CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2003 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1202 Exec Code 2003-08-19 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
2 CVE-2003-0640 +Priv 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
3 CVE-2003-0599 2003-08-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
4 CVE-2003-0589 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
5 CVE-2003-0588 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
6 CVE-2003-0575 Overflow +Priv 2003-08-27 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.
7 CVE-2003-0560 +Priv Sql 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
8 CVE-2003-0522 +Priv Sql 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.
9 CVE-2003-0509 +Priv Sql 2003-08-07 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
10 CVE-2003-0502 DoS 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
11 CVE-2003-0500 +Priv Sql Bypass 2003-08-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
12 CVE-2003-0494 +Priv 2003-08-07 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
13 CVE-2003-0493 +Priv 2003-08-07 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
14 CVE-2003-0478 DoS Exec Code 2003-08-07 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.
15 CVE-2003-0473 2003-08-07 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications.
16 CVE-2003-0466 Exec Code Overflow 2003-08-27 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
17 CVE-2003-0453 Exec Code Overflow 2003-08-07 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
18 CVE-2003-0426 +Priv 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
19 CVE-2003-0421 DoS 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
20 CVE-2003-0252 DoS Exec Code 2003-08-18 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.