Unknown · CVSS Not scored
Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code.
Published Jun 18, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.
Published Jun 24, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
Published Jun 18, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections."
Published Jun 24, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
Published Jun 1, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.
Published Jun 18, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments.
Published Jun 24, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
Published Jun 28, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
Published Jun 20, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
Published Jun 28, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
Published Jun 1, 2009 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
Published Jun 26, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
Published Jun 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
Published Jun 14, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.
Published Jun 14, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
Published Jun 3, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
Published Jun 3, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
Published Jun 3, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
Published Jun 3, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.
Published Jun 3, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475.
Published Jun 28, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
Published Jun 20, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
Published Jun 20, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.
Published Jun 11, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
Published Jun 20, 2003 · Updated Aug 8, 2024