4
http://www.securiteam.com/securitynews/5FP0N1P9PI.html
MISC:http://www.securiteam.com/securitynews/5FP0N1P9PI.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/11880
XF:kerio-pf-firewall-bypass(11880)
CVE-2003-1492
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
2007-10-24
2017-07-28
CVE-2003-1492
http://www.securityfocus.com/bid/7456
BID:7456
http://www.securityfocus.com/archive/1/319919
BUGTRAQ:20030429 "netscape navigator" is cracked.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11924
XF:netscape-domain-obtain-info(11924)
CVE-2003-1493
Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.
2007-10-24
2017-07-28
CVE-2003-1493
http://www.securityfocus.com/bid/8859
BID:8859
http://archives.neohapsis.com/archives/hp/2003-q4/0019.html
HP:HPSBUX0310-291
https://exchange.xforce.ibmcloud.com/vulnerabilities/13467
XF:openview-nnm-packet-dos(13467)
CVE-2003-1494
Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet.
2007-10-24
2017-07-28
CVE-2003-1494
http://www.securityfocus.com/bid/8859
BID:8859
http://archives.neohapsis.com/archives/hp/2003-q4/0019.html
HP:HPSBUX0310-291
https://exchange.xforce.ibmcloud.com/vulnerabilities/13467
XF:openview-nnm-packet-dos(13467)
CVE-2003-1495
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
2007-10-25
2017-07-28
CVE-2003-1495
http://www.securityfocus.com/bid/8878
BID:8878
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.1357.1
COMPAQ:SSRT3632
https://exchange.xforce.ibmcloud.com/vulnerabilities/13496
XF:hp-management-gain-privileges(13496)
CVE-2003-1496
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
2007-10-25
2017-07-28
CVE-2003-1496
http://www.securityfocus.com/bid/8813
BID:8813
http://www.securityfocus.com/advisories/5973
COMPAQ:SSRT3589
http://secunia.com/advisories/9990
SECUNIA:9990
https://exchange.xforce.ibmcloud.com/vulnerabilities/13418
XF:tru64-dtmailpr-gain-privileges(13418)
CVE-2003-1497
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
2007-10-25
2017-07-28
CVE-2003-1497
http://www.securityfocus.com/bid/8834
BID:8834
http://www.securityfocus.com/archive/1/341309
BUGTRAQ:20031015 LinkSys EtherFast Router Denial of Service Attack
http://www.linksys.com/download/vertxt/befsx41_1453.txt
CONFIRM:http://www.linksys.com/download/vertxt/befsx41_1453.txt
http://securityreason.com/securityalert/3298
SREASON:3298
https://exchange.xforce.ibmcloud.com/vulnerabilities/13436
XF:linksys-etherfast-logpagenum-dos(13436)
CVE-2003-1498
Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter.
2007-10-25
2017-07-28
CVE-2003-1498
http://www.securityfocus.com/bid/8823
BID:8823
http://archives.neohapsis.com/archives/bugtraq/2003-10/0173.html
BUGTRAQ:20031014 Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
https://exchange.xforce.ibmcloud.com/vulnerabilities/13431
XF:zoom-search-xss(13431)
CVE-2003-1499
Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter.
2007-10-25
2017-07-28
CVE-2003-1499
http://www.securityfocus.com/bid/8850
BID:8850
http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html
BUGTRAQ:20031019 ByteHoard Directory Traversal Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012430.html
FULLDISC:20031019 ByteHoard Directory Traversal Vulnerability
http://www.securiteam.com/unixfocus/6L00L008KE.html
MISC:http://www.securiteam.com/unixfocus/6L00L008KE.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13456
XF:bytehoard-dotdot-directory-traversal(13456)
CVE-2003-1500
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.
2007-10-25
2017-07-28
CVE-2003-1500
http://www.securityfocus.com/bid/8851
BID:8851
http://www.securityfocus.com/archive/1/341757
BUGTRAQ:20031019 ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce
http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864
CONFIRM:http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864
http://www.securiteam.com/unixfocus/6H00E2K8KG.html
MISC:http://www.securiteam.com/unixfocus/6H00E2K8KG.html
http://securityreason.com/securityalert/3301
SREASON:3301
https://exchange.xforce.ibmcloud.com/vulnerabilities/13457
XF:cpCommerce-functionsphp-file-include(13457)
CVE-2003-1501
Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter.
2007-10-25
2017-07-28
CVE-2003-1501
http://www.securityfocus.com/bid/8858
BID:8858
http://www.securityfocus.com/archive/1/341870
BUGTRAQ:20031020 Gast Arbeiter Privilege Escalation
https://exchange.xforce.ibmcloud.com/vulnerabilities/13469
XF:gast-arbeiter-file-upload(13469)
CVE-2003-1502
mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
2007-10-25
CVE-2003-1502
http://www.securityfocus.com/bid/8822
BID:8822
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012043.html
FULLDISC:20031015 Mod-Throttle [was: client attacks server - XSS]
CVE-2003-1503
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
2007-10-25
2017-07-28
CVE-2003-1503
http://www.securityfocus.com/bid/8825
BID:8825
http://www.digitalpranksters.com/advisories/aol/AIMProtocolBO.html
MISC:http://www.digitalpranksters.com/advisories/aol/AIMProtocolBO.html
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0059.html
NTBUGTRAQ:20031015 Buffer Overflow in AOL Instant Messager
https://exchange.xforce.ibmcloud.com/vulnerabilities/13443
XF:aim-getfile-screenname-bo(13443)
CVE-2003-1504
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
2007-10-25
2017-07-28
CVE-2003-1504
http://www.securityfocus.com/bid/8847
BID:8847
http://www.securityfocus.com/archive/1/341760
BUGTRAQ:20031018 Get admin level on Goldlink script v3.0
http://securityreason.com/securityalert/3302
SREASON:3302
https://exchange.xforce.ibmcloud.com/vulnerabilities/13465
XF:goldlink-variables-gain-access(13465)
CVE-2003-1505
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
2007-10-25
2017-07-28
CVE-2003-1505
http://www.securityfocus.com/bid/8874
BID:8874
http://www.securityfocus.com/archive/1/342010
BUGTRAQ:20031022 IE6 CSS-Crash
http://securityreason.com/securityalert/3295
SREASON:3295
https://exchange.xforce.ibmcloud.com/vulnerabilities/13809
XF:ie-scrollbarbasecolor-dos(13809)
CVE-2003-1506
Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.
