Full List

Search

Recent Vulnerabilities

• CVE-2003-1154 • published on May 10, 2005 MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.
• CVE-2003-1160 • published on May 10, 2005 FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
• CVE-2003-1163 • published on May 10, 2005 hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.
• CVE-2003-1166 • published on May 10, 2005 Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
• CVE-2003-1171 • published on May 10, 2005 Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
• CVE-2003-1172 • published on May 10, 2005 Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
• CVE-2003-1177 • published on May 10, 2005 Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.
• CVE-2003-1179 • published on May 10, 2005 Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
• CVE-2003-1142 • published on May 10, 2005 Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
• CVE-2003-1145 • published on May 10, 2005 Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
• CVE-2003-1148 • published on May 10, 2005 Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
• CVE-2003-1150 • published on May 10, 2005 Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
• CVE-2003-1151 • published on May 10, 2005 Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.
• CVE-2003-1155 • published on May 10, 2005 X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file.
• CVE-2003-1159 • published on May 10, 2005 Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080.
• CVE-2003-1174 • published on May 10, 2005 Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
• CVE-2003-1181 • published on May 10, 2005 Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.
• CVE-2003-1183 • published on May 10, 2005 The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.
• CVE-2003-1185 • published on May 10, 2005 Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
• CVE-2003-1189 • published on May 10, 2005 Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.