Weekly Vulnerabilities Reports > December 29, 2003 to January 4, 2004

Overview

446 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 120 high severity vulnerabilities. This weekly summary report vulnerabilities in 357 products from 278 vendors including Microsoft, HP, SUN, Linux, and BEA. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Information Exposure", and "Path Traversal".

  • 365 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 71 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 435 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 28 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-31 CVE-2003-1551 Novell Malicious Script vulnerability in Novell GroupWise WebAccess

Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."

10.0
2003-12-31 CVE-2003-1525 MY Photo Gallery Unspecified vulnerability in My Photo Gallery

Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.

10.0
2003-12-31 CVE-2003-1509 Realnetworks Unspecified vulnerability in Realnetworks Realone Enterprise Desktop and Realone Player

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.

10.0
2003-12-31 CVE-2003-1507 Planet Technology Corp Unspecified vulnerability in Planet Technology Corp Wgsd-1020 and Wsw-2401

Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.

10.0
2003-12-31 CVE-2003-1503 AOL Buffer Errors vulnerability in AOL Instant Messenger 5.2.3292

Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.

10.0
2003-12-31 CVE-2003-1496 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Tru64

Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors.

10.0
2003-12-31 CVE-2003-1495 HP Permissions, Privileges, and Access Controls vulnerability in HP products

Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.

10.0
2003-12-31 CVE-2003-1487 Phorum Improper Input Validation vulnerability in Phorum 3.4/3.4.1/3.4.2

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

10.0
2003-12-31 CVE-2003-1432 Epic Games Code Injection vulnerability in Epic Games Unreal Engine and Unreal Tournament 2003

Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.

10.0
2003-12-31 CVE-2003-1425 Cpanel Improper Input Validation vulnerability in Cpanel 5.0

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.

10.0
2003-12-31 CVE-2003-1422 Gentoo Unspecified vulnerability in Gentoo Syslinux 2.0.1

Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.

10.0
2003-12-31 CVE-2003-1361 IBM
Veritas
Remote Code Execution vulnerability in Veritas Bare Metal Restore

Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.

10.0
2003-12-31 CVE-2003-1357 Replicom
Microsoft
Configuration vulnerability in Replicom Proxyview

ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.

10.0
2003-12-31 CVE-2003-1346 D Link Permissions, Privileges, and Access Controls vulnerability in D-Link Dwl-900Ap+ 2.2/2.3/2.5

D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.

10.0
2003-12-31 CVE-2003-1339 Ezmeeting Buffer Errors vulnerability in Ezmeeting 3.3/3.4/3.5

Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.

10.0
2003-12-31 CVE-2003-1333 Intersystems Remote Security vulnerability in Cache Database

Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.

10.0
2003-12-31 CVE-2003-1322 Atrium Software Remote Buffer Overflow vulnerability in Atrium Software Mercur Mailserver IMAP

Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.

10.0
2003-12-31 CVE-2003-1309 Zonelabs Local Device Driver IO Control Code Execution vulnerability in Zonelabs Zonealarm 3.7.202/3.7.211

The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").

10.0
2003-12-31 CVE-2003-1245 Mambo index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
10.0
2003-12-31 CVE-2003-1236 Tanne Unspecified vulnerability in Tanne 0.6.17

Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.

10.0
2003-12-31 CVE-2003-1121 Scriptlogic Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
10.0
2003-12-31 CVE-2003-1104 IBM Buffer Overflow vulnerability in IBM Tivoli Firewall Toolbox 1.2

Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2003-12-31 CVE-2003-1096 Cisco Unspecified vulnerability in Cisco Leap

The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.

10.0
2003-12-31 CVE-2003-1083 Tildeslash Buffer Overrun vulnerability in Monit Overly Long HTTP Request

Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.

10.0
2003-12-31 CVE-2003-0959 Linux Denial-Of-Service vulnerability in Linux Kernal

Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.

10.0
2003-12-31 CVE-2003-1564 Xmlsoft Numeric Errors vulnerability in Xmlsoft Libxml2

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

9.3
2003-12-31 CVE-2003-1398 Cisco Information Exposure vulnerability in Cisco IOS

Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).

9.3
2003-12-31 CVE-2003-1388 Linux
Microsoft
Unix
Opera Software
Buffer Errors vulnerability in Opera Software Opera 7.02Build2668

Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.

9.3
2003-12-31 CVE-2003-1336 Mirc Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mirc

Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.

9.3
2003-12-31 CVE-2003-1327 Linux
Washington University
Remote Stack-based Buffer Overrun vulnerability in Wu-Ftpd SockPrintf()

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.

9.3
2003-12-31 CVE-2003-1272 Nullsoft Buffer Overflow vulnerability in Nullsoft Winamp 3.0

Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.

9.3
2003-12-31 CVE-2003-1470 ALT N Buffer Errors vulnerability in Alt-N Mdaemon 6.7.5

Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.

9.0
2003-12-31 CVE-2003-1395 Kazaa Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Kazaa Media Desktop 2.0/2.0.2

Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.

9.0

120 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-31 CVE-2003-1378 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook and Outlook Express

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.

8.8
2003-12-31 CVE-2003-1393 Gupta Technologies Buffer Errors vulnerability in Gupta Technologies Sqlbase 8.1.0

Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.

8.5
2003-12-31 CVE-2003-1364 Aprelium Technologies Improper Input Validation vulnerability in Aprelium Technologies Abyss web Server 1.1.2

Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.

8.5
2003-12-31 CVE-2003-1377 Sircd Buffer Errors vulnerability in Sircd 0.4.0/0.4.4

Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.

8.3
2003-12-31 CVE-2003-1518 Adiscon Buffer Errors vulnerability in Adiscon Winsyslog 4.21Sp1/5.0Beta

Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.

7.8
2003-12-31 CVE-2003-1515 Origo Permissions, Privileges, and Access Controls vulnerability in Origo Asr-8100 and Asr-8400

Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.

7.8
2003-12-31 CVE-2003-1514 Emule Buffer Errors vulnerability in Emule 0.29C

eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow.

7.8
2003-12-31 CVE-2003-1510 RIT Research Labs Remote Denial of Service vulnerability in RIT Research Labs Tinyweb 1.9

TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.

7.8
2003-12-31 CVE-2003-1490 Sonicwall Improper Input Validation vulnerability in Sonicwall Pro100, Pro200 and Pro300

SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.

7.8
2003-12-31 CVE-2003-1477 Microsoft
Clearswift
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clearswift Mailsweeper FOR Smtp 4.3.6/4.3.7

MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."

7.8
2003-12-31 CVE-2003-1464 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens M45 and S45

Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.

7.8
2003-12-31 CVE-2003-1448 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000

Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.

7.8
2003-12-31 CVE-2003-1367 Great Circle Associates Configuration vulnerability in Great Circle Associates Majordomo 1.94.4/1.94.5

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.

7.8
2003-12-31 CVE-2003-1362 HP Configuration vulnerability in HP Bastille B.02.00.05

Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.

7.8
2003-12-31 CVE-2003-1329 Washington University Denial-Of-Service vulnerability in Washington University Wu-Ftpd 2.6.2

ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.

7.8
2003-12-31 CVE-2003-1318 Twilight Utilities Remote Denial Of Service vulnerability in Twilight Webserver

Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.

7.8
2003-12-31 CVE-2003-1562 Openbsd Race Condition vulnerability in Openbsd Openssh

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

7.6
2003-12-31 CVE-2003-1557 Spamassassin Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Spamassassin

Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.

7.6
2003-12-31 CVE-2003-1319 Smartftp Buffer Overflow vulnerability in SmartFTP PWD Command Request

Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.

7.6
2003-12-31 CVE-2003-1260 Globalscape Buffer Overflow vulnerability in Globalscape Cuteftp 5.0

Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.

7.6
2004-01-03 CVE-2004-1785 Invision Power Services SQL Injection vulnerability in Invision Power Board Calendar.PHP

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.

7.5
2004-01-03 CVE-2004-1784 Webcam Corp Buffer Overflow vulnerability in Webcam Corp Webcam Watchdog 1.0/1.1/3.63

Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.

