Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-11-23 | CVE-2003-1195 | SQL-Injection vulnerability in VieBoard SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable. | 7.5 |
| 2003-11-20 | CVE-2003-1059 | Privilege Escalation vulnerability in Sun Solaris PGX32 Libraries Unspecific Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access. | 7.2 |
| 2003-11-17 | CVE-2003-0896 | Unspecified vulnerability in SUN JRE 1.3.0/1.4.1 The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method. | 7.5 |
| 2003-11-17 | CVE-2003-0870 | Out-of-bounds Write vulnerability in Opera Browser 7.11/7.20 Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name. | 7.5 |
| 2003-11-17 | CVE-2003-0865 | Remote File Play Heap Corruption vulnerability in Mpg123 0.59R/0.59S Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. | 7.5 |
| 2003-11-17 | CVE-2003-0863 | Unspecified vulnerability in PHP 4.3.0/4.3.1/4.3.2 The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. | 7.5 |
| 2003-11-17 | CVE-2003-0850 | The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets." | 7.5 |
| 2003-11-17 | CVE-2003-0849 | Remote Security vulnerability in Cfengine Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. | 7.5 |
| 2003-11-17 | CVE-2003-0845 | SQL Injection vulnerability in Jboss 3.0.8/3.2.1 Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | 7.5 |
| 2003-11-17 | CVE-2003-0844 | Link Following vulnerability in Schroepl MOD Gzip mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. | 7.1 |