Full List

Search

Recent Vulnerabilities

• CVE-2003-0832 • published on October 1, 2003 Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
• CVE-2003-0833 • published on October 1, 2003 Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
• CVE-2003-0830 • published on October 1, 2003 Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable.
• CVE-2003-0543 • published on October 1, 2003 Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
• CVE-2003-0545 • published on October 1, 2003 Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
• CVE-2003-0544 • published on October 1, 2003 OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
• CVE-2003-0835 • published on October 1, 2003 Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.
• CVE-2003-0786 • published on September 25, 2003 The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
• CVE-2003-0787 • published on September 25, 2003 The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
• CVE-2003-0804 • published on September 25, 2003 The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
• CVE-2003-0831 • published on September 25, 2003 ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
• CVE-2003-0785 • published on September 23, 2003 ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
• CVE-2003-0784 • published on September 23, 2003 Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
• CVE-2003-0783 • published on September 23, 2003 Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.
• CVE-2003-0697 • published on September 23, 2003 Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
• CVE-2003-0826 • published on September 23, 2003 lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
• CVE-2003-0827 • published on September 23, 2003 The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
• CVE-2002-1567 • published on September 19, 2003 Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
• CVE-2003-0758 • published on September 19, 2003 Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
• CVE-2003-0742 • published on September 19, 2003 SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.