7.5
2003-12-31 CVE-2003-1533 Phppass SQL Injection vulnerability in PHPpass 2

SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.

7.5
2003-12-31 CVE-2003-1532 Julien Desaunay SQL Injection vulnerability in Julien Desaunay PHPmyshop 1.00

SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.

7.5
2003-12-31 CVE-2003-1530 Phpbb SQL Injection vulnerability in PHPbb 2.0.3

SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.

7.5
2003-12-31 CVE-2003-1523 Dbmail SQL Injection vulnerability in Dbmail 1.0/1.1

SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.

7.5
2003-12-31 CVE-2003-1504 Goldscripts SQL Injection vulnerability in Goldscripts Goldlink 3.0

SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.

7.5
2003-12-31 CVE-2003-1491 Kerio Code Injection vulnerability in Kerio Personal Firewall 2.1.4

Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.

7.5
2003-12-31 CVE-2003-1466 Phorum Unspecified vulnerability in Phorum 3.4/3.4.1/3.4.2

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.

7.5
2003-12-31 CVE-2003-1458 Ttcms SQL Injection vulnerability in Ttcms and Ttforum

SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.

7.5
2003-12-31 CVE-2003-1449 Aladdin Knowledge Systems Configuration vulnerability in Aladdin Knowledge Systems Esafe Gateway 3.5.126.0

Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection.

7.5
2003-12-31 CVE-2003-1442 Ericsson Improper Authentication vulnerability in Ericsson Hm220Dp Adsl Modem

The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.

7.5
2003-12-31 CVE-2003-1435 Francisco Burzi SQL Injection vulnerability in Francisco Burzi PHP-Nuke 5.6/6.0

SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.

7.5
2003-12-31 CVE-2003-1429 Proxomitron Buffer Errors vulnerability in Proxomitron Naoko 4.4

Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request.

7.5
2003-12-31 CVE-2003-1406 Adalis Infomatique Code Injection vulnerability in Adalis Infomatique D Forum 1.0/1.10/1.11

PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.

7.5
2003-12-31 CVE-2003-1405 Dotbr Improper Input Validation vulnerability in Dotbr Botbr 0.1

DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.

7.5
2003-12-31 CVE-2003-1404 Dotbr Information Exposure vulnerability in Dotbr Botbr 0.1

DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.

7.5
2003-12-31 CVE-2003-1403 Dotbr Improper Input Validation vulnerability in Dotbr Botbr 0.1

foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.

7.5
2003-12-31 CVE-2003-1402 Kietu Improper Input Validation vulnerability in Kietu 2.0/2.3

PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.

7.5
2003-12-31 CVE-2003-1391 Research Triangle Software Cryptographic Issues vulnerability in Research Triangle Software Cryptobuddy 1.0/1.2

RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.

7.5
2003-12-31 CVE-2003-1390 Research Triangle Software Cryptographic Issues vulnerability in Research Triangle Software Cryptobuddy 1.0/1.2

RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.

7.5
2003-12-31 CVE-2003-1389 Research Triangle Software Cryptographic Issues vulnerability in Research Triangle Software Cryptobuddy 1.0/1.2

RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.

7.5
2003-12-31 CVE-2003-1387 Opera Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Software Opera web Browser

Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.

7.5
2003-12-31 CVE-2003-1383 Logicworks Permissions, Privileges, and Access Controls vulnerability in Logicworks web ERP

WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.

7.5
2003-12-31 CVE-2003-1382 Instantservers INC Buffer Errors vulnerability in Instantservers Inc. Ismail 1.4.3

Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.

7.5
2003-12-31 CVE-2003-1380 Bisonftp Path Traversal vulnerability in Bisonftp Server 4 R2

Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.

7.5
2003-12-31 CVE-2003-1355 Electronic Arts Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Electronic Arts Battlefield 1942 1.2/1.3

Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password.

7.5
2003-12-31 CVE-2003-1343 Trend Micro Improper Authentication vulnerability in Trend Micro Scanmail

Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".

7.5
2003-12-31 CVE-2003-1341 Trend Micro Configuration vulnerability in Trend Micro Officescan and Virus Buster

The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.

7.5
2003-12-31 CVE-2003-1337 Aprelium Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Aprelium Technologies Abyss web Server

Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

7.5
2003-12-31 CVE-2003-1332 Linux
Samba
Remote Security vulnerability in Samba

Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.

7.5
2003-12-31 CVE-2003-1321 Avant Force Buffer Overflow vulnerability in Avant Force Avant Browser 8.2

Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.

7.5
2003-12-31 CVE-2003-1315 Neocrome SQL Injection vulnerability in Neocrome Land Down Under 701

SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.

7.5
2003-12-31 CVE-2003-1314 Eternalmart Remote File Include vulnerability in Eternalmart Guestbook 1.1

PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.

7.5
2003-12-31 CVE-2003-1313 Eternalmart Remote File Include vulnerability in Eternalmart Mailing List Manager 1.32

Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php.

7.5
2003-12-31 CVE-2003-1286 Sambar Open Proxy Authentication Bypass vulnerability in Sambar

HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.

7.5
2003-12-31 CVE-2003-1283 Kazaa Local Zone vulnerability in Kazaa Media Desktop 2.0

KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code.

7.5
2003-12-31 CVE-2003-1268 Urlogy SQL Injection vulnerability in Urlogy A.Shop.Kart 2.0.3

Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.

7.5
2003-12-31 CVE-2003-1259 Globalscape Buffer Overflow vulnerability in GlobalScape CuteFTP Long FTP Banner

Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.

7.5
2003-12-31 CVE-2003-1258 Versatilebulletinboard Remote Security vulnerability in Versatilebulletinboard 0.9.5/0.9.6

activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid.

7.5
2003-12-31 CVE-2003-1253 Sangwan KIM Code Injection vulnerability in Sangwan KIM Bookmark4U 1.8.3

PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.

7.5
2003-12-31 CVE-2003-1252 Kelli Shaver Remote Command Execution vulnerability in Kelli Shaver S8Forum 3.0

register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.

7.5
2003-12-31 CVE-2003-1251 NX Remote File Include vulnerability in NX N X web Content Management System 2002 Prerelease1

The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.

7.5
2003-12-31 CVE-2003-1249 Businessobjects Unspecified vulnerability in Businessobjects Webintelligence 2.7.1

WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.

7.5
2003-12-31 CVE-2003-1248 Positive Software Unspecified vulnerability in Positive Software H-Sphere 2.3Rc3

H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.

7.5
2003-12-31 CVE-2003-1247 Positive Software Remote Buffer Overrun vulnerability in Positive Software H-Sphere 2.3Rc3

Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.

7.5
2003-12-31 CVE-2003-1244 Phpbb Group SQL Injection vulnerability in PHPbb Group PHPbb 2.0.0/2.0.1/2.0.2

SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.

7.5
2003-12-31 CVE-2003-1240 Cutephp Code Injection vulnerability in Cutephp Cutenews 0.88

PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.

7.5
2003-12-31 CVE-2003-1229 SUN X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
7.5
2003-12-31 CVE-2003-1228 Mathopd Classic Buffer Overflow vulnerability in Mathopd

Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path.

7.5
2003-12-31 CVE-2003-1227 Gallery Project Code Injection vulnerability in Gallery Project Gallery 1.4/1.4Pl1

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.

7.5
2003-12-31 CVE-2003-1213 Maxwebportal Unspecified vulnerability in Maxwebportal 1.30

The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.

7.5
2003-12-31 CVE-2003-1212 Maxwebportal MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
7.5
2003-12-31 CVE-2003-1210 Francisco Burzi Downloads Module SQL Injection vulnerability in PHP-Nuke

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

7.5
2003-12-31 CVE-2003-1180 Advanced Poll Unspecified vulnerability in Advanced Poll Advanced Poll 2.0.0/2.0.1/2.0.2

Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via ..

7.5
2003-12-31 CVE-2003-1179 Advanced Poll Remote File Include vulnerability in Advanced Poll Common.Inc.PHP

Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.

