Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
Max CVSS
4.3
EPSS Score
0.27%
Published
2003-03-18
Updated
2017-07-11
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
Max CVSS
5.0
EPSS Score
2.19%
Published
2003-03-20
Updated
2024-02-13
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-03-18
Updated
2017-07-11
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-03-05
Updated
2017-07-11
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.26%
Published
2003-03-28
Updated
2017-07-11
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.
Max CVSS
5.0
EPSS Score
1.17%
Published
2003-03-24
Updated
2016-10-18
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
Max CVSS
7.5
EPSS Score
8.26%
Published
2003-03-24
Updated
2016-10-18
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
Max CVSS
9.0
EPSS Score
2.05%
Published
2003-03-24
Updated
2019-10-07
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Max CVSS
5.0
EPSS Score
1.22%
Published
2003-03-31
Updated
2018-10-19
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
Max CVSS
7.5
EPSS Score
9.02%
Published
2003-03-31
Updated
2017-07-11
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
Max CVSS
5.0
EPSS Score
1.92%
Published
2003-03-31
Updated
2017-10-10
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-03-31
Updated
2017-07-11
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.
Max CVSS
10.0
EPSS Score
1.20%
Published
2003-03-18
Updated
2017-10-10
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
Max CVSS
7.5
EPSS Score
2.18%
Published
2003-03-24
Updated
2017-10-11
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
Max CVSS
7.5
EPSS Score
2.09%
Published
2003-03-24
Updated
2018-10-19
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
Max CVSS
7.5
EPSS Score
1.84%
Published
2003-03-24
Updated
2018-10-19
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
Max CVSS
5.0
EPSS Score
1.29%
Published
2003-03-18
Updated
2008-09-10
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
Max CVSS
7.5
EPSS Score
7.42%
Published
2003-03-24
Updated
2018-10-19
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
Max CVSS
5.0
EPSS Score
2.51%
Published
2003-03-24
Updated
2017-10-11
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.
Max CVSS
5.0
EPSS Score
6.07%
Published
2003-03-24
Updated
2017-10-11
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.
Max CVSS
5.0
EPSS Score
16.19%
Published
2003-03-24
Updated
2017-10-11
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
Max CVSS
7.2
EPSS Score
0.05%
Published
2003-03-31
Updated
2018-05-03
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.
Max CVSS
7.5
EPSS Score
0.20%
Published
2003-03-18
Updated
2008-09-05
Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.
Max CVSS
5.0
EPSS Score
2.93%
Published
2003-03-18
Updated
2018-05-03
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.
Max CVSS
4.6
EPSS Score
0.21%
Published
2003-03-18
Updated
2017-10-10
119 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!