CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-0252 DoS Exec Code 2003-08-18 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
2 CVE-2003-0421 DoS 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
3 CVE-2003-0426 +Priv 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
4 CVE-2003-0453 Exec Code Overflow 2003-08-07 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
5 CVE-2003-0466 Exec Code Overflow 2003-08-27 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
6 CVE-2003-0473 2003-08-07 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications.
7 CVE-2003-0478 DoS Exec Code 2003-08-07 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.
8 CVE-2003-0493 +Priv 2003-08-07 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
9 CVE-2003-0494 +Priv 2003-08-07 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
10 CVE-2003-0500 +Priv Sql Bypass 2003-08-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
11 CVE-2003-0502 DoS 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
12 CVE-2003-0509 +Priv Sql 2003-08-07 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
13 CVE-2003-0522 +Priv Sql 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.
14 CVE-2003-0560 +Priv Sql 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
15 CVE-2003-0575 Overflow +Priv 2003-08-27 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.
16 CVE-2003-0588 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
17 CVE-2003-0589 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
18 CVE-2003-0599 2003-08-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
19 CVE-2003-0640 +Priv 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
20 CVE-2003-1202 Exec Code 2003-08-19 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
21 CVE-2003-0567 20 DoS 2003-08-18 2018-10-30
7.8
None Remote Low Not required None None Complete
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
22 CVE-2003-0149 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.
23 CVE-2003-0345 DoS Exec Code Overflow 2003-08-18 2019-04-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
24 CVE-2003-0346 Exec Code Overflow 2003-08-27 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
25 CVE-2003-0352 Exec Code Overflow 2003-08-18 2019-04-30
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
26 CVE-2003-0353 Exec Code Overflow 2003-08-27 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
27 CVE-2003-0450 DoS Exec Code Overflow 2003-08-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
28 CVE-2003-0469 DoS Exec Code Overflow 2003-08-07 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
29 CVE-2003-0470 Exec Code Overflow 2003-08-07 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.
30 CVE-2003-0471 Exec Code Overflow 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.
31 CVE-2003-0482 Exec Code 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code.
32 CVE-2003-0487 DoS Exec Code Overflow 2003-08-07 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
33 CVE-2003-0491 Exec Code 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
34 CVE-2003-0503 DoS Exec Code Overflow 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
35 CVE-2003-0507 DoS Exec Code Overflow 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
36 CVE-2003-0508 Exec Code Overflow 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.
37 CVE-2003-0510 Exec Code 2003-08-07 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the "sessions" command.
38 CVE-2003-0515 +Priv Sql 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.
39 CVE-2003-0516 Exec Code 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
40 CVE-2003-0530 Exec Code Overflow 2003-08-27 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
41 CVE-2003-0531 2003-08-27 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
42 CVE-2003-0532 Exec Code 2003-08-27 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
43 CVE-2003-0538 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.
44 CVE-2003-0546 2003-08-27 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
45 CVE-2003-0553 Exec Code Overflow 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
46 CVE-2003-0555 DoS Exec Code 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
47 CVE-2003-0557 Sql +Info 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
48 CVE-2003-0558 Exec Code Overflow 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.
49 CVE-2003-0559 Exec Code 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code.
50 CVE-2003-0561 Exec Code Overflow 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands.
Total number of vulnerabilities : 205   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.