2007-10-25
2017-07-28
CVE-2003-1506
http://www.securityfocus.com/bid/8876
BID:8876
http://www.securityfocus.com/archive/1/342160
BUGTRAQ:20031022 CensorNet: Cross Site Scripting Vulnerability
http://www.securityfocus.com/archive/1/342551
BUGTRAQ:20031027 Re: CensorNet: Cross Site Scripting Vulnerability
http://www.securityfocus.com/archive/1/342577
BUGTRAQ:20031027 Re: CensorNet: Cross Site Scripting Vulnerability
http://securityreason.com/securityalert/3299
SREASON:3299
https://exchange.xforce.ibmcloud.com/vulnerabilities/13507
XF:censornet-cgi-xss(13507)
CVE-2003-1507
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
2007-10-25
2017-07-28
CVE-2003-1507
http://www.securityfocus.com/bid/8837
BID:8837
http://www.securityfocus.com/archive/1/341329
BUGTRAQ:20031015 Few issues previously unpublished in English
http://securitytracker.com/id?1007924
SECTRACK:1007924
https://exchange.xforce.ibmcloud.com/vulnerabilities/13446
XF:wgsd-default-admin-account(13446)
CVE-2003-1508
Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename.
2007-10-25
2007-11-28
CVE-2003-1508
http://www.securityfocus.com/bid/8880
BID:8880
http://www.securityfocus.com/archive/1/342179
BUGTRAQ:20031023 (Fw) : mIRC 6.12 (latest) DCC Exploit
http://www.irchelp.org/irchelp/mirc/exploit.html
CONFIRM:http://www.irchelp.org/irchelp/mirc/exploit.html
http://securityreason.com/securityalert/3303
SREASON:3303
CVE-2003-1509
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
2007-10-25
2017-08-16
CVE-2003-1509
http://www.securityfocus.com/bid/8839
BID:8839
http://service.real.com/help/faq/security/securityupdate_october2003.html
CONFIRM:http://service.real.com/help/faq/security/securityupdate_october2003.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13445
XF:realoneplayer-temporary-script-execution(13445)
CVE-2003-1510
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
2007-10-25
2017-07-28
CVE-2003-1510
http://www.securityfocus.com/bid/8810
BID:8810
http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html
MISC:http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13402
XF:tinyweb-httpget-dos(13402)
CVE-2003-1511
Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.
2007-10-25
2007-11-28
CVE-2003-1511
http://www.securityfocus.com/bid/8841
BID:8841
http://www.securityfocus.com/archive/1/341452
BUGTRAQ:20031016 CSS Vulnerability in Bajie HTTP JServer
http://www.geocities.com/gzhangx/websrv/docs/security.html
CONFIRM:http://www.geocities.com/gzhangx/websrv/docs/security.html
http://secunia.com/advisories/10023
SECUNIA:10023
http://securityreason.com/securityalert/3306
SREASON:3306
CVE-2003-1512
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
2007-10-25
CVE-2003-1512
http://www.securityfocus.com/bid/8818
BID:8818
CVE-2003-1513
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.
2007-10-25
2017-07-28
CVE-2003-1513
http://www.securityfocus.com/bid/8852
BID:8852
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html
FULLDISC:20031019 Caucho Resin 2.x - Cross Site Scripting
http://secunia.com/advisories/10031
SECUNIA:10031
https://exchange.xforce.ibmcloud.com/vulnerabilities/13460
XF:resin-name-comment-xss(13460)
CVE-2003-1514
eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow.
2007-10-25
2017-07-28
CVE-2003-1514
http://www.securityfocus.com/bid/8854
BID:8854
http://www.securityfocus.com/archive/1/341754
BUGTRAQ:20031019 eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)
http://securityreason.com/securityalert/3294
SREASON:3294
https://exchange.xforce.ibmcloud.com/vulnerabilities/13464
XF:emule-long-password-dos(13464)
CVE-2003-1515
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.
2007-10-25
2017-07-28
CVE-2003-1515
http://www.securityfocus.com/bid/8855
BID:8855
http://www.securityfocus.com/archive/1/341752
BUGTRAQ:20031012 Origo ASR-8100 ADSL router remote factory reset
http://securityreason.com/securityalert/3300
SREASON:3300
https://exchange.xforce.ibmcloud.com/vulnerabilities/13463
XF:origo-default-settings-restore(13463)
CVE-2003-1516
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
2007-10-25
CVE-2003-1516
http://www.securityfocus.com/bid/8857
BID:8857
http://www.securityfocus.com/archive/1/341815
BUGTRAQ:20031020 Cross Site Java applets
CVE-2003-1517
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
2007-10-25
2017-07-28
CVE-2003-1517
http://www.securityfocus.com/bid/8860
BID:8860
http://www.securiteam.com/securitynews/6T00T008KG.html
MISC:http://www.securiteam.com/securitynews/6T00T008KG.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13461
XF:dansie-cartpl-path-disclosure(13461)
CVE-2003-1518
Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.
