Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0273 | 1 Best Practical Solutions | 1 Request Tracker | 2016-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies. | |||||
| CVE-2003-0213 | 1 Poptop | 1 Pptp Server | 2016-10-17 | 7.5 HIGH | N/A |
| ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow. | |||||
| CVE-2003-0154 | 1 Mozilla | 1 Bonsai | 2016-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. | |||||
| CVE-2003-0156 | 1 Cross Referencer | 1 Lxr | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter. | |||||
| CVE-2003-0215 | 1 Battleaxe Software | 1 Bttlxeforum | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields. | |||||
| CVE-2003-0141 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2016-10-17 | 5.1 MEDIUM | N/A |
| The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. | |||||
| CVE-2003-0163 | 1 Gaim-encryption | 1 Gaim-encryption | 2016-10-17 | 5.0 MEDIUM | N/A |
| decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte. | |||||
| CVE-2003-0220 | 1 Kerio | 1 Personal Firewall 2 | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. | |||||
| CVE-2003-0206 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2016-10-17 | 5.0 MEDIUM | N/A |
| gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. | |||||
| CVE-2003-0219 | 1 Kerio | 1 Personal Firewall 2 | 2016-10-17 | 7.5 HIGH | N/A |
| Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server. | |||||
| CVE-2003-0209 | 2 Smoothwall, Sourcefire | 2 Smoothwall, Snort | 2016-10-17 | 10.0 HIGH | N/A |
| Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. | |||||
| CVE-2003-0212 | 1 Rinetd | 1 Rinetd | 2016-10-17 | 7.5 HIGH | N/A |
| handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections. | |||||
| CVE-2003-0151 | 1 Bea | 1 Weblogic Server | 2016-10-17 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. | |||||
| CVE-2003-0169 | 1 Hp | 1 Instant Toptools | 2016-10-17 | 5.0 MEDIUM | N/A |
| hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop. | |||||
| CVE-2003-0217 | 1 Neoteris | 1 Instant Virtual Extranet | 2016-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script. | |||||
| CVE-2003-0210 | 1 Cisco | 1 Secure Access Control Server | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. | |||||
| CVE-2003-0204 | 1 Kde | 1 Kde | 2016-10-17 | 7.5 HIGH | N/A |
| KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | |||||
| CVE-2003-0197 | 2 Borland Software, Firebirdsql | 2 Interbase, Firebird | 2016-10-17 | 7.2 HIGH | N/A |
| Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK). | |||||
| CVE-2003-0205 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2016-10-17 | 7.5 HIGH | N/A |
| gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI. | |||||
| CVE-2003-0208 | 1 Macromedia | 1 Flash | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. | |||||