CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-0030 Exec Code 2003-04-02 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
2 CVE-2002-0690 Exec Code 2003-04-11 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
3 CVE-2002-1143 2003-04-11 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
4 CVE-2002-1406 2003-04-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
5 CVE-2002-1407 2003-04-11 2017-10-09
7.5
User Remote Low Not required Partial Partial Partial
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
6 CVE-2002-1408 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.
7 CVE-2002-1409 DoS 2003-04-11 2017-10-10
2.1
None Local Low Not required None None Partial
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
8 CVE-2002-1410 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
9 CVE-2002-1411 Dir. Trav. 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter.
10 CVE-2002-1412 Exec Code 2003-04-11 2017-10-09
7.5
User Remote Low Not required Partial Partial Partial
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
11 CVE-2002-1413 Bypass 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
12 CVE-2002-1414 Overflow +Priv 2003-04-11 2016-10-17
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
13 CVE-2002-1415 DoS Exec Code 2003-04-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests.
14 CVE-2002-1416 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks.
15 CVE-2002-1417 Dir. Trav. 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.
16 CVE-2002-1418 DoS Overflow 2003-04-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.
17 CVE-2002-1419 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.
18 CVE-2002-1420 2003-04-11 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
19 CVE-2002-1421 Sql 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
20 CVE-2002-1422 2003-04-11 2008-09-05
5.0
None Remote Low Not required None Partial None
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
21 CVE-2002-1423 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
22 CVE-2002-1424 DoS Exec Code Overflow 2003-04-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
23 CVE-2002-1425 Dir. Trav. 2003-04-11 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
24 CVE-2002-1426 DoS Overflow 2003-04-11 2008-09-05
7.8
None Remote Low Not required None None Complete
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
25 CVE-2002-1427 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
26 CVE-2002-1428 Bypass 2003-04-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
27 CVE-2002-1429 XSS 2003-04-11 2008-09-05
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.
28 CVE-2002-1430 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.
29 CVE-2002-1431 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server.
30 CVE-2002-1432 200 +Info 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.
31 CVE-2002-1433 DoS 2003-04-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services.
32 CVE-2002-1434 XSS 2003-04-11 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
33 CVE-2002-1435 Exec Code 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
34 CVE-2002-1436 Exec Code 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
35 CVE-2002-1437 Dir. Trav. 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.
36 CVE-2002-1438 +Info 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
37 CVE-2002-1439 2003-04-11 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
38 CVE-2002-1440 +Priv 2003-04-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
39 CVE-2002-1441 Exec Code Overflow 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
40 CVE-2002-1442 Bypass 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
41 CVE-2002-1443 2003-04-11 2017-10-09
5.0
None Remote Low Not required Partial None None
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
42 CVE-2002-1464 XSS 2003-04-22 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.
43 CVE-2002-1465 Exec Code Sql 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
44 CVE-2002-1466 Exec Code 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
45 CVE-2002-1467 Bypass 2003-04-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
46 CVE-2002-1468 Exec Code Overflow 2003-04-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
47 CVE-2002-1469 Bypass 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
48 CVE-2002-1470 2003-04-22 2008-09-05
2.1
None Local Low Not required Partial None None
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
49 CVE-2002-1471 2003-04-22 2008-09-05
5.0
None Remote Low Not required None Partial None
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
50 CVE-2002-1473 DoS Exec Code Overflow 2003-04-22 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
Total number of vulnerabilities : 135   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.