LiveActive security incident?Get immediate response
CVE archive

November 2003

Browse CVE records published in November 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 114 matching CVEs · Page 2 of 3.

Unknown · CVSS Not scored

CVE-2003-1252: register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user wh...

register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.

Published Nov 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1279: S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink at...

S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html.

Published Nov 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1241: Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, a...

Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.

Published Nov 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0955: OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly exec...

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

Published Nov 21, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0939: eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow rem...

eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.

Published Nov 21, 2003 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-0795: The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is...

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

Published Nov 18, 2003 · Updated Aug 8, 2024