245401
|
6.8 |
MEDIUM
|
phpwebsite
|
phpwebsite
|
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fa…
|
NVD-CWE-Other
|
CVE-2003-0736
|
2016-10-18 11:37 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245402
|
5.0 |
MEDIUM
|
phpwebsite
|
phpwebsite
|
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of…
|
NVD-CWE-Other
|
CVE-2003-0737
|
2016-10-18 11:37 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245403
|
7.8 |
HIGH
|
phpwebsite
|
phpwebsite
|
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
|
CWE-134
書式文字列の問題
|
CVE-2003-0738
|
2016-10-18 11:37 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245404
|
4.6 |
MEDIUM
|
vmware
|
workstation
|
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
|
NVD-CWE-Other
|
CVE-2003-0739
|
2016-10-18 11:37 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245405
|
4.6 |
MEDIUM
|
stunnel
|
stunnel
|
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
|
NVD-CWE-Other
|
CVE-2003-0740
|
2016-10-18 11:37 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245406
|
7.5 |
HIGH
|
university_of_cambridge
|
exim
|
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument…
|
NVD-CWE-Other
|
CVE-2003-0743
|
2016-10-18 11:37 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245407
|
5.0 |
MEDIUM
|
leafnode
|
leafnode
|
The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchne…
|
NVD-CWE-Other
|
CVE-2003-0744
|
2016-10-18 11:37 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245408
|
7.2 |
HIGH
|
ibm
|
db2_universal_database
|
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
|
NVD-CWE-Other
|
CVE-2003-0759
|
2016-10-18 11:37 |
2003-10-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245409
|
4.3 |
MEDIUM
|
squished_mosquito
|
escapade
|
Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.
|
NVD-CWE-Other
|
CVE-2003-0763
|
2016-10-18 11:37 |
2003-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245410
|
5.0 |
MEDIUM
|
squished_mosquito
|
escapade
|
Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE p…
|
NVD-CWE-Other
|
CVE-2003-0764
|
2016-10-18 11:37 |
2003-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245411
|
7.5 |
HIGH
|
nullsoft
|
winamp
|
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
|
NVD-CWE-Other
|
CVE-2003-0765
|
2016-10-18 11:37 |
2003-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245412
|
7.5 |
HIGH
|
gamespy
|
roger_wilco_dedicated_server roger_wilco_graphical_server
|
Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial o…
|
NVD-CWE-Other
|
CVE-2003-0767
|
2016-10-18 11:37 |
2003-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245413
|
6.8 |
MEDIUM
|
microsoft
|
asp.net
|
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
|
NVD-CWE-Other
|
CVE-2003-0768
|
2016-10-18 11:37 |
2003-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245414
|
7.5 |
HIGH
|
ikonboard.com
|
ikonboard
|
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when…
|
NVD-CWE-Other
|
CVE-2003-0770
|
2016-10-18 11:37 |
2003-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245415
|
4.6 |
MEDIUM
|
apache_gallery
|
apache_gallery
|
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apa…
|
NVD-CWE-Other
|
CVE-2003-0771
|
2016-10-18 11:37 |
2003-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245416
|
5.0 |
MEDIUM
|
gnu quagga sgi
|
zebra quagga propack
|
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial…
|
CWE-20
不適切な入力確認
|
CVE-2003-0795
|
2016-10-18 11:37 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245417
|
7.5 |
HIGH
|
university_of_minnesota
|
gopherd
|
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisTex…
|
NVD-CWE-Other
|
CVE-2003-0805
|
2016-10-18 11:37 |
2003-10-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245418
|
7.5 |
HIGH
|
gnu
|
lsh
|
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attacke…
|
NVD-CWE-Other
|
CVE-2003-0826
|
2016-10-18 11:37 |
2003-10-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245419
|
5.0 |
MEDIUM
|
ibm
|
db2_universal_database
|
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
|
NVD-CWE-Other
|
CVE-2003-0827
|
2016-10-18 11:37 |
2003-10-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245420
|
7.5 |
HIGH
|
mplayer
|
mplayer
|
Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.
|
NVD-CWE-Other
|
CVE-2003-0835
|
2016-10-18 11:37 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245421
|
5.0 |
MEDIUM
|
microsoft
|
windows_2003_server
|
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
|
NVD-CWE-Other
|
CVE-2003-0839
|
2016-10-18 11:37 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245422
|
7.2 |
HIGH
|
hp
|
hp-ux
|
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.
|
NVD-CWE-Other
|
CVE-2003-0840
|
2016-10-18 11:37 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245423
|
7.5 |
HIGH
|
dag_apt_repository
|
mod_gzip
|
Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code …
|
NVD-CWE-Other
|
CVE-2003-0842
|
2016-10-18 11:37 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245424
|
7.5 |
HIGH
|
dag_apt_repository
|
mod_gzip
|
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers t…
|
NVD-CWE-Other
|
CVE-2003-0843
|
2016-10-18 11:37 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245425
|
4.6 |
MEDIUM
|
suse
|
suse_linux
|
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.
