LiveActive security incident?Get immediate response
CVE archive

January 2003

Browse CVE records published in January 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 51 matching CVEs · Page 1 of 2.

Unknown · CVSS Not scored

CVE-2003-1575: VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9...

VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.

Published Jan 28, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2003-1567: The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of t...

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Published Jan 15, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1027: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mo...

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."

Published Jan 8, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1026: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript p...

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

Published Jan 8, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0904: Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not...

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

Published Jan 8, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0816: Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the Na...

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

Published Jan 14, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0815: Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary...

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.

Published Jan 14, 2004 · Updated Aug 8, 2024