Unknown · CVSS Not scored
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
Published Mar 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
Published Mar 27, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Published Mar 16, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
Published Mar 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
Published Mar 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
Published Mar 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
Published Mar 14, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.
Published Mar 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
Published Mar 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.
Published Mar 13, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
Published Mar 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
Published Mar 10, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
Published Mar 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
Published Mar 14, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
Published Mar 27, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.
Published Mar 13, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
Published Mar 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.
Published Mar 14, 2003 · Updated Aug 8, 2024