Full List

Search

Recent Vulnerabilities

• CVE-2003-0686 • published on September 3, 2003 Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
• CVE-2003-0688 • published on September 3, 2003 The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
• CVE-2003-0707 • published on September 3, 2003 Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code.
• CVE-2003-0708 • published on September 3, 2003 Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.
• CVE-2003-0726 • published on September 3, 2003 RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
• CVE-2003-0689 • published on September 3, 2003 The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.
• CVE-2003-0723 • published on September 3, 2003 Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code.
• CVE-2003-0725 • published on September 3, 2003 Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
• CVE-2003-0728 • published on September 3, 2003 Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
• CVE-2003-0729 • published on September 3, 2003 Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.
• CVE-2003-0730 • published on September 3, 2003 Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
• CVE-2003-0702 • published on September 3, 2003 Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL.
• CVE-2003-0549 • published on August 22, 2003 The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
• CVE-2003-0531 • published on August 22, 2003 Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
• CVE-2003-0701 • published on August 22, 2003 Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
• CVE-2003-0530 • published on August 22, 2003 Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
• CVE-2003-0532 • published on August 22, 2003 Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
• CVE-2003-0547 • published on August 22, 2003 GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
• CVE-2003-0548 • published on August 22, 2003 The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
• CVE-2003-0699 • published on August 22, 2003 The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.