Full List

Search

Recent Vulnerabilities

• CVE-2003-0198 • published on April 15, 2003 Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
• CVE-2003-0197 • published on April 8, 2003 Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
• CVE-2003-0203 • published on April 8, 2003 Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.
• CVE-2002-1143 • published on April 3, 2003 Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
• CVE-2003-0132 • published on April 3, 2003 A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
• CVE-2003-0134 • published on April 3, 2003 Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
• CVE-2003-0135 • published on April 3, 2003 vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
• CVE-2002-0367 • published on April 2, 2003 smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
• CVE-1999-1337 • published on April 2, 2003 FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
• CVE-1999-1490 • published on April 2, 2003 xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.
• CVE-1999-1468 • published on April 2, 2003 rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
• CVE-2000-0502 • published on April 2, 2003 Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
• CVE-2000-0590 • published on April 2, 2003 Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.
• CVE-2000-1212 • published on April 2, 2003 Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
• CVE-2000-1211 • published on April 2, 2003 Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
• CVE-2000-1210 • published on April 2, 2003 Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
• CVE-2001-0748 • published on April 2, 2003 Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
• CVE-2001-0724 • published on April 2, 2003 Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
• CVE-2001-0763 • published on April 2, 2003 Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
• CVE-2001-0891 • published on April 2, 2003 Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.