Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-09-17 | CVE-2003-0705 | Unspecified vulnerability in Nicolas Boullis Mah-Jong 1.4 Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code. | 7.5 |
| 2003-09-17 | CVE-2003-0704 | Local Privilege Escalation vulnerability in Kismac 0.05D KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh. | 7.2 |
| 2003-09-17 | CVE-2003-0703 | Local Privilege Escalation vulnerability in Kismac 0.05D KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh. | 7.2 |
| 2003-08-27 | CVE-2003-0701 | Unspecified vulnerability in Microsoft IE and Internet Explorer Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344. | 7.5 |
| 2003-08-27 | CVE-2003-0699 | Remote Security vulnerability in Linux Advanced Work Station The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700. | 7.5 |
| 2003-08-27 | CVE-2003-0685 | Unspecified vulnerability in Netris 0.3/0.4/0.5 Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response. | 7.5 |
| 2003-08-27 | CVE-2003-0672 | Unspecified vulnerability in Leon J Breedt Pam-Pgsql 0.5.1/0.5.2 Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message. | 7.5 |
| 2003-08-27 | CVE-2003-0671 | Unspecified vulnerability in Jeremy Elson Tcpflow Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow. | 7.2 |
| 2003-08-27 | CVE-2003-0657 | SQL-Injection vulnerability in Phpgroupware Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | 7.5 |
| 2003-08-27 | CVE-2003-0655 | Local Security vulnerability in Cdrtools 2.0/2.0.3 rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges. | 7.2 |