Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2008-09-05 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | |||||
| CVE-2003-0104 | 1 Peoplesoft | 1 Peopletools | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet. | |||||
| CVE-2003-0120 | 1 Mhc-utils | 1 Mhc-utils | 2008-09-05 | 1.2 LOW | N/A |
| adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. | |||||
| CVE-2003-0119 | 1 Ibm | 1 Aix | 2008-09-05 | 7.5 HIGH | N/A |
| The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. | |||||
| CVE-2003-0126 | 1 Multitech | 1 Routefinder 550 Vpn | 2008-09-05 | 7.5 HIGH | N/A |
| The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities. | |||||
| CVE-2002-2352 | 1 Neosoft | 1 Neobook | 2008-09-05 | 5.8 MEDIUM | N/A |
| The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs. | |||||
| CVE-2003-0142 | 1 Adobe | 1 Acrobat Reader | 2008-09-05 | 5.0 MEDIUM | N/A |
| Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function. | |||||
| CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 6.4 MEDIUM | N/A |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | |||||
| CVE-2003-0194 | 1 Redhat | 2 Linux, Tcpdump | 2008-09-05 | 4.6 MEDIUM | N/A |
| tcpdump does not properly drop privileges to the pcap user when starting up. | |||||
| CVE-2002-2398 | 1 App | 1 Apboard | 2008-09-05 | 5.0 MEDIUM | N/A |
| The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter. | |||||
| CVE-2002-2413 | 2 Deerfield, Microsoft | 3 Website Pro, Windows 9x, Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. | |||||
| CVE-2002-2408 | 1 Gordano | 1 Ntmail | 2008-09-05 | 7.5 HIGH | N/A |
| Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server. | |||||
| CVE-2003-0241 | 1 Frontrange | 1 Goldmine | 2008-09-05 | 7.5 HIGH | N/A |
| FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone. | |||||
| CVE-2003-0214 | 1 Debian | 1 Mime-support | 2008-09-05 | 4.6 MEDIUM | N/A |
| run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0061 | 1 Hp | 1 Hp-ux | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable. | |||||
| CVE-2003-0177 | 1 Sgi | 1 Irix | 2008-09-05 | 4.6 MEDIUM | N/A |
| SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently. | |||||
| CVE-2003-0249 | 1 Php | 1 Php | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report." | |||||
| CVE-2002-2040 | 1 Qnx | 1 Rtos | 2008-09-05 | 7.2 HIGH | N/A |
| The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program. | |||||
| CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2008-09-05 | 7.5 HIGH | N/A |
| The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | |||||
| CVE-2002-2033 | 1 Faqmanager | 1 Faqmanager.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character (%00). | |||||