Unknown · CVSS Not scored
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
Published Dec 2, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php.
Published Dec 27, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.
Published Dec 20, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Published Dec 17, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Published Dec 17, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
Published Dec 11, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
Published Dec 17, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
Published Dec 17, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.
Published Dec 27, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.
Published Dec 29, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
Published Dec 15, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.
Published Dec 4, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
Published Dec 15, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
Published Dec 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Published Dec 10, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.
Published Dec 11, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.
Published Dec 11, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
Published Dec 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host.
Published Dec 10, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.
Published Dec 11, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
Published Dec 11, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
Published Dec 10, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
Published Dec 10, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
Published Dec 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
Published Dec 10, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
Published Dec 17, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
Published Dec 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow.
Published Dec 10, 2003 · Updated Aug 8, 2024