The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
Max CVSS
7.5
EPSS Score
9.22%
Published
2003-02-19
Updated
2021-07-23
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
Max CVSS
7.5
EPSS Score
0.68%
Published
2003-02-19
Updated
2021-07-23
Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.
Max CVSS
10.0
EPSS Score
9.93%
Published
2003-02-06
Updated
2017-07-11
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
Max CVSS
1.2
EPSS Score
0.04%
Published
2003-02-11
Updated
2018-10-30
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.
Max CVSS
5.0
EPSS Score
10.71%
Published
2003-02-18
Updated
2018-10-30
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
Max CVSS
7.5
EPSS Score
1.74%
Published
2003-02-28
Updated
2018-10-30
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.
Max CVSS
6.4
EPSS Score
0.51%
Published
2003-02-19
Updated
2016-10-18
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
Max CVSS
7.5
EPSS Score
7.24%
Published
2003-02-19
Updated
2016-10-18
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.
Max CVSS
7.2
EPSS Score
0.54%
Published
2003-02-19
Updated
2016-10-18
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
Max CVSS
5.0
EPSS Score
1.55%
Published
2003-02-19
Updated
2019-10-07
Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.
Max CVSS
7.2
EPSS Score
0.05%
Published
2003-02-19
Updated
2016-10-18
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
Max CVSS
7.5
EPSS Score
8.84%
Published
2003-02-19
Updated
2020-01-21
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
Max CVSS
7.5
EPSS Score
2.16%
Published
2003-02-19
Updated
2020-01-21
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
Max CVSS
5.0
EPSS Score
2.03%
Published
2003-02-19
Updated
2020-01-21
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.
Max CVSS
7.5
EPSS Score
6.79%
Published
2003-02-19
Updated
2017-07-11
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-02-19
Updated
2017-10-11
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-02-19
Updated
2016-10-18
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-02-19
Updated
2016-10-18
AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-02-19
Updated
2016-10-18
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
Max CVSS
5.0
EPSS Score
0.35%
Published
2003-02-07
Updated
2017-10-10
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
Max CVSS
6.8
EPSS Score
93.26%
Published
2003-02-07
Updated
2017-07-11
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
Max CVSS
5.0
EPSS Score
0.34%
Published
2003-02-07
Updated
2017-10-10
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
Max CVSS
5.0
EPSS Score
11.57%
Published
2003-02-07
Updated
2017-07-11
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
Max CVSS
10.0
EPSS Score
0.85%
Published
2003-02-19
Updated
2024-02-02
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
Max CVSS
7.5
EPSS Score
0.26%
Published
2003-02-19
Updated
2017-10-10
48 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!