2007-10-25
2017-07-28
CVE-2003-1518
http://www.securityfocus.com/bid/8821
BID:8821
http://www.adiscon.com/Common/en/advisory/2003-09-15.asp
CONFIRM:http://www.adiscon.com/Common/en/advisory/2003-09-15.asp
http://www.securiteam.com/windowsntfocus/6L00F158KE.html
MISC:http://www.securiteam.com/windowsntfocus/6L00F158KE.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13428
XF:winsyslog-long-syslog-dos(13428)
CVE-2003-1519
Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.
2007-10-25
2017-07-28
CVE-2003-1519
http://www.securityfocus.com/bid/8862
BID:8862
http://securitytracker.com/id?1007955
SECTRACK:1007955
https://exchange.xforce.ibmcloud.com/vulnerabilities/13452
XF:vívísimo-clustering-engine-xss(13452)
CVE-2003-1520
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
2007-10-25
2007-11-28
CVE-2003-1520
http://www.securityfocus.com/bid/8863
BID:8863
http://www.securityfocus.com/archive/1/341908
BUGTRAQ:20031021 SQL Injection Vulnerability in FuzzyMonkey MyClassifieds SQL Version
http://www.fuzzymonkey.org/newfuzzy/software/data/03My_Classifieds_MySQL//README.html#changes
CONFIRM:http://www.fuzzymonkey.org/newfuzzy/software/data/03My_Classifieds_MySQL//README.html#changes
http://securityreason.com/securityalert/3293
SREASON:3293
CVE-2003-1521
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
2007-10-25
CVE-2003-1521
http://www.securityfocus.com/bid/8867
BID:8867
http://www.securityfocus.com/archive/1/341943
BUGTRAQ:20031021 IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
CVE-2003-1522
Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page.
2007-10-25
2017-07-28
CVE-2003-1522
http://www.securityfocus.com/bid/8869
BID:8869
http://www.pscs.co.uk/products/vpop3/whatsnew.html
CONFIRM:http://www.pscs.co.uk/products/vpop3/whatsnew.html
http://www.securiteam.com/windowsntfocus/6S00S008KW.html
MISC:http://www.securiteam.com/windowsntfocus/6S00S008KW.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13459
XF:vpop3-login-xss(13459)
CVE-2003-1523
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
2007-10-25
2017-07-28
CVE-2003-1523
http://www.securityfocus.com/bid/8829
BID:8829
http://mailman.fastxs.net/pipermail/dbmail/2003-July/003252.html
MLIST:[Dbmail] 20030725 WARNING SECURITY FLAW IN IMAPSERVER
http://secunia.com/advisories/10001
SECUNIA:10001
https://exchange.xforce.ibmcloud.com/vulnerabilities/13416
XF:dbmail-multiple-sql-injection(13416)
CVE-2003-1524
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
2007-10-25
2017-07-28
CVE-2003-1524
http://www.securityfocus.com/bid/8870
BID:8870
http://www.securiteam.com/windowsntfocus/6M00L0K8KI.html
MISC:http://www.securiteam.com/windowsntfocus/6M00L0K8KI.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13490
XF:pgpdisk-obtain-information(13490)
CVE-2003-1525
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
2007-10-25
2017-07-28
CVE-2003-1525
http://www.securityfocus.com/bid/8872
BID:8872
http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html
CONFIRM:http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13498
XF:myphotogallery-unknown-vulnerabilities(13498)
CVE-2003-1526
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
2007-10-25
CVE-2003-1526
http://www.securityfocus.com/bid/8848
BID:8848
http://www.securityfocus.com/archive/1/341743
BUGTRAQ:20031018 PHP-Nuke Path Disclosure Vulnerability
CVE-2003-1527
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
2007-10-26
CVE-2003-1527
http://www.securityfocus.com/bid/5917
BID:5917
http://online.securityfocus.com/archive/1/294411
BUGTRAQ:20021008 Multiple Vendor PC firewall remote denial of services Vulnerability
http://www.iss.net/security_center/static/10314.php
XF:firewall-autoblock-spoofing-dos(10314)
CVE-2003-1528
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.
2007-11-08
2018-10-19
CVE-2003-1528
http://www.securityfocus.com/bid/9446
BID:9446
http://www.securityfocus.com/archive/1/350237/30/21640/threaded
BUGTRAQ:20040119 Networker 6.0 - possible symlink attack
http://www.securitytracker.com/id?1008801
SECTRACK:1008801
http://securityreason.com/securityalert/3353
SREASON:3353
CVE-2003-1529
Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.
2007-11-08
2017-07-28
CVE-2003-1529
http://www.securityfocus.com/bid/7160
BID:7160
http://archives.neohapsis.com/archives/bugtraq/2003-03/0357.html
BUGTRAQ:20030325 IRM 005: JWalk Application Server Version 3.2c9 Directory Traversal Vulnerability
http://www.irmplc.com/advisory/adv5.htm
MISC:http://www.irmplc.com/advisory/adv5.htm
http://www.osvdb.org/4927
OSVDB:4927
http://www.securitytracker.com/id?1006378
SECTRACK:1006378
http://secunia.com/advisories/8411
SECUNIA:8411
https://exchange.xforce.ibmcloud.com/vulnerabilities/11623
XF:jwalk-dotdot-directory-traversal(11623)
CVE-2003-1530
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
2007-11-08
2018-10-19
CVE-2003-1530
http://www.securityfocus.com/bid/6634
BID:6634
http://archives.neohapsis.com/archives/bugtraq/2003-01/0125.html
BUGTRAQ:20030116 phpBB SQL Injection vulnerability
http://www.securityfocus.com/archive/1/307212/30/26300/threaded
BUGTRAQ:20030117 phpBB SQL Injection vulnerability
http://www.osvdb.org/4277
OSVDB:4277
http://secunia.com/advisories/7887/
SECUNIA:7887
CVE-2003-1531
Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
2007-11-08
2017-07-28
CVE-2003-1531
http://www.securityfocus.com/bid/7214
BID:7214
http://marc.info/?l=bugtraq&m=104878375423320&w=2
BUGTRAQ:20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe
http://www.security-corporation.com/index.php?id=advisories&a=013-FR
MISC:http://www.security-corporation.com/index.php?id=advisories&a=013-FR
http://www.securitytracker.com/id?1006391
SECTRACK:1006391
http://secunia.com/advisories/8456
SECUNIA:8456
https://exchange.xforce.ibmcloud.com/vulnerabilities/11638
XF:ceilidh-textcgi-xss(11638)
CVE-2003-1532
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
2007-11-08
2018-10-19
CVE-2003-1532
http://www.securityfocus.com/bid/6746
BID:6746
http://www.securityfocus.com/archive/1/309921/30/26090/threaded
BUGTRAQ:20030203 phpMyShop (php)
http://www.securitytracker.com/id?1006030
SECTRACK:1006030
http://secunia.com/advisories/7990
SECUNIA:7990
http://securityreason.com/securityalert/3348
SREASON:3348
CVE-2003-1533
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
2007-11-08
2018-10-19
CVE-2003-1533
http://www.securityfocus.com/bid/6594
BID:6594
http://www.securityfocus.com/archive/1/307224/30/26300/threaded
BUGTRAQ:20030113 phpPass (PHP)
http://www.securitytracker.com/id?1005948
SECTRACK:1005948
http://securityreason.com/securityalert/3349
SREASON:3349
CVE-2003-1534
Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables.
