LiveActive security incident?Get immediate response
CVE archive

2003 CVE Archive

Browse CVE records published in 2003 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1504 matching CVEs · Page 4 of 31.

Unknown · CVSS Not scored

CVE-2003-1135: Buffer overflow in Yahoo!

Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.

Published May 10, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1567: The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of t...

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Published Jan 15, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1132: The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA...

The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.

Published Apr 21, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1325: The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and ear...

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.

Published Apr 12, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1570: The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not req...

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."

Published Mar 31, 2009 · Updated Aug 8, 2024

Medium · CVSS 5

CVE-2003-5003: ISS BlackICE PC Protection Update cross site scriting

A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Aug 8, 2024

Medium · CVSS 5.3

CVE-2003-5001: ISS BlackICE PC Protection Cross Site Scripting Detection privileges management

A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1578: Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for c...

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Aug 8, 2024

Low · CVSS 3.7

CVE-2003-5002: ISS BlackICE PC Protection Update cleartext transmission

A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Published Mar 28, 2022 · Updated Aug 8, 2024