CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2003-1114 DoS Exec Code 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
402 CVE-2003-1113 DoS Exec Code 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
403 CVE-2003-1112 DoS Exec Code 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
404 CVE-2003-1111 DoS Exec Code 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
405 CVE-2003-1110 DoS Exec Code 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
406 CVE-2003-1109 DoS Exec Code 2003-12-31 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
407 CVE-2003-1108 DoS Exec Code 2003-12-31 2017-10-11
5.0
None Remote Low Not required None None Partial
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
408 CVE-2003-1107 Bypass 2003-12-31 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
409 CVE-2003-1106 DoS 2003-12-31 2019-04-30
5.0
None Remote Low Not required None None Partial
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
410 CVE-2003-1105 DoS 2003-12-31 2021-07-23
2.6
None Remote High Not required None None Partial
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
411 CVE-2003-1104 Exec Code Overflow 2003-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
412 CVE-2003-1103 Exec Code Sql 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.
413 CVE-2003-1102 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.
414 CVE-2003-1101 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.
415 CVE-2003-1100 XSS 2003-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.
416 CVE-2003-1099 DoS Exec Code 2003-12-31 2017-10-11
2.1
None Local Low Not required None None Partial
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
417 CVE-2003-1098 +Priv 2003-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
418 CVE-2003-1097 Overflow +Priv 2003-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.
419 CVE-2003-1096 +Priv 2003-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
420 CVE-2003-1094 Exec Code +Priv 2003-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
421 CVE-2003-1093 2003-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
422 CVE-2003-1092 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
423 CVE-2003-1091 DoS Exec Code Overflow 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.
424 CVE-2003-1089 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message.
425 CVE-2003-1087 DoS 2003-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.
426 CVE-2003-1085 DoS Overflow 2003-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.
427 CVE-2003-1083 Exec Code Overflow 2003-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
428 CVE-2003-1082 Overflow +Priv 2003-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.
429 CVE-2003-1076 DoS +Priv 2003-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
430 CVE-2003-1073 2003-12-31 2018-10-30
1.2
None Local High Not required None Partial None
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
431 CVE-2003-1066 DoS Exec Code Overflow 2003-12-31 2018-10-30
5.0
None Remote Low Not required None None Partial
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
432 CVE-2003-1058 DoS 2003-12-03 2018-10-30
3.7
None Local High Not required Partial Partial Partial
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
433 CVE-2003-1057 Exec Code 2003-12-08 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.
434 CVE-2003-1056 2003-12-11 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
435 CVE-2003-1005 DoS 2003-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
436 CVE-2003-0986 DoS 2003-12-31 2017-10-11
1.7
None Local Low ??? None None Partial
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
437 CVE-2003-0976 2003-12-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.
438 CVE-2003-0975 2003-12-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
439 CVE-2003-0974 2003-12-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c.
440 CVE-2003-0973 DoS 2003-12-15 2017-10-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
441 CVE-2003-0972 Exec Code Overflow 2003-12-15 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
442 CVE-2003-0971 2003-12-15 2017-10-11
5.0
None Remote Low Not required Partial None None
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
443 CVE-2003-0970 DoS 2003-12-15 2008-09-05
5.0
None Remote Low Not required None None Partial
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
444 CVE-2003-0968 Exec Code Overflow 2003-12-15 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
445 CVE-2003-0967 DoS 2003-12-15 2017-10-11
5.0
None Remote Low Not required None None Partial
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
446 CVE-2003-0962 Exec Code Overflow 2003-12-15 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
447 CVE-2003-0961 Overflow +Priv 2003-12-15 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
448 CVE-2003-0960 2003-12-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.
449 CVE-2003-0959 DoS Overflow +Priv 2003-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.
450 CVE-2003-0956 2003-12-31 2017-07-11
2.6
None Local High Not required Partial Partial None
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.
Total number of vulnerabilities : 507   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.