Full List

Search

Recent Vulnerabilities

• CVE-2003-0161 • published on April 1, 2003 The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
• CVE-2003-0169 • published on April 1, 2003 hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.
• CVE-2003-0180 • published on March 29, 2003 Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
• CVE-2003-0165 • published on March 29, 2003 Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
• CVE-2003-0172 • published on March 29, 2003 Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
• CVE-2003-0181 • published on March 29, 2003 Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
• CVE-2003-0167 • published on March 29, 2003 Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
• CVE-2003-0141 • published on March 29, 2003 The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
• CVE-2003-0178 • published on March 29, 2003 Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
• CVE-2003-0179 • published on March 29, 2003 Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.
• CVE-2003-0083 • published on March 28, 2003 Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
• CVE-2003-0106 • published on March 27, 2003 The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
• CVE-2003-0166 • published on March 27, 2003 Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
• CVE-2002-0030 • published on March 26, 2003 The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
• CVE-2002-1561 • published on March 26, 2003 The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
• CVE-2003-0072 • published on March 26, 2003 The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
• CVE-2003-0162 • published on March 26, 2003 Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.
• CVE-2003-0153 • published on March 26, 2003 bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
• CVE-2003-0152 • published on March 26, 2003 Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
• CVE-2003-0159 • published on March 26, 2003 Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.