LiveActive security incident?Get immediate response
CVE archive

September 2003

Browse CVE records published in September 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 193 matching CVEs · Page 2 of 4.

Unknown · CVSS Not scored

CVE-2003-0746: Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attack...

Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm.

Published Sep 6, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0748: Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 al...

Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.

Published Sep 6, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0747: wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potent...

wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.

Published Sep 6, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0715: Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service...

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.

Published Sep 12, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0736: Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers...

Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.

Published Sep 4, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0704: KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local...

KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh.

Published Sep 12, 2003 · Updated Aug 8, 2024