7.5
2003-12-31 CVE-2003-1178 Advanced Poll Unspecified vulnerability in Advanced Poll Advanced Poll 2.0.0/2.0.1/2.0.2

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.

7.5
2003-12-31 CVE-2003-1177 Atrium Software Remote Buffer Overflow vulnerability in Atrium Software Mercur Mailserver IMAP AUTH

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.

7.5
2003-12-31 CVE-2003-1171 MOD Security Unspecified vulnerability in MOD Security MOD Security 1.7/1.7.1

Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.

7.5
2003-12-31 CVE-2003-1154 Clearswift Unspecified vulnerability in Clearswift Mailsweeper

MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.

7.5
2003-12-31 CVE-2003-1131 Activecampaign Remote File Include vulnerability in KnowledgeBuilder

PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code.

7.5
2003-12-31 CVE-2003-1128 X2 Studios Remote Command Execution vulnerability in X2 Studios Xmms Remote 0.1

XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086.

7.5
2003-12-31 CVE-2003-1123 SUN Unspecified vulnerability in SUN JDK and JRE

Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.

7.5
2003-12-31 CVE-2003-1118 University OF California Remote Buffer Overflow vulnerability in SETI@home Client Program

Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.

7.5
2003-12-31 CVE-2003-1117 Realnetworks Denial-Of-Service vulnerability in Realsystem Server

Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5
2003-12-31 CVE-2003-1115 Nortel Unspecified vulnerability in Nortel Succession Communication Server 2000

The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

7.5
2003-12-31 CVE-2003-1114 Mediatrix Telecom Unspecified vulnerability in Mediatrix Telecom Voip Access Devices and Gateways Sipv2.3/Sipv2.4

The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

7.5
2003-12-31 CVE-2003-1113 Iptel Unspecified vulnerability in Iptel SIP Express Router 0.8.8/0.8.9

The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

7.5
2003-12-31 CVE-2003-1112 Ingate Unspecified vulnerability in Ingate Firewall and Ingate Siparator

The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

7.5
2003-12-31 CVE-2003-1111 Dynamicsoft Unspecified vulnerability in Dynamicsoft Appengine

The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

7.5
2003-12-31 CVE-2003-1110 Columbia University Unspecified vulnerability in Columbia University Sipc 1.74

The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

7.5
2003-12-31 CVE-2003-1109 Cisco Unspecified vulnerability in Cisco products

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

7.5
2003-12-31 CVE-2003-1103 Hummingbird SQL Injection vulnerability in Hummingbird Cyberdocs 3.1/3.5.1

SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.

7.5
2003-12-31 CVE-2003-1092 Christos Zoulas Local Memory Allocation vulnerability in File Utility

Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.

7.5
2003-12-31 CVE-2003-1091 Apple Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.
7.5
2003-12-31 CVE-2003-0363 Licq Remote Security vulnerability in Licq 1.0.3/1.2.6

Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers.

7.5
2003-12-31 CVE-2003-0317 Iisprotect Security Bypass vulnerability in Iisprotect 2.1/2.2

iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters.

7.5
2003-12-31 CVE-2003-0249 PHP Unspecified vulnerability in PHP 4.4.6

** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive.

7.5
2003-12-29 CVE-2003-1200 ALT N Buffer Overflow vulnerability in Alt-N MDaemon/WorldClient Form2Raw Raw Message Handler

Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.

7.5
2003-12-31 CVE-2003-1528 Fujitsu Link Following vulnerability in Fujitsu Siemens Networker 6.0

nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.

7.2
2003-12-31 CVE-2003-1474 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd Slashem-Tty 0.0.6E.4F.8

slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.

7.2
2003-12-31 CVE-2003-1461 HP Buffer Errors vulnerability in HP Hp-Ux 11.00

Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument.

7.2
2003-12-31 CVE-2003-1455 Poptop Buffer Errors vulnerability in Poptop Pptp Server 1.1.4B1/1.1.4B2/1.1.4B3

Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.

7.2
2003-12-31 CVE-2003-1407 Microsoft Buffer Errors vulnerability in Microsoft Windows NT 4.0

Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.

7.2
2003-12-31 CVE-2003-1375 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Hp-Ux

Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.

7.2
2003-12-31 CVE-2003-1360 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Hp-Ux

Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.

7.2
2003-12-31 CVE-2003-1359 HP
Avaya
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.

7.2
2003-12-31 CVE-2003-1358 HP Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.

7.2
2003-12-31 CVE-2003-1356 HP Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux

The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.

7.2
2003-12-31 CVE-2003-1291 Vmware Local Security vulnerability in VMWare ESX 1.5.2

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.

7.2
2003-12-31 CVE-2003-1170 Gernot Stocker Local Arguments Format String vulnerability in Gernot Stocker Kpopup 0.9.1/0.9.5Pre2

Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.

7.2
2003-12-31 CVE-2003-1167 Gernot Stocker Unspecified vulnerability in Gernot Stocker Kpopup 0.9.1/0.9.5Pre2

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

7.2
2003-12-31 CVE-2003-1161 Linux Unspecified vulnerability in Linux Kernel 2.6Test9Cvs

exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.

7.2
2003-12-31 CVE-2003-1098 HP Privilege Escalation vulnerability in HP Hp-Ux 11.22

The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.

7.2
2003-12-31 CVE-2003-1097 HP Remote Username Flag Local Buffer Overrun vulnerability in HP-UX RExec

Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option.

7.2
2003-12-31 CVE-2003-1094 BEA Unspecified vulnerability in BEA Weblogic Server 7.0

BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.

7.2
2003-12-31 CVE-2003-1082 SUN Local Buffer Overflow vulnerability in Sun Solaris UTMP_Update

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

7.2
2003-12-31 CVE-2003-1076 SUN Privilege Escalation vulnerability in Sun Sendmail Forward File

Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.

7.2
2003-12-31 CVE-2003-0954 IBM Local Buffer Overrun vulnerability in IBM AIX 4.3.3/5.1/5.2

Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.

7.2
2003-12-31 CVE-2003-1431 Epic Games Buffer Errors vulnerability in Epic Games Unreal Engine 226F/433/436

Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.

7.1

257 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-31 CVE-2003-1552 Graeme Permissions, Privileges, and Access Controls vulnerability in Graeme Uploader 1.1

Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.

6.8
2003-12-31 CVE-2003-1544 Microsoft Denial Of Service vulnerability in Microsoft Windows MSGINA.DLL Read-Lock

Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.

6.8
2003-12-31 CVE-2003-1520 Fuzzymonkey SQL Injection vulnerability in Fuzzymonkey Myclassifieds 2.11

SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.

6.8
2003-12-31 CVE-2003-1516 SUN Cross-Site Applet Sandbox Security Model Violation vulnerability in SUN Java Plug-In 1.4.201

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.

6.8
2003-12-31 CVE-2003-1500 Cpcommerce Code Injection vulnerability in Cpcommerce 0.5F

PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.

6.8
2003-12-31 CVE-2003-1475 Netbus Improper Authentication vulnerability in Netbus 1.5/1.6/1.7

Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.

6.8
2003-12-31 CVE-2003-1459 Ttcms Code Injection vulnerability in Ttcms and Ttforum

Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.

6.8
2003-12-31 CVE-2003-1436 Crossnuke Code Injection vulnerability in Crossnuke Nukebrowser

PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.

6.8
2003-12-31 CVE-2003-1434 Pete Werner Improper Authentication vulnerability in Pete Werner Login Ldap 3.1/3.2

login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.

6.8
2003-12-31 CVE-2003-1424 Petitforum Credentials Management vulnerability in Petitforum

message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.

6.8
2003-12-31 CVE-2003-1415 Visual Mining Buffer Errors vulnerability in Visual Mining Netcharts Xbrl Server 4.0.0

NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification.

6.8
2003-12-31 CVE-2003-1412 Gonicus Code Injection vulnerability in Gonicus System Administration 1.0

PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.

6.8
2003-12-31 CVE-2003-1411 Isoca Code Injection vulnerability in Isoca Cedric Email Reader 0.4

PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.