|
NVD-CWE-Other
|
CVE-2003-0846
|
2016-10-18 11:37 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245426
|
4.6 |
MEDIUM
|
suse
|
suse_linux
|
SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.
|
NVD-CWE-Other
|
CVE-2003-0847
|
2016-10-18 11:37 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245427
|
5.0 |
MEDIUM
|
peoplesoft
|
peopletools
|
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP…
|
NVD-CWE-Other
|
CVE-2003-0628
|
2016-10-18 11:36 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245428
|
4.3 |
MEDIUM
|
peoplesoft
|
peopletools
|
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScrip…
|
NVD-CWE-Other
|
CVE-2003-0629
|
2016-10-18 11:36 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245429
|
7.2 |
HIGH
|
atari800
|
atari800
|
Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrate…
|
NVD-CWE-Other
|
CVE-2003-0630
|
2016-10-18 11:36 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245430
|
7.2 |
HIGH
|
vmware
|
gsx_server workstation
|
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual ma…
|
NVD-CWE-Other
|
CVE-2003-0631
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245431
|
7.5 |
HIGH
|
oracle
|
applications e-business_suite
|
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrar…
|
NVD-CWE-Other
|
CVE-2003-0632
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245432
|
5.0 |
MEDIUM
|
oracle
|
applications e-business_suite
|
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without…
|
NVD-CWE-Other
|
CVE-2003-0633
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245433
|
5.0 |
MEDIUM
|
novell
|
ichain
|
Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.
|
NVD-CWE-Other
|
CVE-2003-0635
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245434
|
7.5 |
HIGH
|
novell
|
ichain
|
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via…
|
NVD-CWE-Other
|
CVE-2003-0638
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245435
|
5.0 |
MEDIUM
|
novell
|
ichain
|
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.
|
NVD-CWE-Other
|
CVE-2003-0639
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245436
|
7.5 |
HIGH
|
gamespy
|
arcade
|
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) seq…
|
NVD-CWE-Other
|
CVE-2003-0650
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245437
|
4.6 |
MEDIUM
|
xtokkaetama
|
xtokkaetama
|
Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611.
|
NVD-CWE-Other
|
CVE-2003-0652
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245438
|
7.2 |
HIGH
|
cdrtools
|
cdrtools
|
rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is …
|
NVD-CWE-Other
|
CVE-2003-0655
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245439
|
2.1 |
LOW
|
eroaster
|
eroaster
|
eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.
|
NVD-CWE-Other
|
CVE-2003-0656
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245440
|
5.0 |
MEDIUM
|
sun
|
iplanet_directory_server one_directory_server
|
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
|
NVD-CWE-Other
|
CVE-2003-0676
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245441
|
7.5 |
HIGH
|
netris
|
netris
|
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
|
NVD-CWE-Other
|
CVE-2003-0685
|
2016-10-18 11:36 |
2003-08-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245442
|
6.4 |
MEDIUM
|
horde
|
horde
|
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
|
NVD-CWE-Other
|
CVE-2003-0728
|
2016-10-18 11:36 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245443
|
7.5 |
HIGH
|
tellurian
|
tftpdnt
|
Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.
|
NVD-CWE-Other
|
CVE-2003-0729
|
2016-10-18 11:36 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245444
|
7.5 |
HIGH
|
xfree86_project netbsd
|
x11r6 netbsd
|
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflo…
|
NVD-CWE-Other
|
CVE-2003-0730
|
2016-10-18 11:36 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245445
|
7.5 |
HIGH
|
phpwebsite
|
phpwebsite
|
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
|
NVD-CWE-Other
|
CVE-2003-0735
|
2016-10-18 11:36 |
2003-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245446
|
3.6 |
LOW
|
phpsysinfo
|
phpsysinfo
|
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (do…
|
NVD-CWE-Other
|
CVE-2003-0536
|
2016-10-18 11:35 |
2003-08-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245447
|
7.5 |
HIGH
|
netscape
|
navigator
|
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
|
NVD-CWE-Other
|
CVE-2003-0553
|
2016-10-18 11:35 |
2003-08-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245448
|
5.0 |
MEDIUM
|
neomodus
|
direct_connect
|
NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests …
|
NVD-CWE-Other
|
CVE-2003-0554
|
2016-10-18 11:35 |
2003-08-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245449
|
7.5 |
HIGH
|
imagemagick
|
imagemagick
|
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
|
NVD-CWE-Other
|
CVE-2003-0555
|
2016-10-18 11:35 |
2003-08-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245450
|
5.0 |
MEDIUM
|
polycom
|
mgc-100 mgc-25 mgc-50
|
Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
|
NVD-CWE-Other
|
CVE-2003-0556
|
2016-10-18 11:35 |
2003-08-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|