CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-0690 Exec Code 2003-04-11 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
2 CVE-2002-1428 Bypass 2003-04-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
3 CVE-2002-1440 +Priv 2003-04-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
4 CVE-2002-1466 Exec Code 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
5 CVE-2002-1468 Exec Code Overflow 2003-04-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
6 CVE-2002-1478 Exec Code 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
7 CVE-2002-1482 +Priv Sql 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
8 CVE-2002-1519 DoS Exec Code 2003-04-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
9 CVE-2002-1520 2003-04-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
10 CVE-2003-0161 DoS Exec Code Overflow 2003-04-02 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
11 CVE-2003-0178 DoS Exec Code Overflow 2003-04-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
12 CVE-2002-1426 DoS Overflow 2003-04-11 2008-09-05
7.8
None Remote Low Not required None None Complete
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
13 CVE-2002-1407 2003-04-11 2017-10-09
7.5
User Remote Low Not required Partial Partial Partial
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
14 CVE-2002-1408 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.
15 CVE-2002-1410 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
16 CVE-2002-1412 Exec Code 2003-04-11 2017-10-09
7.5
User Remote Low Not required Partial Partial Partial
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
17 CVE-2002-1413 Bypass 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
18 CVE-2002-1419 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.
19 CVE-2002-1421 Sql 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
20 CVE-2002-1427 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
21 CVE-2002-1431 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server.
22 CVE-2002-1435 Exec Code 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
23 CVE-2002-1436 Exec Code 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
24 CVE-2002-1441 Exec Code Overflow 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
25 CVE-2002-1442 Bypass 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
26 CVE-2002-1465 Exec Code Sql 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
27 CVE-2002-1469 Bypass 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
28 CVE-2002-1477 Exec Code 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
29 CVE-2002-1481 DoS Exec Code 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
30 CVE-2002-1484 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
31 CVE-2002-1486 DoS Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
32 CVE-2002-1489 Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.
33 CVE-2002-1496 Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
34 CVE-2002-1499 Sql 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
35 CVE-2002-1505 +Priv Sql 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
36 CVE-2002-1524 Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
37 CVE-2003-0106 Bypass 2003-04-02 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
38 CVE-2003-0135 2003-04-11 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
39 CVE-2003-0152 Exec Code 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
40 CVE-2003-0159 DoS Exec Code Overflow 2003-04-02 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
41 CVE-2003-0162 +Priv 2003-04-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.
42 CVE-2003-0166 DoS Exec Code 2003-04-02 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
43 CVE-2003-0167 DoS Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
44 CVE-2003-0168 Exec Code Overflow 2003-04-02 2018-10-19
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
45 CVE-2003-0172 Exec Code Overflow 2003-04-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
46 CVE-2003-0179 Exec Code Overflow 2003-04-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.
47 CVE-2003-0203 Exec Code Overflow 2003-04-11 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.
48 CVE-2002-1406 2003-04-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
49 CVE-2002-1420 2003-04-11 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
50 CVE-2002-1492 Overflow +Priv 2003-04-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
Total number of vulnerabilities : 135   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.