| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2003-1114 |
|
|
DoS Exec Code |
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
402 |
CVE-2003-1113 |
|
|
DoS Exec Code |
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
403 |
CVE-2003-1112 |
|
|
DoS Exec Code |
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
404 |
CVE-2003-1111 |
|
|
DoS Exec Code |
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
405 |
CVE-2003-1110 |
|
|
DoS Exec Code |
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
406 |
CVE-2003-1109 |
|
|
DoS Exec Code |
2003-12-31 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
407 |
CVE-2003-1108 |
|
|
DoS Exec Code |
2003-12-31 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
408 |
CVE-2003-1107 |
|
|
Bypass |
2003-12-31 |
2017-07-11 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. |
|
409 |
CVE-2003-1106 |
|
|
DoS |
2003-12-31 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. |
|
410 |
CVE-2003-1105 |
|
|
DoS |
2003-12-31 |
2021-07-23 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. |
|
411 |
CVE-2003-1104 |
|
|
Exec Code Overflow |
2003-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors. |
|
412 |
CVE-2003-1103 |
|
|
Exec Code Sql |
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands. |
|
413 |
CVE-2003-1102 |
|
|
|
2003-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code. |
|
414 |
CVE-2003-1101 |
|
|
|
2003-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message. |
|
415 |
CVE-2003-1100 |
|
|
XSS |
2003-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors. |
|
416 |
CVE-2003-1099 |
|
|
DoS Exec Code |
2003-12-31 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. |
|
417 |
CVE-2003-1098 |
|
|
+Priv |
2003-12-31 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges. |
|
418 |
CVE-2003-1097 |
|
|
Overflow +Priv |
2003-12-31 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option. |
|
419 |
CVE-2003-1096 |
|
|
+Priv |
2003-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. |
|
420 |
CVE-2003-1094 |
|
|
Exec Code +Priv |
2003-12-31 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. |
|
421 |
CVE-2003-1093 |
|
|
|
2003-12-31 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. |
|
422 |
CVE-2003-1092 |
|
|
|
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact. |
|
423 |
CVE-2003-1091 |
|
|
DoS Exec Code Overflow |
2003-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files. |
|
424 |
CVE-2003-1089 |
|
|
|
2003-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message. |
|
425 |
CVE-2003-1087 |
|
|
DoS |
2003-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic. |
|
426 |
CVE-2003-1085 |
|
|
DoS Overflow |
2003-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. |
|
427 |
CVE-2003-1083 |
|
|
Exec Code Overflow |
2003-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. |
|
428 |
CVE-2003-1082 |
|
|
Overflow +Priv |
2003-12-31 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068. |
|
429 |
CVE-2003-1076 |
|
|
DoS +Priv |
2003-12-31 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file. |
|
430 |
CVE-2003-1073 |
|
|
|
2003-12-31 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place. |
|
431 |
CVE-2003-1066 |
|
|
DoS Exec Code Overflow |
2003-12-31 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets. |
|
432 |
CVE-2003-1058 |
|
|
DoS |
2003-12-03 |
2018-10-30 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files. |
|
433 |
CVE-2003-1057 |
|
|
Exec Code |
2003-12-08 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code. |
|
434 |
CVE-2003-1056 |
|
|
|
2003-12-11 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
|
435 |
CVE-2003-1005 |
|
|
DoS |
2003-12-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. |
|
436 |
CVE-2003-0986 |
|
|
DoS |
2003-12-31 |
2017-10-11 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. |
|
437 |
CVE-2003-0976 |
|
|
|
2003-12-15 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host. |
|
438 |
CVE-2003-0975 |
|
|
|
2003-12-15 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. |
|
439 |
CVE-2003-0974 |
|
|
|
2003-12-15 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c. |
|
440 |
CVE-2003-0973 |
|
|
DoS |
2003-12-15 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. |
|
441 |
CVE-2003-0972 |
|
|
Exec Code Overflow |
2003-12-15 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. |
|
442 |
CVE-2003-0971 |
|
|
|
2003-12-15 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. |
|
443 |
CVE-2003-0970 |
|
|
DoS |
2003-12-15 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled. |
|
444 |
CVE-2003-0968 |
|
|
Exec Code Overflow |
2003-12-15 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. |
|
445 |
CVE-2003-0967 |
|
|
DoS |
2003-12-15 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. |
|
446 |
CVE-2003-0962 |
|
|
Exec Code Overflow |
2003-12-15 |
2018-05-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. |
|
447 |
CVE-2003-0961 |
|
|
Overflow +Priv |
2003-12-15 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges. |
|
448 |
CVE-2003-0960 |
|
|
|
2003-12-15 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates. |
|
449 |
CVE-2003-0959 |
|
|
DoS Overflow +Priv |
2003-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments. |
|
450 |
CVE-2003-0956 |
|
|
|
2003-12-31 |
2017-07-11 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018. |
