Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-08-27 | CVE-2003-0353 | Buffer Overflow vulnerability in Microsoft Data Access Components ODBC Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | 7.5 |
2003-08-27 | CVE-2003-0346 | Unspecified vulnerability in Microsoft Directx Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. | 7.5 |
2003-08-27 | CVE-2003-0232 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. | 7.2 |
2003-08-27 | CVE-2003-0230 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | 7.2 |
2003-08-27 | CVE-2003-0149 | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.0/2.5/2.5.1 Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. | 7.5 |
2003-08-27 | CVE-2003-0148 | Unspecified vulnerability in Mcafee Epolicy Orchestrator The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. | 7.2 |
2003-08-20 | CVE-2003-1063 | Unspecified vulnerability in SUN Solaris and Sunos The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy. | 7.5 |
2003-08-18 | CVE-2003-0590 | Cross-Site Scripting vulnerability in Splatt Forum Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. network splatt | 7.1 |
2003-08-18 | CVE-2003-0586 | Remote Security vulnerability in Brooky Estore 1.0.2B Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php. | 7.5 |
2003-08-18 | CVE-2003-0585 | SQL-Injection vulnerability in Brooky Estore 1.0.2B SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters. | 7.5 |