The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
Max CVSS
10.0
EPSS Score
0.80%
Published
2003-08-19
Updated
2017-07-11
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
Max CVSS
7.5
EPSS Score
1.62%
Published
2003-08-20
Updated
2018-10-30
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
Max CVSS
7.5
EPSS Score
7.72%
Published
2003-08-27
Updated
2021-07-23
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
Max CVSS
7.5
EPSS Score
0.42%
Published
2003-08-27
Updated
2017-10-11
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
Max CVSS
7.5
EPSS Score
0.42%
Published
2003-08-27
Updated
2016-10-18
Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
Max CVSS
7.5
EPSS Score
0.38%
Published
2003-08-27
Updated
2008-09-10
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-08-27
Updated
2008-09-10
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
Max CVSS
7.5
EPSS Score
0.10%
Published
2003-08-27
Updated
2008-09-05
rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-08-27
Updated
2016-10-18
Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
Max CVSS
7.5
EPSS Score
0.40%
Published
2003-08-27
Updated
2008-09-10
Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Max CVSS
7.5
EPSS Score
1.04%
Published
2003-08-27
Updated
2008-09-05
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.
Max CVSS
7.5
EPSS Score
4.33%
Published
2003-08-27
Updated
2016-10-18
Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-08-27
Updated
2008-09-10
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
Max CVSS
7.5
EPSS Score
2.35%
Published
2003-08-27
Updated
2008-09-10
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings.
Max CVSS
7.5
EPSS Score
2.42%
Published
2003-08-27
Updated
2008-09-10
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
Max CVSS
10.0
EPSS Score
0.22%
Published
2003-08-27
Updated
2008-09-05
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."
Max CVSS
7.5
EPSS Score
0.82%
Published
2003-08-27
Updated
2016-10-18
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
Max CVSS
7.5
EPSS Score
0.17%
Published
2003-08-27
Updated
2008-09-05
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
Max CVSS
7.5
EPSS Score
1.44%
Published
2003-08-27
Updated
2017-07-11
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
Max CVSS
7.5
EPSS Score
1.37%
Published
2003-08-27
Updated
2016-10-18
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-08-27
Updated
2016-10-18
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
Max CVSS
7.5
EPSS Score
1.26%
Published
2003-08-27
Updated
2024-02-15
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
Max CVSS
7.5
EPSS Score
1.72%
Published
2003-08-27
Updated
2013-07-23
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-08-27
Updated
2018-10-30
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
Max CVSS
7.5
EPSS Score
96.78%
Published
2003-08-27
Updated
2019-04-30
96 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!