2007-11-08
2018-10-19
CVE-2003-1534
http://www.securityfocus.com/bid/7233
BID:7233
http://www.securityfocus.com/archive/1/316745/30/25280/threaded
BUGTRAQ:20030329 Justice Guestbook 1.3 vulnerabilities
http://www.securitytracker.com/id?1006412
SECTRACK:1006412
http://secunia.com/advisories/8475
SECUNIA:8475
http://securityreason.com/securityalert/3347
SREASON:3347
CVE-2003-1535
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.
2007-11-08
2018-10-19
CVE-2003-1535
http://www.securityfocus.com/bid/7234
BID:7234
http://www.securityfocus.com/archive/1/316745/30/25280/threaded
BUGTRAQ:20030329 Justice Guestbook 1.3 vulnerabilities
http://www.securitytracker.com/id?1006412
SECTRACK:1006412
http://secunia.com/advisories/8475
SECUNIA:8475
http://securityreason.com/securityalert/3347
SREASON:3347
CVE-2003-1536
Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php.
2007-11-08
2017-07-28
CVE-2003-1536
http://www.securityfocus.com/bid/7141
BID:7141
http://www.securityfocus.com/bid/7144
BID:7144
http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html
BUGTRAQ:20030318 Some XSS vulns
http://www.osvdb.org/7021
OSVDB:7021
http://www.osvdb.org/7022
OSVDB:7022
http://secunia.com/advisories/8358
SECUNIA:8358
https://exchange.xforce.ibmcloud.com/vulnerabilities/11602
XF:dcpportal-search-calendar-xss(11602)
CVE-2003-1537
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
2007-11-13
CVE-2003-1537
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html
VULNWATCH:20030309 Postnuke v 0.723 SQL injection and directory traversing
CVE-2003-1538
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.
2007-12-20
CVE-2003-1538
http://www.securitytracker.com/id?1005954
SECTRACK:1005954
http://secunia.com/advisories/7906
SECUNIA:7906
http://www.novell.com/linux/security/advisories/2003_005_susehelp.html
SUSE:SUSE-SA:2003:005
CVE-2003-1539
Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.
2008-01-09
CVE-2003-1539
http://www.securityfocus.com/bid/7035
BID:7035
http://sourceforge.net/project/shownotes.php?release_id=144274
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=144274
http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842
http://secunia.com/advisories/8257
SECUNIA:8257
CVE-2003-1540
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.
2008-02-12
2018-10-19
CVE-2003-1540
http://www.securityfocus.com/bid/7147
BID:7147
http://www.securityfocus.com/archive/1/315583/30/25430/threaded
BUGTRAQ:20030319 WF-Chat
http://securitytracker.com/id?1006352
SECTRACK:1006352
http://secunia.com/advisories/8396
SECUNIA:8396
http://securityreason.com/securityalert/3645
SREASON:3645
https://exchange.xforce.ibmcloud.com/vulnerabilities/11571
XF:wf-chat-plaintext-passwords(11571)
CVE-2003-1541
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
2008-02-13
2018-10-19
CVE-2003-1541
http://www.securityfocus.com/bid/7167
BID:7167
http://www.securityfocus.com/archive/1/315895/30/25400/threaded
BUGTRAQ:20030321 Guestbook tr3.a
http://www.securitytracker.com/id?1006360
SECTRACK:1006360
http://secunia.com/advisories/8392
SECUNIA:8392
http://securityreason.com/securityalert/3653
SREASON:3653
https://exchange.xforce.ibmcloud.com/vulnerabilities/11609
XF:guestbooktr3a-plaintext-password-disclosure(11609)
CVE-2003-1542
Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter.
2008-02-13
CVE-2003-1542
http://www.securityfocus.com/bid/6933
BID:6933
http://platon.sk/projects/release_view_page.php?release_id=2
CONFIRM:http://platon.sk/projects/release_view_page.php?release_id=2
http://secunia.com/advisories/8183
SECUNIA:8183
CVE-2003-1543
Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message.
