LiveActive security incident?Get immediate response
CVE archive

March 2003

Browse CVE records published in March 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 145 matching CVEs · Page 1 of 3.

Unknown · CVSS Not scored

CVE-2003-1297: Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directo...

Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files.

Published Mar 19, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1570: The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not req...

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."

Published Mar 31, 2009 · Updated Aug 8, 2024

Medium · CVSS 5

CVE-2003-5003: ISS BlackICE PC Protection Update cross site scriting

A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Aug 8, 2024

Medium · CVSS 5.3

CVE-2003-5001: ISS BlackICE PC Protection Cross Site Scripting Detection privileges management

A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Aug 8, 2024

Low · CVSS 3.7

CVE-2003-5002: ISS BlackICE PC Protection Update cleartext transmission

A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1322: Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow rem...

Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.

Published Mar 21, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1129: Buffer overflow in the Yahoo!

Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.

Published Mar 12, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1121: Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised pr...

Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).

Published Mar 12, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1114: The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways...

The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Published Mar 11, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1109: The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7...

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Published Mar 11, 2005 · Updated Aug 8, 2024