Full List

Search

Recent Vulnerabilities

• CVE-2003-0490 • published on June 28, 2003 The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
• CVE-2003-0491 • published on June 28, 2003 The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
• CVE-2003-0494 • published on June 28, 2003 password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
• CVE-2003-0445 • published on June 24, 2003 Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.
• CVE-2003-0451 • published on June 24, 2003 Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments.
• CVE-2003-0452 • published on June 24, 2003 Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections."
• CVE-2003-0453 • published on June 24, 2003 traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
• CVE-2003-0381 • published on June 20, 2003 Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
• CVE-2003-0389 • published on June 20, 2003 Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
• CVE-2003-0450 • published on June 20, 2003 Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
• CVE-2003-0436 • published on June 20, 2003 Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
• CVE-2003-0437 • published on June 20, 2003 Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.
• CVE-2003-0442 • published on June 20, 2003 Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
• CVE-2003-0447 • published on June 20, 2003 The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
• CVE-2003-0449 • published on June 20, 2003 Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
• CVE-2003-0427 • published on June 20, 2003 Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
• CVE-2003-0446 • published on June 20, 2003 Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.
• CVE-2003-0448 • published on June 20, 2003 Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.
• CVE-2003-0366 • published on June 18, 2003 lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
• CVE-2003-0359 • published on June 18, 2003 nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.