6.8
2003-12-31 CVE-2003-1410 Isoca Code Injection vulnerability in Isoca Cedric Email Reader 0.2/0.3

PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.

6.8
2003-12-31 CVE-2003-1385 Invision Power Services Code Injection vulnerability in Invision Power Services Invision Power Board 1.1.1

ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.

6.8
2003-12-31 CVE-2003-1381 Amxmod NET USE of Externally-Controlled Format String vulnerability in Amxmod.Net AMX MOD 0.9.2

Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.

6.8
2003-12-31 CVE-2003-1373 Phpbb Group Path Traversal vulnerability in PHPbb Group PHPbb

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via ..

6.8
2003-12-31 CVE-2003-1369 Save IT Software PTY Buffer Errors vulnerability in Save IT Software PTY Bytecatcherftp 1.04B

Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.

6.8
2003-12-31 CVE-2003-1323 ELM Development Group Remote Security vulnerability in ELM Development Group ELM 2.4

Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.

6.8
2003-12-31 CVE-2003-1317 Endonesia Cross-Site Scripting vulnerability in eNdonesia Mod Parameter

Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter.

6.8
2003-12-31 CVE-2003-1311 Netegrity Remote Security vulnerability in Netegrity SiteMinder

siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.

6.8
2003-12-31 CVE-2003-1256 E Theni Remote Include Command Execution vulnerability in E-theni

aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.

6.8
2003-12-31 CVE-2003-1211 Maxwebportal Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
6.8
2003-12-31 CVE-2003-1204 Mambo Cross-Site Scripting vulnerability in Mambo Site Server

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.

6.8
2003-12-31 CVE-2003-1175 Synthetic Reality Cross-Site Scripting vulnerability in Synthetic Reality Sympoll 1.5

Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.

6.8
2003-12-31 CVE-2003-1392 Research Triangle Software
Microsoft
Cryptographic Issues vulnerability in multiple products

CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.

6.6
2003-12-31 CVE-2003-1340 Phpnuke SQL Injection vulnerability in PHPnuke PHP-Nuke 5.6/6.5

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.

6.5
2003-12-31 CVE-2003-1538 Suse Improper Input Validation vulnerability in Suse products

susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.

6.4
2003-12-31 CVE-2003-1521 SUN Unspecified vulnerability in SUN Java Plug-In

Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.

6.4
2003-12-31 CVE-2003-1501 Gast Arbeiter Path Traversal vulnerability in Gast Arbeiter Gast Arbeiter 1.3

Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a ..

6.4
2003-12-31 CVE-2003-1488 Truelogik Improper Input Validation vulnerability in Truelogik Truegalerie 1.0

The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.

6.4
2003-12-31 CVE-2003-1483 Flashfxp Cryptographic Issues vulnerability in Flashfxp 1.4

FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.

6.4
2003-12-31 CVE-2003-1451 Symantec Buffer Errors vulnerability in Symantec Norton Antivirus 2002

Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.

6.4
2003-12-31 CVE-2003-1427 Netgear Path Traversal vulnerability in Netgear Fm114P 1.4Betarelease17

Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.

6.4
2003-12-31 CVE-2003-1386 Axis Permissions, Privileges, and Access Controls vulnerability in Axis 2400 Video Server and 2401 Video Server

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.

6.4
2003-12-31 CVE-2003-1368 Electrasoft Buffer Errors vulnerability in Electrasoft FTP Client 9.49.01

Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.

6.4
2003-12-31 CVE-2003-1363 Aprelium Technologies Unspecified vulnerability in Aprelium Technologies Abyss web Server

The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.

6.4
2003-12-31 CVE-2003-1262 Http Fetcher Buffer Overflow vulnerability in Http Fetcher Http Fetcher Library 1.0.0/1.0.1

Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value.

6.4
2003-12-31 CVE-2003-1255 Active PHP Bookmarks Unspecified vulnerability in Active PHP Bookmarks Active PHP Bookmarks 1.1.01

add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter.

6.4
2003-12-31 CVE-2003-1230 Freebsd The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
6.4
2003-12-31 CVE-2003-1176 BDC Enterprises Unspecified vulnerability in BDC Enterprises web WIZ Forums 6.34/7.01/7.5

post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.

6.4
2003-12-31 CVE-2003-0885 Xscreensaver Remote Security vulnerability in Xscreensaver 4.14

Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.

6.4
2003-12-31 CVE-2003-1524 Pgpi Permissions, Privileges, and Access Controls vulnerability in Pgpi Pgpdisk 6.0.2I

PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.

6.3
2003-12-31 CVE-2003-1497 Linksys Buffer Errors vulnerability in Linksys Befsx41 1.43.3

Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.

6.3
2003-12-31 CVE-2003-1471 ALT N Improper Input Validation vulnerability in Alt-N Mdaemon

MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.

6.3
2003-12-31 CVE-2003-1481 Stalker Information Exposure vulnerability in Stalker Communigate PRO

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.

5.8
2003-12-31 CVE-2003-1401 PHP Board Credentials Management vulnerability in PHP Board PHP Board 1.0

login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.

5.8
2003-12-31 CVE-2003-1238 Nuked Klan Cross-Site Scripting vulnerability in Nuked-Klan

Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.

5.8
2003-12-31 CVE-2003-1325 Valve Software Denial-Of-Service vulnerability in Half-Life Cstrike Dedicated Server

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.

5.2
2003-12-31 CVE-2003-1320 Sonicwall Resource Management Errors vulnerability in Sonicwall Firmware

SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.

5.1
2003-12-31 CVE-2003-1232 GNU Local Variable Arbitrary Command Execution vulnerability in GNU Emacs 21.2.1

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.

5.1
2003-12-31 CVE-2003-1107 Microsoft Security Bypass vulnerability in Windows Media Player

The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.

5.1
2004-01-04 CVE-2004-1786 Iatek Remote User Database Access vulnerability in ASPApp PortalAPP

PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb.

5.0
2003-12-31 CVE-2003-1560 Netscape Information Exposure vulnerability in Netscape Navigator 4

Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

5.0
2003-12-31 CVE-2003-1559 Microsoft Information Exposure vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

5.0
2003-12-31 CVE-2003-1558 Fefe Buffer Errors vulnerability in Fefe Fnord 1.6

Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.

5.0
2003-12-31 CVE-2003-1555 Scoznet Information Exposure vulnerability in Scoznet Scozbook 1.1Beta

ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.

5.0
2003-12-31 CVE-2003-1550 Xoops Information Exposure vulnerability in Xoops

XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.

5.0
2003-12-31 CVE-2003-1548 Myabracadaweb Information Exposure vulnerability in Myabracadaweb

MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message.

5.0
2003-12-31 CVE-2003-1545 Nukestyles
Phpnuke
Path Traversal vulnerability in multiple products

Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter.

5.0
2003-12-31 CVE-2003-1542 Ondrej Jombik Path Traversal vulnerability in Ondrej Jombik PHPwebfilemanager

Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a ..

5.0
2003-12-31 CVE-2003-1541 Planetmoon Permissions, Privileges, and Access Controls vulnerability in Planetmoon Guestbook Tr3.A.1

PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.

5.0
2003-12-31 CVE-2003-1540 Wfchat Information Exposure vulnerability in Wfchat 1.0

WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.

5.0
2003-12-31 CVE-2003-1537 Postnuke Software Foundation Path Traversal vulnerability in Postnuke Software Foundation Postnuke

Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.

5.0
2003-12-31 CVE-2003-1535 Justice Media Information Exposure vulnerability in Justice Media Guestbook 1.3

Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message.

5.0
2003-12-31 CVE-2003-1529 Seagull Software Systems Path Traversal vulnerability in Seagull Software Systems J Walk Application Server 3.2C9

Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.

5.0
2003-12-31 CVE-2003-1526 Francisco Burzi Information Exposure vulnerability in Francisco Burzi PHP-Nuke 7.0

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.

5.0
2003-12-31 CVE-2003-1517 Dansie Information Exposure vulnerability in Dansie Shopping Cart

cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.

