LiveActive security incident?Get immediate response
CVE archive

August 2003

Browse CVE records published in August 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 100 matching CVEs · Page 2 of 2.

Unknown · CVSS Not scored

CVE-2003-0620: Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain pri...

Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.

Published Aug 1, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0532: Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by we...

Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.

Published Aug 22, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0540: The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service...

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

Published Aug 5, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0467: Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONF...

Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error.

Published Aug 5, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0468: Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks...

Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.

Published Aug 5, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0466: Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow att...

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Published Aug 1, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0187: The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_c...

The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.

Published Aug 5, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0148: The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execut...

The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.

Published Aug 1, 2003 · Updated Aug 8, 2024