Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-11-17 | CVE-2003-0545 | Double Free vulnerability in Openssl 0.9.6/0.9.7 Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. | 9.8 |
| 2003-11-03 | CVE-2003-0899 | Incorrect Calculation of Buffer Size vulnerability in Acme Thttpd 2.21/2.22/2.23 Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. | 9.8 |
| 2003-10-07 | CVE-2003-0791 | Deserialization of Untrusted Data vulnerability in multiple products The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | 9.8 |
| 2003-08-27 | CVE-2003-0625 | Off-by-one Error vulnerability in Hadrons Xfstt Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | 7.5 |
| 2003-08-27 | CVE-2003-0466 | Off-by-one Error vulnerability in multiple products Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | 9.8 |
| 2003-08-18 | CVE-2003-0578 | Link Following vulnerability in IBM U2 Universe 10.0.0.9 cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. | 7.8 |
| 2003-08-18 | CVE-2003-0517 | Link Following vulnerability in Mgetty Project Mgetty 1.1.28 faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | 5.5 |
| 2003-08-18 | CVE-2003-0252 | Off-by-one Error vulnerability in Linux-Nfs Nfs-Utils Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | 9.8 |
| 2003-06-30 | CVE-2003-0411 | Improper Handling of Case Sensitivity vulnerability in Oracle SUN ONE Application Server 7.0 Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | 7.5 |
| 2003-06-09 | CVE-2003-0356 | Off-by-one Error vulnerability in Ethereal 0.8.13/0.9.11/0.9.3 Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. | 9.8 |