Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-04-15 | CVE-2004-0148 | wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. | 7.2 |
2004-04-15 | CVE-2003-1039 | Remote Security vulnerability in Mysap Business Suite Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server. | 7.5 |
2004-04-15 | CVE-2003-1037 | Remote Security vulnerability in Internet Transaction Server 4620.2.0.323011 Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level." | 7.5 |
2004-04-15 | CVE-2003-1036 | Remote Security vulnerability in Internet Transaction Server 4620.2.0.323011 Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header. | 7.5 |
2004-04-15 | CVE-2003-1035 | Unspecified vulnerability in SAP R 3 and Sapgui The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. | 7.5 |
2004-04-15 | CVE-2003-1033 | Unspecified vulnerability in SAP DB 7.3.00/7.4 The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program. | 7.2 |
2004-04-15 | CVE-2003-0594 | Unspecified vulnerability in Mozilla Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. | 7.5 |
2004-04-15 | CVE-2003-0593 | Path Traversal vulnerability in Opera Browser Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. | 7.5 |
2004-04-15 | CVE-2003-0592 | Unspecified vulnerability in KDE Konqueror and Konqueror Embedded Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. | 7.5 |
2004-04-15 | CVE-2003-0514 | Unspecified vulnerability in Apple Safari 1.0/1.1 Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. | 7.5 |