CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2003 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1205 DoS 2003-08-06 2017-07-10
5.0
None Remote Low Not required None None Partial
Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name.
2 CVE-2003-1202 Exec Code 2003-08-19 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
3 CVE-2003-1063 Bypass 2003-08-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
4 CVE-2003-0701 Exec Code Overflow 2003-08-27 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
5 CVE-2003-0699 2003-08-27 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
6 CVE-2003-0685 Exec Code Overflow 2003-08-27 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
7 CVE-2003-0677 DoS 2003-08-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure."
8 CVE-2003-0676 Dir. Trav. 2003-08-27 2016-10-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
9 CVE-2003-0672 Exec Code 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
10 CVE-2003-0671 Exec Code 2003-08-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
11 CVE-2003-0657 Sql 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
12 CVE-2003-0655 +Priv 2003-08-27 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges.
13 CVE-2003-0654 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
14 CVE-2003-0653 DoS 2003-08-27 2008-09-10
5.0
None Remote Low Not required None None Partial
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
15 CVE-2003-0651 Exec Code Overflow 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
16 CVE-2003-0650 Exec Code Dir. Trav. 2003-08-27 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.
17 CVE-2003-0649 Exec Code Overflow 2003-08-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
18 CVE-2003-0647 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
19 CVE-2003-0646 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings.
20 CVE-2003-0640 +Priv 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
21 CVE-2003-0639 2003-08-27 2016-10-17
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.
22 CVE-2003-0638 DoS Exec Code Overflow 2003-08-27 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."
23 CVE-2003-0637 2003-08-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
24 CVE-2003-0636 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
25 CVE-2003-0635 2003-08-27 2016-10-17
5.0
None Remote Low Not required None None Partial
Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.
26 CVE-2003-0634 Exec Code Overflow 2003-08-27 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
27 CVE-2003-0633 +Info 2003-08-27 2016-10-17
5.0
None Remote Low Not required Partial None None
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key.
28 CVE-2003-0632 Exec Code Overflow 2003-08-27 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
29 CVE-2003-0631 +Priv 2003-08-27 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
30 CVE-2003-0625 2003-08-27 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
31 CVE-2003-0619 DoS 2003-08-27 2017-10-10
5.0
None Remote Low Not required None None Partial
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.
32 CVE-2003-0616 Exec Code 2003-08-27 2013-07-23
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
33 CVE-2003-0610 Dir. Trav. 2003-08-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
34 CVE-2003-0609 Overflow +Priv 2003-08-27 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
35 CVE-2003-0605 DoS +Priv 2003-08-27 2019-04-30
7.5
User Remote Low Not required Partial Partial Partial
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
36 CVE-2003-0604 Bypass 2003-08-27 2018-08-13
7.5
User Remote Low Not required Partial Partial Partial
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
37 CVE-2003-0602 XSS 2003-08-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
38 CVE-2003-0599 2003-08-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
39 CVE-2003-0597 +Priv 2003-08-27 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.
40 CVE-2003-0595 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
41 CVE-2003-0590 XSS 2003-08-18 2016-10-17
7.1
None Remote Medium Not required None Complete None
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
42 CVE-2003-0589 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
43 CVE-2003-0588 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
44 CVE-2003-0587 XSS 2003-08-18 2016-10-17
6.9
Admin Local Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
45 CVE-2003-0586 +Info 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php.
46 CVE-2003-0585 Exec Code Sql Bypass 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
47 CVE-2003-0584 Exec Code 2003-08-18 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.
48 CVE-2003-0583 Exec Code Overflow 2003-08-18 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument.
49 CVE-2003-0581 DoS Exec Code 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access.
50 CVE-2003-0580 Exec Code Overflow 2003-08-18 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument.
Total number of vulnerabilities : 158   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.