2008-02-13
2017-08-07
CVE-2003-1543
http://www.securityfocus.com/bid/7344
BID:7344
http://www.geocities.com/gzhangx/websrv/docs/security.html
MISC:http://www.geocities.com/gzhangx/websrv/docs/security.html
http://www.lucaercoli.it/advs/bajie.txt
MISC:http://www.lucaercoli.it/advs/bajie.txt
http://www.securiteam.com/securitynews/5LP10009FC.html
MISC:http://www.securiteam.com/securitynews/5LP10009FC.html
http://securitytracker.com/id?1006428
SECTRACK:1006428
http://secunia.com/advisories/8477
SECUNIA:8477
https://exchange.xforce.ibmcloud.com/vulnerabilities/11687
XF:bajie-error-message-xss(11687)
CVE-2003-1544
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
2008-02-13
2017-08-07
CVE-2003-1544
http://www.securityfocus.com/bid/6672
BID:6672
http://www.securityfocus.com/archive/1/308059
BUGTRAQ:20030123 DoS attack on Windows 2000 Terminal Server
http://www.securityfocus.com/archive/1/308164
BUGTRAQ:20030124 RE: DoS attack on Windows 2000 Terminal Server
http://support.microsoft.com/kb/815225/en-us
MSKB:815225
http://www.securitytracker.com/id?1005986
SECTRACK:1005986
http://secunia.com/advisories/7959
SECUNIA:7959
http://securityreason.com/securityalert/3654
SREASON:3654
https://exchange.xforce.ibmcloud.com/vulnerabilities/11141
XF:win2k-terminal-msgina-dos(11141)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11816
XF:win2k-terminal-msgina-permissions(11816)
CVE-2003-1545
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
2008-02-28
2018-10-19
CVE-2003-1545
http://www.securityfocus.com/bid/7191
BID:7191
http://www.securityfocus.com/archive/1/316179/30/25340/threaded
BUGTRAQ:20030325 PHPNuke viewpage.php allows Remote File retrieving
http://www.securityfocus.com/archive/1/316198/30/25340/threaded
BUGTRAQ:20030325 Re: PHPNuke viewpage.php allows Remote File retrieving
http://www.securityfocus.com/archive/1/316233/30/25340/threaded
BUGTRAQ:20030325 Re: PHPNuke viewpage.php allows Remote File retrieving
http://www.securityfocus.com/archive/1/316341/30/25310/threaded
BUGTRAQ:20030325 Re: PHPNuke viewpage.php allows Remote File retrieving
http://www.securityfocus.com/archive/1/316209/30/25340/threaded
BUGTRAQ:20030325 Re: PHPNuke viewpage.php and another SQL injections
http://www.securityfocus.com/archive/1/316327/30/25340/threaded
BUGTRAQ:20030326 Re: PHPNuke viewpage.php allows Remote File retrieving
http://www.securityfocus.com/archive/1/316585/30/25310/threaded
BUGTRAQ:20030327 Re: PHPNuke viewpage.php allows Remote File retrieving
http://www.securitytracker.com/id?1006377
SECTRACK:1006377
CVE-2003-1546
Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section.
2008-03-05
2017-08-07
CVE-2003-1546
http://www.securityfocus.com/bid/7104
BID:7104
http://archives.neohapsis.com/archives/bugtraq/2003-03/0219.html
BUGTRAQ:20030314 Guestbook v1.1.3 CSS Vuln
http://www.securitytracker.com/id?1006289
SECTRACK:1006289
http://secunia.com/advisories/8317
SECUNIA:8317
https://exchange.xforce.ibmcloud.com/vulnerabilities/11540
XF:filebased-guestbook-gbook-xss(11540)
CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
2008-03-05
2018-10-19
CVE-2003-1547
http://www.securityfocus.com/bid/7248
BID:7248
http://www.securityfocus.com/archive/1/316925/30/25250/threaded
BUGTRAQ:20030331 PHP-Nuke block-Forums.php subject vulnerabilities
http://www.securityfocus.com/archive/1/317230/30/25220/threaded
BUGTRAQ:20030401 Re: PHP-Nuke block-Forums.php subject vulnerabilities
http://secunia.com/advisories/8478
SECUNIA:8478
http://securityreason.com/securityalert/3718
SREASON:3718
https://exchange.xforce.ibmcloud.com/vulnerabilities/11675
XF:phpnuke-blockforums-subject-xss(11675)
CVE-2003-1548
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message.
2008-03-05
2018-10-19
CVE-2003-1548
http://www.securityfocus.com/bid/7126
BID:7126
http://www.securityfocus.com/archive/1/315317/30/25460/threaded
BUGTRAQ:20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb
http://www.securitytracker.com/id?1006308
SECTRACK:1006308
http://secunia.com/advisories/8320
SECUNIA:8320
http://securityreason.com/securityalert/3717
SREASON:3717
https://exchange.xforce.ibmcloud.com/vulnerabilities/11556
XF:myabracadaweb-index-path-disclosure(11556)
CVE-2003-1549
Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter.
2008-03-05
2018-10-19
CVE-2003-1549
http://www.securityfocus.com/bid/7127
BID:7127
http://www.securityfocus.com/archive/1/315317/30/25460/threaded
BUGTRAQ:20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb
http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip
MISC:http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip
http://www.webmaster-mag.net/?module=distridoc&idCat=3
MISC:http://www.webmaster-mag.net/?module=distridoc&idCat=3
http://www.securitytracker.com/id?1006308
SECTRACK:1006308
http://secunia.com/advisories/8320
SECUNIA:8320
http://securityreason.com/securityalert/3717
SREASON:3717
https://exchange.xforce.ibmcloud.com/vulnerabilities/11557
XF:myabracadaweb-index-makw-xss(11557)
CVE-2003-1550
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.