5.0
2003-12-31 CVE-2003-1512 Khaled Mardam BEY Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Khaled Mardam-Bey Mirc 6.1/6.11

Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.

5.0
2003-12-31 CVE-2003-1499 Bytehoard Path Traversal vulnerability in Bytehoard 0.7

Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a ..

5.0
2003-12-31 CVE-2003-1494 HP Resource Management Errors vulnerability in HP Openview Network Node Manager 6.2/6.4

Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet.

5.0
2003-12-31 CVE-2003-1493 HP Denial Of Service vulnerability in HP OpenView Network Node Manager

Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.

5.0
2003-12-31 CVE-2003-1492 Mozilla
Netscape
Link Following vulnerability in multiple products

Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra .

5.0
2003-12-31 CVE-2003-1489 Truegalerie Improper Authentication vulnerability in Truegalerie 1.0

upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.

5.0
2003-12-31 CVE-2003-1486 Phorum Information Exposure vulnerability in Phorum 3.4/3.4.1/3.4.2

Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.

5.0
2003-12-31 CVE-2003-1485 Clearswift Improper Input Validation vulnerability in Clearswift Mailsweeper

Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."

5.0
2003-12-31 CVE-2003-1472 Microsoft
3D FTP
Buffer Errors vulnerability in 3D-Ftp 4.0

Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.

5.0
2003-12-31 CVE-2003-1469 Microsoft
Macromedia
Information Exposure vulnerability in Macromedia Coldfusion and Coldfusion Professional

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.

5.0
2003-12-31 CVE-2003-1465 Phorum Path Traversal vulnerability in Phorum 3.4/3.4.1/3.4.2

Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.

5.0
2003-12-31 CVE-2003-1462 MOD Survey Denial of Service vulnerability in Mod_Survey SYSBASE Disk Resource Consumption

mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash).

5.0
2003-12-31 CVE-2003-1456 Linux
Microsoft
Unix
Mike Bobbitt
Improper Input Validation vulnerability in Mike Bobbitt Album.Pl

Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.

5.0
2003-12-31 CVE-2003-1454 Linux
Microsoft
Unix
Invision Power Services
Unspecified vulnerability in Invision Power Services Invision Board 1.0/1.0.1/1.1.1

Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.

5.0
2003-12-31 CVE-2003-1450 Bitchx Improper Input Validation vulnerability in Bitchx

BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.

5.0
2003-12-31 CVE-2003-1430 Linux
Microsoft
Epic Games
Path Traversal vulnerability in Epic Games Unreal Engine 226F/433/436

Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.

5.0
2003-12-31 CVE-2003-1423 Linux
Microsoft
Unix
Petitforum
Permissions, Privileges, and Access Controls vulnerability in Petitforum

Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.

5.0
2003-12-31 CVE-2003-1409 EJ3 Information Exposure vulnerability in EJ3 Topo 1.43

TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.

5.0
2003-12-31 CVE-2003-1408 Lotus Information Exposure vulnerability in Lotus Domino Server 5.0/6.0

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.

5.0
2003-12-31 CVE-2003-1394 Coffeecup Software Credentials Management vulnerability in Coffeecup Software Coffeecup Password Wizard

CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.

5.0
2003-12-31 CVE-2003-1379 Point Clark Networks Information Exposure vulnerability in Point Clark Networks Clarkconnect 1.2

clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.

5.0
2003-12-31 CVE-2003-1365 Perl Improper Input Validation vulnerability in Perl CGI Lite 2.0

The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.

5.0
2003-12-31 CVE-2003-1354 Gamespy3D Buffer Errors vulnerability in Gamespy3D Gamespy 3D 2.62

Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.

5.0
2003-12-31 CVE-2003-1352 Gabber Configuration vulnerability in Gabber 0.8.7

Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing.

5.0
2003-12-31 CVE-2003-1351 Greg Billock Path Traversal vulnerability in Greg Billock Edittag 1.1

Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.

5.0
2003-12-31 CVE-2003-1349 Thomas Krebs Path Traversal vulnerability in Thomas Krebs Niteserver Ftpd 1.83

Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.

5.0
2003-12-31 CVE-2003-1345 Follett Software Path Traversal vulnerability in Follett Software Webcollection Plus 5.00

Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.

5.0
2003-12-31 CVE-2003-1344 Trend Micro Cryptographic Issues vulnerability in Trend Micro Virus Control System

Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files.

5.0
2003-12-31 CVE-2003-1342 Trend Micro Resource Management Errors vulnerability in Trend Micro Virus Control System 1.8

Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe.

5.0
2003-12-31 CVE-2003-1335 KAI Blankenhorn Bitfolge Path Traversal vulnerability in KAI Blankenhorn Bitfolge Simple and Nice Index File

Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.

5.0
2003-12-31 CVE-2003-1330 Microsoft
Clearswift Limited
Unspecified vulnerability in Clearswift Limited Mailsweeper 4.3.6Sp1

Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.

5.0
2003-12-31 CVE-2003-1316 Endonesia Path Disclosure vulnerability in eNdonesia Mod Parameter

mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message.

5.0
2003-12-31 CVE-2003-1305 Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page.
5.0
2003-12-31 CVE-2003-1304 Early Impact Unspecified vulnerability in Early Impact Productcart

EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.

5.0
2003-12-31 CVE-2003-1303 PHP Denial-Of-Service vulnerability in PHP 4.3.0/4.3.1/4.3.2

Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.

5.0
2003-12-31 CVE-2003-1302 PHP Denial-Of-Service vulnerability in PHP

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.

5.0
2003-12-31 CVE-2003-1301 SUN Denial Of Service vulnerability in Sun Java Runtime Environment Nested Array Objects

Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.

5.0
2003-12-31 CVE-2003-1300 Pablo Software Solutions Unspecified vulnerability in Pablo Software Solutions Baby FTP Server 1.2

Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation.

5.0
2003-12-31 CVE-2003-1298 Anyportal PHP Directory Traversal vulnerability in Anyportal PHP Anyportal PHP 0.1

Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).

5.0
2003-12-31 CVE-2003-1297 EFS Software Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.
5.0
2003-12-31 CVE-2003-1296 EFS Software Denial-Of-Service vulnerability in Easy File Sharing Web Server

Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data in the Your Message field, possibly a long argument.

5.0
2003-12-31 CVE-2003-1292 Ashwebstudio Remote File Include vulnerability in Ashwebstudio Ashnews 0.83

PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.

5.0
2003-12-31 CVE-2003-1290 BEA Remote Information Disclosure vulnerability in BEA WebLogic Server and WebLogic Express MBean

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).

5.0
2003-12-31 CVE-2003-1288 Vserver Denial-Of-Service vulnerability in Vserver Linux-Vserver 1.22

Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.

5.0
2003-12-31 CVE-2003-1284 Sambar Information Disclosure vulnerability in Sambar Server

Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe.

5.0
2003-12-31 CVE-2003-1282 IBM Information Disclosure vulnerability in IBM Net.Data

IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.

5.0
2003-12-31 CVE-2003-1280 Eekim File Corruption vulnerability in Eekim Cgihtml 1.69

Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a ..

5.0
2003-12-31 CVE-2003-1275 Microsoft Denial Of Service vulnerability in Microsoft Pocket IE 3.0

Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.

5.0
2003-12-31 CVE-2003-1274 Nullsoft Denial-Of-Service vulnerability in Nullsoft Winamp 3.0

Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.

5.0
2003-12-31 CVE-2003-1270 AN Denial-Of-Service vulnerability in AN An-Http 1.41E

AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability.

5.0
2003-12-31 CVE-2003-1269 AN Buffer Overflow vulnerability in AN An-Http 1.41E

AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message.

5.0
2003-12-31 CVE-2003-1267 Steve Poulsen Denial-Of-Service vulnerability in Steve Poulsen Guildftpd 0.999

GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1.

5.0
2003-12-31 CVE-2003-1266 Etype Remote Denial Of Service vulnerability in EType EServ FTP

The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.

