| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
151 |
CVE-2003-0477 |
|
|
DoS |
2003-08-07 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument. |
|
152 |
CVE-2003-0476 |
|
|
|
2003-08-07 |
2018-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. |
|
153 |
CVE-2003-0475 |
|
|
Dir. Trav. |
2003-08-07 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474. |
|
154 |
CVE-2003-0474 |
|
|
Dir. Trav. |
2003-08-07 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475. |
|
155 |
CVE-2003-0473 |
|
|
|
2003-08-07 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications. |
|
156 |
CVE-2003-0472 |
|
|
DoS |
2003-08-07 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning. |
|
157 |
CVE-2003-0471 |
|
|
Exec Code Overflow |
2003-08-07 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument. |
|
158 |
CVE-2003-0470 |
|
|
Exec Code Overflow |
2003-08-07 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings. |
|
159 |
CVE-2003-0469 |
|
|
DoS Exec Code Overflow |
2003-08-07 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. |
|
160 |
CVE-2003-0468 |
|
|
|
2003-08-27 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. |
|
161 |
CVE-2003-0467 |
|
|
DoS |
2003-08-27 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. |
|
162 |
CVE-2003-0466 |
|
|
Exec Code Overflow |
2003-08-27 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
|
163 |
CVE-2003-0465 |
|
|
+Info |
2003-08-18 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks. |
|
164 |
CVE-2003-0464 |
|
|
|
2003-08-27 |
2018-05-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd. |
|
165 |
CVE-2003-0462 |
|
|
DoS |
2003-08-27 |
2017-10-11 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). |
|
166 |
CVE-2003-0461 |
|
|
+Info |
2003-08-27 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. |
|
167 |
CVE-2003-0460 |
|
|
DoS |
2003-08-27 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. |
|
168 |
CVE-2003-0459 |
|
|
|
2003-08-27 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. |
|
169 |
CVE-2003-0458 |
|
|
+Priv |
2003-08-18 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges. |
|
170 |
CVE-2003-0456 |
200 |
|
+Info |
2003-08-18 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. |
|
171 |
CVE-2003-0455 |
|
|
|
2003-08-07 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files. |
|
172 |
CVE-2003-0454 |
|
|
Overflow +Priv |
2003-08-07 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable. |
|
173 |
CVE-2003-0453 |
|
|
Exec Code Overflow |
2003-08-07 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. |
|
174 |
CVE-2003-0452 |
|
|
Exec Code Overflow Bypass |
2003-08-07 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections." |
|
175 |
CVE-2003-0451 |
|
|
Overflow +Priv |
2003-08-07 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. |
|
176 |
CVE-2003-0450 |
|
|
DoS Exec Code Overflow |
2003-08-07 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow. |
|
177 |
CVE-2003-0449 |
|
|
+Priv |
2003-08-07 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent. |
|
178 |
CVE-2003-0440 |
|
|
|
2003-08-18 |
2017-10-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
|
179 |
CVE-2003-0426 |
|
|
+Priv |
2003-08-27 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator. |
|
180 |
CVE-2003-0425 |
|
|
Dir. Trav. |
2003-08-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request. |
|
181 |
CVE-2003-0424 |
|
|
|
2003-08-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi. |
|
182 |
CVE-2003-0423 |
|
|
|
2003-08-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. |
|
183 |
CVE-2003-0422 |
|
|
DoS |
2003-08-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. |
|
184 |
CVE-2003-0421 |
|
|
DoS |
2003-08-27 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502. |
|
185 |
CVE-2003-0353 |
|
|
Exec Code Overflow |
2003-08-27 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. |
|
186 |
CVE-2003-0352 |
|
|
Exec Code Overflow |
2003-08-18 |
2019-04-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. |
|
187 |
CVE-2003-0350 |
|
|
Exec Code |
2003-08-18 |
2019-04-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. |
|
188 |
CVE-2003-0346 |
|
|
Exec Code Overflow |
2003-08-27 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. |
|
189 |
CVE-2003-0345 |
|
|
DoS Exec Code Overflow |
2003-08-18 |
2019-04-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. |
|
190 |
CVE-2003-0254 |
|
|
DoS |
2003-08-18 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. |
|
191 |
CVE-2003-0253 |
|
|
DoS |
2003-08-18 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. |
|
192 |
CVE-2003-0252 |
|
|
DoS Exec Code |
2003-08-18 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. |
|
193 |
CVE-2003-0232 |
|
|
Exec Code Overflow |
2003-08-27 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. |
|
194 |
CVE-2003-0231 |
|
|
DoS |
2003-08-27 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. |
|
195 |
CVE-2003-0230 |
264 |
|
+Priv |
2003-08-27 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. |
|
196 |
CVE-2003-0192 |
|
|
|
2003-08-18 |
2021-06-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. |
|
197 |
CVE-2003-0187 |
|
|
DoS |
2003-08-27 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. |
|
198 |
CVE-2003-0177 |
|
|
|
2003-08-18 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently. |
|
199 |
CVE-2003-0176 |
|
|
DoS |
2003-08-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan. |
|
200 |
CVE-2003-0149 |
|
|
Exec Code Overflow |
2003-08-27 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. |