2008-03-05
2017-08-07
CVE-2003-1550
http://www.securityfocus.com/bid/7149
BID:7149
http://marc.info/?l=bugtraq&m=104820295115420&w=2
BUGTRAQ:20030320 [SCSA-011] Path Disclosure Vulnerability in XOOPS
http://marc.info/?l=bugtraq&m=104887510828106&w=2
BUGTRAQ:20030328 Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS
http://www.security-corporation.com/index.php?id=advisories&a=011-FR
MISC:http://www.security-corporation.com/index.php?id=advisories&a=011-FR
http://secunia.com/advisories/8353
SECUNIA:8353
https://exchange.xforce.ibmcloud.com/vulnerabilities/11587
XF:xoops-xoopsoption-path-disclosure(11587)
CVE-2003-1551
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
2008-03-07
2017-08-07
CVE-2003-1551
http://www.securityfocus.com/bid/6896
BID:6896
http://support.novell.com/servlet/tidfinder/2964956
CONFIRM:http://support.novell.com/servlet/tidfinder/2964956
http://www.securitytracker.com/id?1006171
SECTRACK:1006171
http://secunia.com/advisories/8133
SECUNIA:8133
https://exchange.xforce.ibmcloud.com/vulnerabilities/11394
XF:groupwise-script-execution(11394)
CVE-2003-1552
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
2008-03-07
2018-10-19
CVE-2003-1552
http://www.securityfocus.com/archive/1/313819/30/25640/threaded
BUGTRAQ:20030304 uploader.php script
http://www.securityfocus.com/archive/1/313787/30/25670/threaded
BUGTRAQ:20030304 uploader.php vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/11467
XF:uploader-uploads-file-upload(11467)
CVE-2003-1553
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.
2008-03-26
2018-10-19
CVE-2003-1553
http://www.securityfocus.com/bid/7134
BID:7134
http://www.securityfocus.com/archive/1/315504/30/25460/threaded
BUGTRAQ:20030318 SIPS (PHP)
http://securityreason.com/securityalert/3780
SREASON:3780
https://exchange.xforce.ibmcloud.com/vulnerabilities/11572
XF:sips-user-obtain-information(11572)
CVE-2003-1554
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.
2008-03-26
2018-10-19
CVE-2003-1554
http://www.securityfocus.com/bid/7235
BID:7235
http://www.securityfocus.com/archive/1/316747/30/25280/threaded
BUGTRAQ:20030329 ScozBook BETA 1.1 vulnerabilities
http://www.securitytracker.com/id?1006413
SECTRACK:1006413
http://secunia.com/advisories/8476
SECUNIA:8476
http://securityreason.com/securityalert/3781
SREASON:3781
https://exchange.xforce.ibmcloud.com/vulnerabilities/11658
XF:scozbook-add-xss(11658)
CVE-2003-1555
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
2008-03-26
2018-10-19
CVE-2003-1555
http://www.securityfocus.com/bid/7236
BID:7236
http://www.securityfocus.com/archive/1/316747/30/25280/threaded
BUGTRAQ:20030329 ScozBook BETA 1.1 vulnerabilities
http://www.securitytracker.com/id?1006413
SECTRACK:1006413
http://secunia.com/advisories/8476
SECUNIA:8476
http://securityreason.com/securityalert/3781
SREASON:3781
https://exchange.xforce.ibmcloud.com/vulnerabilities/11659
XF:scozbook-view-path-disclosure(11659)
CVE-2003-1556
Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters.
2008-04-03
2018-10-19
CVE-2003-1556
http://www.securityfocus.com/bid/7237
BID:7237
http://www.securityfocus.com/archive/1/316764/30/25250/threaded
BUGTRAQ:20030329 CGI-City's CCGuestBook Script Injection Vulns
http://securityreason.com/securityalert/3796
SREASON:3796
CVE-2003-1557
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
2008-04-03
2018-10-19
CVE-2003-1557
http://www.securityfocus.com/bid/6679
BID:6679
http://marc.info/?l=bugtraq&m=104342896818777&w=2
BUGTRAQ:20030123 SpamAssassin / spamc+BSMTP remote buffer overflow
http://www.securityfocus.com/archive/1/310212/30/26030/threaded
BUGTRAQ:20030204 Re: GLSA: Mail-SpamAssasin
http://www.securityfocus.com/archive/1/309912/30/26090/threaded
GENTOO:GLSA-200302-01
http://secunia.com/advisories/7983
SECUNIA:7983
https://exchange.xforce.ibmcloud.com/vulnerabilities/11154
XF:spamassassin-spamc-offbyone-bo(11154)
CVE-2003-1558
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.
2008-05-09
2018-10-19
CVE-2003-1558
http://www.securityfocus.com/bid/6635
BID:6635
http://www.securityfocus.com/archive/1/307400/30/26270/threaded
BUGTRAQ:20030117 GLSA: fnord
http://www.fefe.de/fnord/
CONFIRM:http://www.fefe.de/fnord/
http://secunia.com/advisories/7893
SECUNIA:7893
https://exchange.xforce.ibmcloud.com/vulnerabilities/11121
XF:fnord-httpdc-cgi-bo(11121)
CVE-2003-1559
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
2008-07-14
2009-01-29
CVE-2003-1559
http://www.securityfocus.com/bid/9295
BID:9295
http://www.securityfocus.com/archive/1/348360
BUGTRAQ:20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
http://www.securityfocus.com/archive/1/348574
BUGTRAQ:20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
MISC:http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
http://securityreason.com/securityalert/3989
SREASON:3989
CVE-2003-1560
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
2008-07-14
2009-01-29
CVE-2003-1560
http://www.securityfocus.com/archive/1/348574
BUGTRAQ:20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
http://securityreason.com/securityalert/4004
SREASON:4004
CVE-2003-1561
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
2008-07-14
2009-01-29
CVE-2003-1561
http://www.securityfocus.com/archive/1/348574
BUGTRAQ:20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
http://securityreason.com/securityalert/4004
SREASON:4004
CVE-2003-1562
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
2008-08-04
2022-12-13
CVE-2003-1562
http://www.securityfocus.com/bid/7482
BID:7482
http://www.securityfocus.com/archive/1/320153
BUGTRAQ:20030501 Re: OpenSSH/PAM timing attack allows remote users identification
http://www.securityfocus.com/archive/1/320302
BUGTRAQ:20030501 Re: OpenSSH/PAM timing attack allows remote users identification
http://www.securityfocus.com/archive/1/320440
BUGTRAQ:20030505 Re: OpenSSH/PAM timing attack allows remote users identification
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
CVE-2003-1563
Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.