5.0
2003-12-31 CVE-2003-1264 D Link
Longshine Technologie
Information Disclosure vulnerability in Longshine Wireless Access Point Devices

TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.

5.0
2003-12-31 CVE-2003-1263 Brown Bear Software Denial Of Service vulnerability in Brown Bear Software Ical 3.7

ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name.

5.0
2003-12-31 CVE-2003-1257 E Theni Remote Security vulnerability in E-theni

find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo.

5.0
2003-12-31 CVE-2003-1254 Active PHP Bookmarks File Include vulnerability in Active PHP Bookmarks

Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code.

5.0
2003-12-31 CVE-2003-1250 Efficient Networks Denial Of Service vulnerability in Efficient Networks 5861 DSL Router 5.3.80Firmware

Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap.

5.0
2003-12-31 CVE-2003-1242 Sage Path Disclosure vulnerability in Sage Content Management System

Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.

5.0
2003-12-31 CVE-2003-1239 Wihphoto Unspecified vulnerability in Wihphoto 0.86

Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via ..

5.0
2003-12-31 CVE-2003-1235 BRS Information Disclosure vulnerability in BRS WebWeaver

BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory.

5.0
2003-12-31 CVE-2003-1223 BEA Denial of Service and Information Disclosure vulnerability in Multiple BEA WebLogic Server/Express

The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.

5.0
2003-12-31 CVE-2003-1222 BEA Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 8.1

BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.

5.0
2003-12-31 CVE-2003-1221 BEA Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 7.0/7.0.0.1/8.1

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.

5.0
2003-12-31 CVE-2003-1220 BEA Denial of Service and Information Disclosure vulnerability in Multiple BEA WebLogic Server/Express

BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.

5.0
2003-12-31 CVE-2003-1209 Monkey Project Improper Input Validation vulnerability in Monkey-Project Monkey

The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.

5.0
2003-12-31 CVE-2003-1173 Centrinity Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
5.0
2003-12-31 CVE-2003-1172 Apache Directory Traversal vulnerability in Apache Cocoon 2.1/2.1.2/2.2

Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a ..

5.0
2003-12-31 CVE-2003-1168 Http Commander Path Disclosure vulnerability in HTTP Commander

HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a .

5.0
2003-12-31 CVE-2003-1166 Http Commander Directory Traversal vulnerability in Http Commander Http Commander 4.0

Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a ..

5.0
2003-12-31 CVE-2003-1165 BRS Remote Denial of Service vulnerability in BRS WebWeaver httpd `User-Agent`

Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.

5.0
2003-12-31 CVE-2003-1163 Ganglia Remote Denial of Service vulnerability in Ganglia gmond Malformed Packet

hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.

5.0
2003-12-31 CVE-2003-1162 Tritanium Scripts Unspecified vulnerability in Tritanium Scripts Tritanium Bulletin Board

index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.

5.0
2003-12-31 CVE-2003-1158 Plug AND Play Software Buffer Overflow vulnerability in Plug and Play Software Plug and Play web Server 1.0.002C

Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands.

5.0
2003-12-31 CVE-2003-1153 Bytehoard Unspecified vulnerability in Bytehoard 0.7/0.71

byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php.

5.0
2003-12-31 CVE-2003-1152 Infrontech Unspecified vulnerability in Infrontech Webtide 7.0.4

WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").

5.0
2003-12-31 CVE-2003-1132 Cisco Denial-Of-Service vulnerability in Cisco products

The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.

5.0
2003-12-31 CVE-2003-1127 Whale Communications Unspecified vulnerability in Whale Communications E-Gap 2.5

Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor.

5.0
2003-12-31 CVE-2003-1126 SUN Denial-Of-Service vulnerability in SUN ONE web Server 6.0

Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.

5.0
2003-12-31 CVE-2003-1125 SUN Denial-Of-Service vulnerability in SUN ONE Directory Server 4.16/5.0/5.1

Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).

5.0
2003-12-31 CVE-2003-1119 SSH Denial-Of-Service vulnerability in SSH Secure Shell 3.1/3.2

SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.

5.0
2003-12-31 CVE-2003-1116 Oracle Unspecified vulnerability in Oracle E-Business Suite

The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.

5.0
2003-12-31 CVE-2003-1108 Alcatel Lucent Unspecified vulnerability in Alcatel-Lucent Omnipcx 5.0

The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

5.0
2003-12-31 CVE-2003-1106 Microsoft Denial of Service vulnerability in Microsoft SMTP Service Invalid FILETIME

The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.

5.0
2003-12-31 CVE-2003-1102 Hummingbird Remote Security vulnerability in Hummingbird CyberDOCS

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.

5.0
2003-12-31 CVE-2003-1101 Hummingbird Path Disclosure vulnerability in Hummingbird Cyberdocs 3.5.1/3.9/4.0

Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.

5.0
2003-12-31 CVE-2003-1089 Phpoutsourcing Path Disclosure vulnerability in PHPoutsourcing Zorum 3.4

index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message.

5.0
2003-12-31 CVE-2003-1087 HP Network Traffic Denial Of Service vulnerability in HP-UX

Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.

5.0
2003-12-31 CVE-2003-1085 Thomson Remote Denial Of Service vulnerability in Thomson Cable Modem

The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.

5.0
2003-12-31 CVE-2003-1066 SUN Buffer Overflow Denial Of Service vulnerability in Sun Solaris Syslogd UDP Packet

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

5.0
2003-12-31 CVE-2003-1005 Apple Remote Denial Of Service vulnerability in Apple MacOS X ASN.1 Decoding

The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.

5.0
2003-12-31 CVE-2003-0900 Larry Wall Remote Security vulnerability in Larry Wall Perl 5.8.1

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.

5.0
2003-12-31 CVE-2003-0627 Peoplesoft Denial of Service vulnerability in PeopleSoft PeopleBooks psdoccgi.exe

psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.

5.0
2003-12-31 CVE-2003-1446 Rogue Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rogue 5.22/985.0

Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde).

4.9
2003-12-31 CVE-2003-1428 Linux
Bharat Mediratta
Unspecified vulnerability in Bharat Mediratta Gallery 1.3.3

Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.

4.8
2003-12-31 CVE-2003-1502 Snert COM Local Shared Memory Corruption vulnerability in Snert.Com MOD Throttle 3.0

mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.

4.6
2003-12-31 CVE-2003-1482 Microsoft Credentials Management vulnerability in Microsoft Mn-500 Wireless Base Station

The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.

4.6
2003-12-31 CVE-2003-1473 Lgames Buffer Errors vulnerability in Lgames Ltris 1.0.1

Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable.

4.6
2003-12-31 CVE-2003-1457 Auerswald Configuration vulnerability in Auerswald Comsuite CTI Controlcenter 3.1

Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.

4.6
2003-12-31 CVE-2003-1445 Rarlab Buffer Errors vulnerability in Rarlab FAR Manager 1.65/1.70Beta1/1.70Beta4

Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.

4.6
2003-12-31 CVE-2003-1376 Winzip Credentials Management vulnerability in Winzip 8.0

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.

4.6
2003-12-31 CVE-2003-1374 HP Buffer Errors vulnerability in HP Hp-Ux 11

Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.

4.6
2003-12-31 CVE-2003-1324 Elmme Mailer Local Security vulnerability in Elmme-Mailer ELM Me+ 2.4

Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group.

4.6
2003-12-31 CVE-2003-1310 Symantec Unspecified vulnerability in Symantec Norton Antivirus 2002/2003

The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").

4.6
2003-12-31 CVE-2003-1308 Fvwm Local Security vulnerability in FVWM

CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.

4.6
2003-12-31 CVE-2003-1287 Sambar Denial-Of-Service vulnerability in Server

Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.

4.6
2003-12-31 CVE-2003-1279 Insightful S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html.
4.6
2003-12-31 CVE-2003-1276 Nettelephone Local Security vulnerability in Nettelephone 3.5.6

Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts.

4.6
2003-12-31 CVE-2003-1169 Datev Unspecified vulnerability in Datev Nutzungskontrolle 2.1/2.2

DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.

