Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-08-27 | CVE-2003-0353 | Buffer Overflow vulnerability in Microsoft Data Access Components ODBC Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | 7.5 |
| 2003-08-27 | CVE-2003-0346 | Unspecified vulnerability in Microsoft Directx Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. | 7.5 |
| 2003-08-27 | CVE-2003-0232 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. | 7.2 |
| 2003-08-27 | CVE-2003-0231 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | 5.0 |
| 2003-08-27 | CVE-2003-0230 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | 7.2 |
| 2003-08-27 | CVE-2003-0187 | Unspecified vulnerability in Linux Kernel 2.4.20 The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. | 5.0 |
| 2003-08-27 | CVE-2003-0149 | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.0/2.5/2.5.1 Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. | 7.5 |
| 2003-08-27 | CVE-2003-0148 | Unspecified vulnerability in Mcafee Epolicy Orchestrator The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. | 7.2 |
| 2003-08-27 | CVE-2002-1566 | Remote Memory Corruption vulnerability in Netris 0.3/0.4/0.5 netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284. | 5.0 |
| 2003-08-20 | CVE-2003-1063 | Unspecified vulnerability in SUN Solaris and Sunos The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy. | 7.5 |