LiveActive security incident?Get immediate response
CVE archive

March 2003

Browse CVE records published in March 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 145 matching CVEs · Page 2 of 3.

Unknown · CVSS Not scored

CVE-2003-1116: The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Orac...

The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.

Published Mar 12, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1110: The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versi...

The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Published Mar 11, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1033: The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INS...

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.

Published Mar 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0594: Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e...

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published Mar 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0592: Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restr...

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published Mar 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0593: Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2...

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published Mar 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0513: Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web...

Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published Mar 16, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0514: Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via...

Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published Mar 16, 2004 · Updated Aug 8, 2024