2008-08-18
CVE-2003-1563
http://www.auscert.org.au/render.html?it=3672
AUSCERT:ESB-2003.0843
http://www.securityfocus.com/bid/9137
BID:9137
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101393-1
SUNALERT:101393
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200810-1
SUNALERT:200810
http://www.auscert.org.au/render.html?it=3672
SUNALERT:57428
CVE-2003-1564
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
2008-09-02
2008-09-17
CVE-2003-1564
http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2
MISC:http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2
http://xmlsoft.org/news.html
MISC:http://xmlsoft.org/news.html
http://www.stylusstudio.com/xmldev/200302/post20020.html
MLIST:[xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services
http://mail.gnome.org/archives/xml/2008-August/msg00034.html
MLIST:[xml] 20080820 Security fix for libxml2
http://www.redhat.com/support/errata/RHSA-2008-0886.html
REDHAT:RHSA-2008:0886
http://secunia.com/advisories/31868
SECUNIA:31868
CVE-2003-1565
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1565. Reason: This candidate is a duplicate of CVE-2002-1565. Notes: All CVE users should reference CVE-2002-1565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2003-08-05
2005-02-06
CVE-2003-1565
CVE-2003-1566
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.
2009-01-14
2017-08-07
CVE-2003-1566
http://www.securityfocus.com/bid/9313
BID:9313
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
MISC:http://www.aqtronix.com/Advisories/AQ-2003-02.txt
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html
NTBUGTRAQ:20031227 AQ-2003-02: Microsoft IIS Logging Failure
http://www.osvdb.org/4864
OSVDB:4864
https://exchange.xforce.ibmcloud.com/vulnerabilities/14077
XF:iis-improper-httptrack-logging(14077)
CVE-2003-1567
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
2009-01-14
CVE-2003-1567
http://www.kb.cert.org/vuls/id/288308
CERT-VN:VU#288308
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
MISC:http://www.aqtronix.com/Advisories/AQ-2003-02.txt
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html
NTBUGTRAQ:20031227 AQ-2003-02: Microsoft IIS Logging Failure
http://www.osvdb.org/5648
OSVDB:5648
CVE-2003-1568
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
2009-02-06
CVE-2003-1568
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl
CVE-2003-1569
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
2009-02-06
CVE-2003-1569
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service
CONFIRM:http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service
CVE-2003-1570
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
2009-03-31
2017-08-16
CVE-2003-1570
http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554
AIXAPAR:IC37554
http://www.securityfocus.com/bid/34285
BID:34285
http://www-01.ibm.com/support/docview.wss?uid=swg21375360
CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21375360
http://securitytracker.com/id?1021947
SECTRACK:1021947
http://secunia.com/advisories/34498
SECUNIA:34498
http://www.vupen.com/english/advisories/2009/0881
VUPEN:ADV-2009-0881
https://exchange.xforce.ibmcloud.com/vulnerabilities/49536
XF:tsm-consolemode-info-disclosure(49536)
CVE-2003-1571
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
2009-04-02
2017-10-09
CVE-2003-1571
https://www.exploit-db.com/exploits/7488
EXPLOIT-DB:7488
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863
MISC:http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863
http://www.osvdb.org/2492
OSVDB:2492
http://secunia.com/advisories/9639
SECUNIA:9639
CVE-2003-1572
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
2009-06-01
CVE-2003-1572
http://archive.cert.uni-stuttgart.de/bugtraq/2003/06/msg00219.html
BUGTRAQ:20030625 Privilege escalation applet, Java Media Framework
http://www.illegalaccess.org/java/jmf.php
MISC:http://www.illegalaccess.org/java/jmf.php
http://securitytracker.com/id?1006777
SECTRACK:1006777
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760
SUNALERT:54760
CVE-2003-1573
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
2009-06-01
2017-08-16
CVE-2003-1573
http://www.securityfocus.com/bid/9230
BID:9230
http://seclists.org/bugtraq/2003/Dec/0249.html
BUGTRAQ:20031216 J2EE 1.4 reference implementation: database component allows remote code execution
http://archives.neohapsis.com/archives/bugtraq/2004-01/0148.html
BUGTRAQ:20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0675.html
FULLDISC:20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB
http://securitytracker.com/id?1008491
SECTRACK:1008491
http://secunia.com/advisories/10460
SECUNIA:10460
https://exchange.xforce.ibmcloud.com/vulnerabilities/14008
XF:j2ee-pointbase-sql-injection(14008)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14883
XF:pointbase-command-execution(14883)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14882
XF:pointbase-information-disclosure(14882)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14881
XF:pointbase-insecure-permissions-dos(14881)
CVE-2003-1574
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
2009-08-24
2017-08-16
CVE-2003-1574
http://www.securityfocus.com/bid/14170
BID:14170
http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846
https://exchange.xforce.ibmcloud.com/vulnerabilities/40347
XF:tikiwiki-username-security-byass(40347)
CVE-2003-1575
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
2010-01-28
CVE-2003-1575
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1
CONFIRM:http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200161-1
SUNALERT:200161
CVE-2003-1576
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
2010-01-28
CVE-2003-1576
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1
CONFIRM:http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201231-1
SUNALERT:201231
CVE-2003-1577
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
2010-02-05
2017-08-16
CVE-2003-1577
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1
SUNALERT:201453
https://exchange.xforce.ibmcloud.com/vulnerabilities/56632
XF:sunone-iplanetlog-xss(56632)
CVE-2003-1578
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
2017-08-16
CVE-2003-1578
http://www.securityfocus.com/bid/7012
BID:7012
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1
SUNALERT:201453
https://exchange.xforce.ibmcloud.com/vulnerabilities/56633
XF:iplanet-logpreview-security-bypass(56633)
CVE-2003-1579
Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
CVE-2003-1579
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
CVE-2003-1580
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
CVE-2003-1581
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
CVE-2003-1581
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
CVE-2003-1582
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
CVE-2003-1582
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
CVE-2003-1583
Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
2017-08-16
CVE-2003-1583
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
https://exchange.xforce.ibmcloud.com/vulnerabilities/56650
XF:webtrends-domain-name-xss(56650)
CVE-2003-1584
Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
2017-08-16
CVE-2003-1584
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
https://exchange.xforce.ibmcloud.com/vulnerabilities/56649
XF:surfstats-domain-name-xss(56649)
CVE-2003-1585
Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
2010-02-05
2017-08-16
CVE-2003-1585
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
https://exchange.xforce.ibmcloud.com/vulnerabilities/56647
XF:weblogexpert-domain-name-xss(56647)
CVE-2003-1586
Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
2010-02-05
2017-08-16
CVE-2003-1586
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
https://exchange.xforce.ibmcloud.com/vulnerabilities/56646
XF:webexpert-useragent-xss(56646)
CVE-2003-1587
Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.
