CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2003-0247 DoS 2003-06-16 2017-10-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
102 CVE-2003-0246 +Priv 2003-06-16 2017-10-11
3.6
None Local Low Not required Partial Partial None
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
103 CVE-2003-0245 DoS Exec Code 2003-06-09 2021-06-06
5.0
None Remote Low Not required None None Partial
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
104 CVE-2003-0242 2003-06-09 2020-12-09
7.5
None Remote Low Not required Partial Partial Partial
IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.
105 CVE-2003-0241 Exec Code 2003-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
106 CVE-2003-0240 Bypass 2003-06-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
107 CVE-2003-0227 119 DoS Exec Code Overflow 2003-06-09 2020-11-13
5.0
None Remote Low Not required None None Partial
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
108 CVE-2003-0226 DoS 2003-06-09 2020-11-23
5.0
None Remote Low Not required None None Partial
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
109 CVE-2003-0225 DoS 2003-06-09 2018-10-30
5.0
None Remote Low Not required None None Partial
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
110 CVE-2003-0224 Exec Code Overflow 2003-06-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
111 CVE-2003-0223 XSS 2003-06-09 2020-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
112 CVE-2003-0217 XSS Bypass 2003-06-16 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script.
113 CVE-2003-0195 DoS 2003-06-16 2017-10-11
5.0
None Remote Low Not required None None Partial
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
114 CVE-2003-0194 2003-06-09 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
tcpdump does not properly drop privileges to the pcap user when starting up.
115 CVE-2003-0189 DoS 2003-06-09 2021-06-06
5.0
None Remote Low Not required None None Partial
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
116 CVE-2003-0188 Exec Code 2003-06-09 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
117 CVE-2002-1565 DoS Exec Code Overflow 2003-06-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.
118 CVE-2002-1564 2003-06-09 2021-07-23
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability.
119 CVE-2002-1463 2003-06-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
120 CVE-2002-1462 2003-06-09 2008-09-05
5.0
None Remote Low Not required None Partial None
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
121 CVE-2002-1461 Exec Code 2003-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.
122 CVE-2002-1460 2003-06-09 2008-09-05
5.0
None Remote Low Not required Partial None None
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.
123 CVE-2002-1459 XSS 2003-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject.
124 CVE-2002-1458 XSS 2003-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.
125 CVE-2002-1457 Sql 2003-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
126 CVE-2002-1456 Exec Code Overflow 2003-06-09 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.
127 CVE-2002-1455 XSS 2003-06-09 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.
128 CVE-2002-1454 2003-06-09 2016-10-18
5.0
None Remote Low Not required Partial None None
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.
129 CVE-2002-1155 Exec Code Overflow 2003-06-16 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.
Total number of vulnerabilities : 129   Page : 1 2 3 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.