Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0402 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2016-10-17 | 5.0 MEDIUM | N/A |
| The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks. | |||||
| CVE-2003-0403 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2016-10-17 | 7.5 HIGH | N/A |
| Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template. | |||||
| CVE-2003-0365 | 1 Icq Inc | 1 Icqlite | 2016-10-17 | 4.6 MEDIUM | N/A |
| ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs. | |||||
| CVE-2003-0395 | 1 Php Outburst | 1 Ultimate Php Board Upb | 2016-10-17 | 7.5 HIGH | N/A |
| Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php. | |||||
| CVE-2003-0417 | 1 Super-m | 1 Son Hserver | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Son hServer 0.2 allows remote attackers to read arbitrary files via ".|." (modified dot-dot) sequences. | |||||
| CVE-2003-0377 | 1 Iisprotect | 1 Iisprotect | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP. | |||||
| CVE-2003-0405 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2016-10-17 | 5.0 MEDIUM | N/A |
| Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command. | |||||
| CVE-2003-0398 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2016-10-17 | 7.5 HIGH | N/A |
| Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed. | |||||
| CVE-2003-0382 | 2 Debian, Michael Jennings | 2 Debian Linux, Eterm | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable. | |||||
| CVE-2003-0400 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2016-10-17 | 5.0 MEDIUM | N/A |
| Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports. | |||||
| CVE-2003-0393 | 1 Privacyware | 1 Privatefirewall | 2016-10-17 | 5.0 MEDIUM | N/A |
| Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans. | |||||
| CVE-2003-0390 | 1 James Theiler | 1 Opt | 2016-10-17 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi. | |||||
| CVE-2003-0399 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2016-10-17 | 6.4 MEDIUM | N/A |
| Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template. | |||||
| CVE-2003-0449 | 1 Progress | 1 Database | 2016-10-17 | 4.6 MEDIUM | N/A |
| Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent. | |||||
| CVE-2003-0414 | 1 Sun | 1 One Application Server | 2016-10-17 | 7.2 HIGH | N/A |
| The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile. | |||||
| CVE-2003-0307 | 1 Poster | 1 Poster | 2016-10-17 | 7.5 HIGH | N/A |
| Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field. | |||||
| CVE-2003-0303 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2016-10-17 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter. | |||||
| CVE-2003-0329 | 1 Aclogic | 1 Cesarftp | 2016-10-17 | 4.6 MEDIUM | N/A |
| CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges. | |||||
| CVE-2003-0323 | 1 Michael Sandrof | 1 Ircii | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions. | |||||
| CVE-2003-0312 | 1 Snowblind.net | 1 Snowblind Web Server | 2016-10-17 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||