Full List

Search

Recent Vulnerabilities

• CVE-2003-0996 • published on December 17, 2003 Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
• CVE-2003-0998 • published on December 17, 2003 Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
• CVE-2003-1000 • published on December 17, 2003 xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
• CVE-2003-1012 • published on December 17, 2003 The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.
• CVE-2003-1017 • published on December 17, 2003 Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
• CVE-2003-0995 • published on December 17, 2003 Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
• CVE-2003-0997 • published on December 17, 2003 Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
• CVE-2003-0999 • published on December 17, 2003 Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
• CVE-2003-1013 • published on December 17, 2003 The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
• CVE-2003-0983 • published on December 11, 2003 Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
• CVE-2003-0980 • published on December 11, 2003 Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.
• CVE-2003-0981 • published on December 11, 2003 FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
• CVE-2003-0979 • published on December 11, 2003 FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.
• CVE-2003-0982 • published on December 11, 2003 Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.
• CVE-2003-0327 • published on December 10, 2003 Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow.
• CVE-2003-0977 • published on December 10, 2003 CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
• CVE-2003-0975 • published on December 10, 2003 Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
• CVE-2003-0978 • published on December 10, 2003 Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
• CVE-2003-0962 • published on December 10, 2003 Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
• CVE-2003-0976 • published on December 10, 2003 NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.