| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2003-1070 |
|
|
DoS |
2003-04-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash). |
|
2 |
CVE-2003-1054 |
|
|
DoS |
2003-04-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference. |
|
3 |
CVE-2003-0203 |
|
|
Exec Code Overflow |
2003-04-11 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner. |
|
4 |
CVE-2003-0197 |
|
|
Overflow +Priv |
2003-04-11 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK). |
|
5 |
CVE-2003-0181 |
|
|
DoS |
2003-04-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. |
|
6 |
CVE-2003-0180 |
|
|
DoS |
2003-04-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. |
|
7 |
CVE-2003-0179 |
|
|
Exec Code Overflow |
2003-04-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. |
|
8 |
CVE-2003-0178 |
|
|
DoS Exec Code Overflow |
2003-04-02 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation. |
|
9 |
CVE-2003-0172 |
|
|
Exec Code Overflow |
2003-04-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. |
|
10 |
CVE-2003-0169 |
|
|
DoS |
2003-04-11 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop. |
|
11 |
CVE-2003-0168 |
|
|
Exec Code Overflow |
2003-04-02 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. |
|
12 |
CVE-2003-0167 |
|
|
DoS Exec Code Overflow |
2003-04-02 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140. |
|
13 |
CVE-2003-0166 |
|
|
DoS Exec Code |
2003-04-02 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. |
|
14 |
CVE-2003-0165 |
|
|
Exec Code |
2003-04-02 |
2017-10-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. |
|
15 |
CVE-2003-0162 |
|
|
+Priv |
2003-04-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page. |
|
16 |
CVE-2003-0161 |
|
|
DoS Exec Code Overflow |
2003-04-02 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. |
|
17 |
CVE-2003-0160 |
|
|
XSS |
2003-04-02 |
2017-10-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. |
|
18 |
CVE-2003-0159 |
|
|
DoS Exec Code Overflow |
2003-04-02 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
|
19 |
CVE-2003-0155 |
|
|
|
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. |
|
20 |
CVE-2003-0154 |
|
|
XSS |
2003-04-02 |
2016-10-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. |
|
21 |
CVE-2003-0153 |
|
|
|
2003-04-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. |
|
22 |
CVE-2003-0152 |
|
|
Exec Code |
2003-04-02 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. |
|
23 |
CVE-2003-0141 |
|
|
|
2003-04-02 |
2016-10-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. |
|
24 |
CVE-2003-0135 |
|
|
|
2003-04-11 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended. |
|
25 |
CVE-2003-0134 |
|
|
DoS |
2003-04-11 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. |
|
26 |
CVE-2003-0132 |
772 |
|
DoS |
2003-04-11 |
2021-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. |
|
27 |
CVE-2003-0106 |
|
|
Bypass |
2003-04-02 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8. |
|
28 |
CVE-2003-0092 |
|
|
Overflow +Priv |
2003-04-02 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable. |
|
29 |
CVE-2003-0091 |
|
1
|
Overflow +Priv |
2003-04-02 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege. |
|
30 |
CVE-2003-0083 |
|
|
|
2003-04-02 |
2021-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. |
|
31 |
CVE-2003-0082 |
|
|
DoS |
2003-04-02 |
2020-01-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). |
|
32 |
CVE-2003-0072 |
|
|
DoS |
2003-04-02 |
2020-01-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). |
|
33 |
CVE-2002-1561 |
|
|
DoS |
2003-04-02 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. |
|
34 |
CVE-2002-1528 |
|
|
|
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter. |
|
35 |
CVE-2002-1527 |
|
|
|
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. |
|
36 |
CVE-2002-1526 |
|
|
XSS |
2003-04-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field. |
|
37 |
CVE-2002-1525 |
|
|
Dir. Trav. |
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017. |
|
38 |
CVE-2002-1524 |
|
|
Exec Code Overflow |
2003-04-02 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. |
|
39 |
CVE-2002-1523 |
|
|
Dir. Trav. |
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences. |
|
40 |
CVE-2002-1522 |
|
|
DoS Exec Code Overflow |
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument. |
|
41 |
CVE-2002-1520 |
|
|
|
2003-04-02 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges. |
|
42 |
CVE-2002-1519 |
|
|
DoS Exec Code |
2003-04-02 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter. |
|
43 |
CVE-2002-1517 |
|
|
|
2003-04-02 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file. |
|
44 |
CVE-2002-1516 |
|
|
|
2003-04-02 |
2008-09-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. |
|
45 |
CVE-2002-1515 |
|
|
Dir. Trav. |
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter. |
|
46 |
CVE-2002-1514 |
|
|
+Priv |
2003-04-02 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file. |
|
47 |
CVE-2002-1513 |
|
|
Bypass |
2003-04-02 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges. |
|
48 |
CVE-2002-1512 |
|
|
+Priv |
2003-04-02 |
2008-09-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file. |
|
49 |
CVE-2002-1507 |
|
|
DoS |
2003-04-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777. |
|
50 |
CVE-2002-1506 |
|
|
Exec Code Overflow |
2003-04-02 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated. |
