Unknown · CVSS Not scored
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
Published Sep 25, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.
Published Sep 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.
Published Sep 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
Published Sep 25, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.
Published Sep 6, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
Published Sep 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.
Published Sep 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm.
Published Sep 6, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
Published Sep 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
Published Sep 25, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
Published Sep 19, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
Published Sep 19, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
Published Sep 6, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
Published Sep 6, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
Published Sep 4, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
Published Sep 4, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
Published Sep 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
Published Sep 4, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.
Published Sep 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
Published Sep 4, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
Published Sep 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
Published Sep 4, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
Published Sep 3, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
Published Sep 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
Published Sep 6, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.
Published Sep 19, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
Published Sep 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.
Published Sep 4, 2003 · Updated Aug 8, 2024