4.6
2003-12-31 CVE-2003-1156 SUN File Corruption vulnerability in SUN JDK and JRE

Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.

4.6
2003-12-31 CVE-2003-1155 X CD Roast Local Insecure File Creation Symlink vulnerability in X-CD-Roast

X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file.

4.6
2003-12-31 CVE-2003-1124 SUN Unspecified vulnerability in SUN Management+Center 2.1.1/3.0/3.0Revenuerelease

Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.

4.6
2003-12-31 CVE-2003-1093 BEA Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/7.0.0.1

BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.

4.6
2003-12-31 CVE-2003-0857 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 2.1/3.0

The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

4.6
2003-12-29 CVE-2003-1215 Phpbb Group SQL Injection vulnerability in phpBB GroupCP.PHP

SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.

4.6
2003-12-31 CVE-2003-1444 Kaspersky LAB Improper Input Validation vulnerability in Kaspersky LAB Kaspersky Anti-Virus 4.0.9.0

Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.

4.4
2003-12-31 CVE-2003-1443 Kaspersky LAB Improper Input Validation vulnerability in Kaspersky LAB Kaspersky Anti-Virus 4.0.9.0

Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.

4.4
2003-12-31 CVE-2003-1417 Ncipher Credentials Management vulnerability in Ncipher Support Software 6.00

nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.

4.4
2003-12-31 CVE-2003-1561 Opera Information Disclosure vulnerability in Opera

Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

4.3
2003-12-31 CVE-2003-1556 CGI City Cross-Site Scripting vulnerability in CGI City CC Guestbook

Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters.

4.3
2003-12-31 CVE-2003-1554 Scoznet Cross-Site Scripting vulnerability in Scoznet Scozbook 1.1Beta

Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.

4.3
2003-12-31 CVE-2003-1553 Sips Information Exposure vulnerability in Sips 0.2.2

Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.

4.3
2003-12-31 CVE-2003-1549 Myabracadaweb Cross-Site Scripting vulnerability in Myabracadaweb

Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter.

4.3
2003-12-31 CVE-2003-1547 Francisco Burzi Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke

Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.

4.3
2003-12-31 CVE-2003-1546 Filebased Cross-Site Scripting vulnerability in Filebased Guestbook 1.1.3

Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section.

4.3
2003-12-31 CVE-2003-1543 Bajie Cross-Site Scripting vulnerability in Bajie Java Http Server 0.95

Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message.

4.3
2003-12-31 CVE-2003-1539 Onedotoh Cross-Site Scripting vulnerability in Onedotoh Simple File Manager

Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.

4.3
2003-12-31 CVE-2003-1536 DCP Portal Cross-Site Scripting vulnerability in Dcp-Portal 5.3.1

Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php.

4.3
2003-12-31 CVE-2003-1534 Justice Media Cross-Site Scripting vulnerability in Justice Media Guestbook

Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables.

4.3
2003-12-31 CVE-2003-1531 Lilikoi Cross-Site Scripting vulnerability in Lilikoi Ceilidh

Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2003-12-31 CVE-2003-1527 IBM
ISS
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
4.3
2003-12-31 CVE-2003-1522 Pscs Cross-Site Scripting vulnerability in Pscs Vpop3 web Mail Server 2.0E/2.0F

Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page.

4.3
2003-12-31 CVE-2003-1519 Vivisimo Cross-Site Scripting vulnerability in Vivisimo Clustering Engine 0

Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.

4.3
2003-12-31 CVE-2003-1513 Caucho Technology Cross-Site Scripting vulnerability in Caucho Technology Resin

Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.

4.3
2003-12-31 CVE-2003-1511 Bajie Cross-Site Scripting vulnerability in Bajie Java Http Server 0.95

Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.

4.3
2003-12-31 CVE-2003-1508 Mirc Buffer Errors vulnerability in Mirc 6.12

Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename.

4.3
2003-12-31 CVE-2003-1506 Daniel Barron Cross-Site Scripting vulnerability in Daniel Barron Dansguardian

Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.

4.3
2003-12-31 CVE-2003-1505 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.

4.3
2003-12-31 CVE-2003-1498 Wrensoft Cross-Site Scripting vulnerability in Wrensoft Zoom Search Engine

Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter.

4.3
2003-12-31 CVE-2003-1484 Microsoft Buffer Errors vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.

4.3
2003-12-31 CVE-2003-1480 Mysql
Oracle
Cryptographic Issues vulnerability in multiple products

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

4.3
2003-12-31 CVE-2003-1479 Darkwet Cross-Site Scripting vulnerability in Darkwet Webcam XP 1.02.432/1.02.535

Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field.

4.3
2003-12-31 CVE-2003-1478 KDE Buffer Errors vulnerability in KDE Konqueror 3.0.3

Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.

4.3
2003-12-31 CVE-2003-1468 Francisco Burzi Information Exposure vulnerability in Francisco Burzi PHP-Nuke

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.

4.3
2003-12-31 CVE-2003-1467 Linux
Microsoft
Unix
Phorum
Cross-Site Scripting vulnerability in Phorum

Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2003-12-31 CVE-2003-1453 Xoops Cross-Site Scripting vulnerability in Xoops

Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.

4.3
2003-12-31 CVE-2003-1441 Posadis Improper Input Validation vulnerability in Posadis

Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference.

4.3
2003-12-31 CVE-2003-1440 Burton Computer Corporation Improper Input Validation vulnerability in Burton Computer Corporation Spamprobe 0.8A

SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.

4.3
2003-12-31 CVE-2003-1439 Silc Credentials Management vulnerability in Silc Secure Internet Live Conferencing 0.9.11/0.9.12

Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.

4.3
2003-12-31 CVE-2003-1438 BEA Race Condition vulnerability in BEA Weblogic Server

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

4.3
2003-12-31 CVE-2003-1433 Epic Games Improper Authentication vulnerability in Epic Games Unreal Engine 226F/433/436

Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.

4.3
2003-12-31 CVE-2003-1421 Suckbot Resource Management Errors vulnerability in Suckbot 0.006

Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors.

4.3
2003-12-31 CVE-2003-1420 Opera Software Cross-Site Scripting vulnerability in Opera Software Opera web Browser

Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.

4.3
2003-12-31 CVE-2003-1419 Netscape Improper Input Validation vulnerability in Netscape Navigator 7.0

Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.

4.3
2003-12-31 CVE-2003-1418 Apache Information Exposure vulnerability in Apache Http Server

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).

4.3
2003-12-31 CVE-2003-1416 Bisonftp Improper Input Validation vulnerability in Bisonftp Server 4 R2

BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command.

4.3
2003-12-31 CVE-2003-1414 Apple Path Traversal vulnerability in Apple products

Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ...

4.3
2003-12-31 CVE-2003-1413 Apple Path Traversal vulnerability in Apple products

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

4.3
2003-12-31 CVE-2003-1400 Francisco Burzi Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke

Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.

4.3
2003-12-31 CVE-2003-1397 Opera Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Software Opera web Browser

The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.

4.3
2003-12-31 CVE-2003-1396 Opera Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Software Opera web Browser

Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.

4.3
2003-12-31 CVE-2003-1384 PY Software Cross-Site Scripting vulnerability in PY Software Py-Livredor 1.0

Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields.

4.3
2003-12-31 CVE-2003-1372 Linux
Microsoft
Unix
Myphpnuke
Cross-Site Scripting vulnerability in Myphpnuke 1.8.8

Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.

4.3
2003-12-31 CVE-2003-1371 Nuked Klan Cross-Site Scripting vulnerability in Nuked-Klan 1.3Beta

Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.

4.3
2003-12-31 CVE-2003-1370 Nuked Klan Cross-Site Scripting vulnerability in Nuked-Klan 1.2Beta

Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.

4.3
2003-12-31 CVE-2003-1353 Lanifex Cross-Site Scripting vulnerability in Lanifex Outreach Project Tool 0.946B

Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field.

4.3
2003-12-31 CVE-2003-1350 List Site PRO Improper Input Validation vulnerability in List Site PRO List Site PRO 2.0

List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.

