CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2003 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-0626 2003-01-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
2 CVE-2002-1399 2003-01-17 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).
3 CVE-2002-0627 Bypass 2003-01-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
4 CVE-2002-1378 Exec Code Overflow 2003-01-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.
5 CVE-2002-1379 Exec Code 2003-01-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges.
6 CVE-2002-1391 DoS Exec Code Overflow 2003-01-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
7 CVE-2002-1393 Exec Code 2003-01-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
8 CVE-2002-1394 Bypass 2003-01-17 2019-03-25
7.5
None Remote Low Not required Partial Partial Partial
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9 CVE-2002-1396 DoS Exec Code Overflow 2003-01-17 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
10 CVE-2002-1397 DoS Exec Code Overflow 2003-01-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
11 CVE-2002-1400 Exec Code Overflow 2003-01-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string.
12 CVE-2003-0013 2003-01-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
13 CVE-2003-0025 +Priv Sql 2003-01-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
14 CVE-2003-0026 Exec Code Overflow 2003-01-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.
15 CVE-2003-0031 DoS Overflow 2003-01-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).
16 CVE-2002-1384 Exec Code Overflow 2003-01-02 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
17 CVE-2002-1403 Exec Code 2003-01-17 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.
Total number of vulnerabilities : 17   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.