libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
Max CVSS
9.3
EPSS Score
0.37%
Published
2003-12-31
Updated
2024-02-02
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
Max CVSS
10.0
EPSS Score
0.50%
Published
2003-12-31
Updated
2017-08-08
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2003-12-31
Updated
2017-07-29
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
Max CVSS
10.0
EPSS Score
0.81%
Published
2003-12-31
Updated
2017-08-17
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
Max CVSS
10.0
EPSS Score
0.79%
Published
2003-12-31
Updated
2017-07-29
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
Max CVSS
10.0
EPSS Score
3.88%
Published
2003-12-31
Updated
2017-07-29
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
Max CVSS
10.0
EPSS Score
0.23%
Published
2003-12-31
Updated
2017-07-29
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
Max CVSS
10.0
EPSS Score
0.35%
Published
2003-12-31
Updated
2017-07-29
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
Max CVSS
10.0
EPSS Score
1.04%
Published
2003-12-31
Updated
2017-07-29
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
Max CVSS
9.0
EPSS Score
1.67%
Published
2003-12-31
Updated
2017-07-29
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
Max CVSS
10.0
EPSS Score
4.66%
Published
2003-12-31
Updated
2017-07-29
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
Max CVSS
10.0
EPSS Score
0.94%
Published
2003-12-31
Updated
2017-07-29
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2003-12-31
Updated
2017-07-29
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Max CVSS
9.3
EPSS Score
0.59%
Published
2003-12-31
Updated
2017-07-29
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
Max CVSS
9.0
EPSS Score
2.11%
Published
2003-12-31
Updated
2017-07-29
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
Max CVSS
9.3
EPSS Score
0.40%
Published
2003-12-31
Updated
2022-03-01
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
Max CVSS
10.0
EPSS Score
1.15%
Published
2003-12-31
Updated
2017-07-29
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
Max CVSS
10.0
EPSS Score
0.89%
Published
2003-12-31
Updated
2017-07-29
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Max CVSS
10.0
EPSS Score
0.99%
Published
2003-12-31
Updated
2017-07-29
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.
Max CVSS
10.0
EPSS Score
14.26%
Published
2003-12-31
Updated
2017-10-11

CVE-2003-1336

Public exploit
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
Max CVSS
9.3
EPSS Score
80.53%
Published
2003-12-31
Updated
2017-07-29
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
Max CVSS
10.0
EPSS Score
0.31%
Published
2003-12-31
Updated
2010-06-23
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
Max CVSS
9.3
EPSS Score
0.44%
Published
2003-12-31
Updated
2017-07-29
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
Max CVSS
10.0
EPSS Score
3.53%
Published
2003-12-31
Updated
2008-09-05
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
Max CVSS
10.0
EPSS Score
0.92%
Published
2003-12-31
Updated
2017-07-29
139 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!