4.3
2003-12-31 CVE-2003-1348 Ftls Cross-Site Scripting vulnerability in Ftls Guestbook 1.1

Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.

4.3
2003-12-31 CVE-2003-1347 Geeklog Cross-Site Scripting vulnerability in Geeklog 1.3.7

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.

4.3
2003-12-31 CVE-2003-1338 Aprelium Technologies Unspecified vulnerability in Aprelium Technologies Abyss web Server

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.

4.3
2003-12-31 CVE-2003-1334 KAI Blankenhorn Bitfolge Cross-Site Scripting vulnerability in KAI Blankenhorn Bitfolge Simple and Nice Index File

Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2003-12-31 CVE-2003-1312 Netegrity Remote Security vulnerability in Netegrity SiteMinder

siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.

4.3
2003-12-31 CVE-2003-1307 Apache Unspecified vulnerability in Apache Http Server

** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port.

4.3
2003-12-31 CVE-2003-1293 Nukedweb HTML Injection vulnerability in Multiple GuestBookHost

Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook.

4.3
2003-12-31 CVE-2003-1285 Sambar Unspecified vulnerability in Sambar Server

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).

4.3
2003-12-31 CVE-2003-1278 Infopop HTML Injection vulnerability in Infopop Opentopic 2.3.1

Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.

4.3
2003-12-31 CVE-2003-1277 Yabb Cross-Site Scripting vulnerability in Yabb 1.5.0

Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html

4.3
2003-12-31 CVE-2003-1271 AN Cross-Site Scripting vulnerability in AN An-Http 1.41E

Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script.

4.3
2003-12-31 CVE-2003-1243 Sage Cross-Site Scripting vulnerability in Sage Content Management System

Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.

4.3
2003-12-31 CVE-2003-1241 Levcgi COM HTML Injection vulnerability in Levcgi.Com Myguestbook 3.0

Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.

4.3
2003-12-31 CVE-2003-1237 Matt Wright HTML Injection vulnerability in WWWBoard

Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.

4.3
2003-12-31 CVE-2003-1231 ECW Shop Cross-Site Scripting vulnerability in Ecw-Shop 5.01/5.5

Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2003-12-31 CVE-2003-1219 Oscommerce Cross-Site Scripting vulnerability in osCommerce osCsid Parameter

Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.

4.3
2003-12-31 CVE-2003-1164 Mldonkey Cross-Site Scripting vulnerability in Mldonkey 2.5.4

Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.

4.3
2003-12-31 CVE-2003-1157 Citrix Cross-Site Scripting vulnerability in Citrix Metaframe 1.0

Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.

4.3
2003-12-31 CVE-2003-1100 Hummingbird Cross-Site Scripting vulnerability in Hummingbird Cyberdocs 3.5.1/3.9/4.0

Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.

4.3
2003-12-31 CVE-2003-1563 SUN Denial Of Service vulnerability in Sun Cluster TCP Port Conflict

Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.

4.0
2003-12-31 CVE-2003-1331 Oracle Buffer Overrun vulnerability in MySQL libmysqlclient Library mysql_real_connect()

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

4.0
2003-12-31 CVE-2003-1299 Pablo Software Solutions Directory Traversal vulnerability in Pablo Software Solutions Baby FTP Server 1.2

Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.

4.0

36 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-12-31 CVE-2003-1120 SSH Unspecified vulnerability in SSH Tectia Server 4.0.3/4.0.4

Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.

3.7
2003-12-31 CVE-2003-1460 Ralf Hoffmann Permissions, Privileges, and Access Controls vulnerability in Ralf Hoffmann Worker Filemanager

Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.

3.6
2003-12-31 CVE-2003-1452 Qualcomm Configuration vulnerability in Qualcomm Qpopper

Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.

3.6
2003-12-31 CVE-2003-1234 Freebsd Integer Overflow vulnerability in FreeBSD System Call f_count

Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.

3.6
2003-12-31 CVE-2003-1463 Microsoft
ALT N
Improper Input Validation vulnerability in Alt-N Webadmin 2.0.0/2.0.1/2.0.2

Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.

3.5
2003-12-31 CVE-2003-1426 Cpanel Configuration vulnerability in Cpanel 5.0

Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.

3.3
2003-12-31 CVE-2003-1366 Openbsd Information Exposure vulnerability in Openbsd

chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.

3.3
2003-12-31 CVE-2003-1306 Microsoft Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
2.6
2003-12-31 CVE-2003-1135 Yahoo Buffer Overrun vulnerability in Yahoo Messenger 5.6

Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.

2.6
2003-12-31 CVE-2003-1129 Yahoo Buffer Overflow vulnerability in Yahoo Audio Conferencing Activex Control 1.0.0.43

Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.

2.6
2003-12-31 CVE-2003-1105 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.

2.6
2003-12-31 CVE-2003-0956 Linux Local Security vulnerability in Linux Kernel 2.4.22

Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.

2.6
2003-12-31 CVE-2003-1476 Cerberus Unspecified vulnerability in Cerberus FTP Server 2.1

Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.

2.1
2003-12-31 CVE-2003-1437 HP
IBM
Microsoft
Redhat
SUN
BEA
Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1

BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.

2.1
2003-12-31 CVE-2003-1295 Redhat
Suse
Multiple vulnerability in SuSE XScreenSaver Package

Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."

2.1
2003-12-31 CVE-2003-1294 Xscreensaver Multiple vulnerability in SuSE XScreenSaver Package

Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

2.1
2003-12-31 CVE-2003-1289 Freebsd
Netbsd
Local Security vulnerability in BSD IBCS2

The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.

2.1
2003-12-31 CVE-2003-1281 Eekim Unspecified vulnerability in Eekim Cgihtml 1.69

cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files.

2.1
2003-12-31 CVE-2003-1273 Nullsoft Denial Of Service vulnerability in Nullsoft Winamp 3.0

Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g.

2.1
2003-12-31 CVE-2003-1265 Mozilla
Netscape
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
2.1
2003-12-31 CVE-2003-1261 Globalscape Buffer Overflow vulnerability in GlobalScape CuteFTP Clipboard URL

Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.

2.1
2003-12-31 CVE-2003-1246 Pedestal Software Symbolic Link Bypass vulnerability in Pedestal Software Integrity Protection Driver 1.2/1.3

NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.

2.1
2003-12-31 CVE-2003-1233 Pedestal Software Symbolic Link Bypass vulnerability in Pedestal Software Integrity Protection Driver 1.2/1.3

Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.

2.1
2003-12-31 CVE-2003-1226 BEA Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1

BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.

2.1
2003-12-31 CVE-2003-1225 BEA Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1

The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.

2.1
2003-12-31 CVE-2003-1224 BEA Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1

Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.

2.1
2003-12-31 CVE-2003-1174 Nullsoft Unspecified vulnerability in Nullsoft Shoutcast Server 1.9.2

Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.

2.1
2003-12-31 CVE-2003-1134 SUN Denial Of Service vulnerability in SUN Java 1.3.1/1.4.1/1.4.2

Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.

2.1
2003-12-31 CVE-2003-1133 Ritlabs Unspecified vulnerability in Ritlabs the BAT

Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.

2.1
2003-12-31 CVE-2003-1122 Scriptlogic Unspecified vulnerability in Scriptlogic 4.01

ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.

2.1
2003-12-31 CVE-2003-1099 HP shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
2.1
2003-12-31 CVE-2003-0887 Angus Mackay Local Security vulnerability in ez-Ipupdate 3.0.11B5/3.0.11B7

ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.

2.1
2003-12-31 CVE-2003-1447 IBM Cryptographic Issues vulnerability in IBM Websphere Application Server 4.0.4

IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.

1.9
2003-12-31 CVE-2003-1399 Eject Information Disclosure vulnerability in Eject 2.0.10/2.0.11/2.0.12

eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.

1.9
2003-12-31 CVE-2003-0986 Linux
Redhat
Denial-Of-Service vulnerability in kernel

Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.

1.7
2003-12-31 CVE-2003-1073 SUN Unspecified vulnerability in SUN Solaris and Sunos

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with ..

1.2