CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2003-0325 Exec Code Overflow 2003-06-09 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
52 CVE-2003-0324 DoS Exec Code Overflow 2003-06-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.
53 CVE-2003-0323 DoS Exec Code Overflow 2003-06-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
54 CVE-2003-0322 DoS Overflow 2003-06-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash).
55 CVE-2003-0321 DoS Exec Code Overflow 2003-06-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it.
56 CVE-2003-0320 2003-06-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.
57 CVE-2003-0319 Exec Code Overflow 2003-06-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command.
58 CVE-2003-0318 XSS 2003-06-09 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
59 CVE-2003-0316 2003-06-16 2008-09-05
5.0
None Remote Low Not required None Partial None
Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.
60 CVE-2003-0315 DoS Exec Code Overflow 2003-06-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow.
61 CVE-2003-0314 DoS 2003-06-16 2016-10-18
6.4
None Remote Low Not required Partial None Partial
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence.
62 CVE-2003-0313 Dir. Trav. 2003-06-16 2016-10-18
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request.
63 CVE-2003-0312 Dir. Trav. 2003-06-16 2016-10-18
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
64 CVE-2003-0310 79 XSS 2003-06-16 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
65 CVE-2003-0309 Bypass 2003-06-09 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
66 CVE-2003-0307 +Priv 2003-06-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field.
67 CVE-2003-0306 Exec Code Overflow 2003-06-09 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
68 CVE-2003-0305 DoS 2003-06-09 2017-10-11
5.0
None Remote Low Not required None None Partial
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
69 CVE-2003-0304 2003-06-09 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script.
70 CVE-2003-0303 Sql 2003-06-09 2016-10-18
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter.
71 CVE-2003-0302 DoS Exec Code Overflow 2003-06-16 2016-10-18
5.0
None Remote Low Not required None None Partial
The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
72 CVE-2003-0301 DoS Overflow 2003-06-16 2016-10-18
5.0
None Remote Low Not required None None Partial
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
73 CVE-2003-0300 DoS Overflow 2003-06-16 2016-10-18
5.0
None Remote Low Not required None None Partial
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
74 CVE-2003-0299 DoS Exec Code Overflow 2003-06-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.
75 CVE-2003-0298 DoS Exec Code Overflow 2003-06-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
76 CVE-2003-0297 DoS Exec Code Overflow 2003-06-16 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
77 CVE-2003-0296 DoS Exec Code Overflow 2003-06-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
78 CVE-2003-0295 XSS 2003-06-16 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
79 CVE-2003-0294 2003-06-16 2016-10-18
5.0
None Remote Low Not required Partial None None
autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation.
80 CVE-2003-0293 DoS 2003-06-16 2016-10-18
5.0
None Remote Low Not required None None Partial
PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets.
81 CVE-2003-0292 XSS 2003-06-16 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
82 CVE-2003-0291 2003-06-16 2017-07-11
5.0
None Remote Low Not required Partial None None
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
83 CVE-2003-0290 DoS 2003-06-16 2017-07-11
5.0
None Remote Low Not required None None Partial
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
84 CVE-2003-0289 +Priv 2003-06-16 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
85 CVE-2003-0288 Exec Code Overflow 2003-06-16 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file.
86 CVE-2003-0287 XSS 2003-06-16 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
87 CVE-2003-0286 89 1 Sql 2003-06-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
88 CVE-2003-0285 2003-06-16 2017-07-11
5.0
None Remote Low Not required None Partial None
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
89 CVE-2003-0284 2003-06-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.
90 CVE-2003-0283 XSS 2003-06-16 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
91 CVE-2003-0282 Dir. Trav. 2003-06-16 2017-10-11
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
92 CVE-2003-0281 Exec Code Overflow 2003-06-16 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
93 CVE-2003-0280 Exec Code Overflow 2003-06-16 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
94 CVE-2003-0279 Sql 2003-06-16 2017-07-11
2.6
None Remote High Not required Partial None None
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
95 CVE-2003-0278 XSS 2003-06-16 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter.
96 CVE-2003-0277 Dir. Trav. 2003-06-16 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter.
97 CVE-2003-0276 DoS Exec Code Overflow 2003-06-16 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
98 CVE-2003-0275 Exec Code 2003-06-16 2016-10-18
5.1
None Remote High Not required Partial Partial Partial
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.
99 CVE-2003-0270 2003-06-16 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
100 CVE-2003-0248 2003-06-16 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
Total number of vulnerabilities : 129   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.