Unknown · CVSS Not scored
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
Published Apr 16, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI.
Published Apr 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
Published Apr 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
Published Apr 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
Published Apr 30, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
Published Apr 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server.
Published Apr 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
Published Apr 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
Published Apr 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.
Published Apr 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.
Published Apr 29, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Published Apr 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
Published Apr 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
Published Apr 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
Published Apr 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
Published Apr 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
Published Apr 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
Published Apr 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
Published Apr 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
Published Apr 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
Published Apr 1, 2003 · Updated Aug 8, 2024