2010-02-05
2017-08-16
CVE-2003-1587
http://www.securityfocus.com/archive/1/313867
BUGTRAQ:20030304 Log corruption on multiple webservers, log analyzers,...
https://exchange.xforce.ibmcloud.com/vulnerabilities/56645
XF:loganpro-useragent-xss(56645)
CVE-2003-1588
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
2010-02-08
2017-08-16
CVE-2003-1588
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201460-1
SUNALERT:201460
https://exchange.xforce.ibmcloud.com/vulnerabilities/56617
XF:suncluster-haoracle-information-disclosure(56617)
CVE-2003-1589
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.
2010-02-25
2017-08-16
CVE-2003-1589
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1
SUNALERT:201454
https://exchange.xforce.ibmcloud.com/vulnerabilities/56616
XF:iplanet-unspecified-dos(56616)
CVE-2003-1590
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.
2010-02-25
2017-08-16
CVE-2003-1590
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1
SUNALERT:201451
https://exchange.xforce.ibmcloud.com/vulnerabilities/56615
XF:sunone-unspecified-dos(56615)
CVE-2003-1591
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload.
2010-04-05
CVE-2003-1591
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2003-1592
Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password.
2010-04-05
CVE-2003-1592
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2003-1593
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.
2010-04-05
CVE-2003-1593
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2003-1594
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.
2010-04-05
CVE-2003-1594
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2003-1595
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.
2010-04-05
CVE-2003-1595
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2003-1596
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.
2010-04-05
CVE-2003-1596
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2003-1597
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2003-1597
CVE-2003-1598
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
2014-10-01
2017-08-28
CVE-2003-1598
http://www.securityfocus.com/bid/7784
BID:7784
http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt
MISC:http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt
http://seclists.org/oss-sec/2012/q1/77
MLIST:[oss-security] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)
http://osvdb.org/show/osvdb/4610
OSVDB:4610
http://secunia.com/advisories/8954/
SECUNIA:8954
https://exchange.xforce.ibmcloud.com/vulnerabilities/12204
XF:wordpress-blogheader-sql-injection(12204)
CVE-2003-1599
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
2014-10-27
2017-08-28
CVE-2003-1599
http://www.securityfocus.com/bid/7785
BID:7785
http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt
MISC:http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt
http://www.openwall.com/lists/oss-security/2012/01/06/3
MLIST:[oss-security] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)
http://www.osvdb.org/4611
OSVDB:4611
https://exchange.xforce.ibmcloud.com/vulnerabilities/12205
XF:wordpress-linksall-file-include(12205)
CVE-2003-1600
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2003-1600
CVE-2003-1601
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2003-1601
CVE-2003-1602
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2003-1602
CVE-2003-1603
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
2015-08-04
2018-03-27
CVE-2003-1603
http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1
CONFIRM:http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
MISC:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
MISC:https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
https://twitter.com/digitalbond/status/619250429751222277
MISC:https://twitter.com/digitalbond/status/619250429751222277
CVE-2003-1604
The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.
2016-05-02
2016-11-29
CVE-2003-1604
https://bugzilla.redhat.com/show_bug.cgi?id=1303072
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1303072
http://marc.info/?l=netfilter-devel&m=106668497403047&w=2
MLIST:[netfilter-devel] 20031020 [PATCH] Fix possible oops in ipt_REDIRECT
http://www.openwall.com/lists/oss-security/2016/01/27/9
MLIST:[oss-security] 20160127 Re: CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
SUSE:openSUSE-SU-2016:1008
CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
2018-08-23
2018-08-23
CVE-2003-1605
http://www.securityfocus.com/bid/8432
BID:8432
https://curl.haxx.se/docs/CVE-2003-1605.html
MISC:https://curl.haxx.se/docs/CVE-2003-1605.html
CVE-2003-5001
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2022-03-28
2022-07-03
CVE-2003-5001
http://www.cgisecurity.com/articles/xss-faq.shtml
MISC:http://www.cgisecurity.com/articles/xss-faq.shtml
http://www.computec.ch/mruef/advisories/black_ice_pc_protection_xss_evasion.txt
MISC:http://www.computec.ch/mruef/advisories/black_ice_pc_protection_xss_evasion.txt
https://vuldb.com/?id.104
MISC:https://vuldb.com/?id.104
CVE-2003-5002
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2022-03-28
2022-07-03
CVE-2003-5002
https://vuldb.com/?id.295
MISC:https://vuldb.com/?id.295
CVE-2003-5003
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2022-03-28
2022-07-03
CVE-2003-5003
https://vuldb.com/?id.296
MISC:https://vuldb.com/?id.296