| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
74651 |
CVE-2003-1124 |
|
|
|
2003-12-31 |
2017-07-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files. |
|
74652 |
CVE-2003-1122 |
|
|
Exec Code |
2003-12-31 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code. |
|
74653 |
CVE-2003-1120 |
|
|
|
2003-12-31 |
2017-07-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key. |
|
74654 |
CVE-2003-1119 |
|
|
DoS |
2003-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets. |
|
74655 |
CVE-2003-1116 |
|
|
Bypass +Info |
2003-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. |
|
74656 |
CVE-2003-1108 |
|
|
DoS Exec Code |
2003-12-31 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
|
74657 |
CVE-2003-1107 |
|
|
Bypass |
2003-12-31 |
2017-07-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. |
|
74658 |
CVE-2003-1106 |
|
|
DoS |
2003-12-31 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. |
|
74659 |
CVE-2003-1105 |
|
|
DoS |
2003-12-31 |
2018-10-12 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. |
|
74660 |
CVE-2003-1102 |
|
|
|
2003-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code. |
|
74661 |
CVE-2003-1101 |
|
|
|
2003-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message. |
|
74662 |
CVE-2003-1100 |
|
|
XSS |
2003-12-31 |
2017-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors. |
|
74663 |
CVE-2003-1099 |
|
|
DoS Exec Code |
2003-12-31 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. |
|
74664 |
CVE-2003-1095 |
|
|
|
2003-03-18 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. |
|
74665 |
CVE-2003-1093 |
|
|
|
2003-12-31 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. |
|
74666 |
CVE-2003-1089 |
|
|
|
2003-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message. |
|
74667 |
CVE-2003-1088 |
|
|
XSS |
2003-08-11 |
2017-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. |
|
74668 |
CVE-2003-1087 |
|
|
DoS |
2003-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic. |
|
74669 |
CVE-2003-1085 |
|
|
DoS Overflow |
2003-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. |
|
74670 |
CVE-2003-1084 |
|
|
DoS |
2003-11-24 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. |
|
74671 |
CVE-2003-1080 |
|
|
|
2003-02-11 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users. |
|
74672 |
CVE-2003-1079 |
|
|
DoS |
2003-02-18 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated. |
|
74673 |
CVE-2003-1077 |
|
|
DoS |
2003-03-05 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang). |
|
74674 |
CVE-2003-1075 |
|
|
DoS |
2003-01-27 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients. |
|
74675 |
CVE-2003-1073 |
|
|
|
2003-12-31 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place. |
|
74676 |
CVE-2003-1072 |
|
|
DoS |
2003-04-28 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption). |
|
74677 |
CVE-2003-1071 |
|
|
|
2003-01-03 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header. |
|
74678 |
CVE-2003-1070 |
|
|
DoS |
2003-04-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash). |
|
74679 |
CVE-2003-1069 |
|
|
DoS |
2003-06-03 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop). |
|
74680 |
CVE-2003-1066 |
|
|
DoS Exec Code Overflow |
2003-12-31 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets. |
|
74681 |
CVE-2003-1065 |
|
|
DoS |
2003-07-23 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash). |
|
74682 |
CVE-2003-1064 |
|
|
DoS |
2003-07-23 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet. |
|
74683 |
CVE-2003-1062 |
|
|
|
2003-10-15 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory. |
|
74684 |
CVE-2003-1061 |
|
|
DoS |
2003-10-14 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines. |
|
74685 |
CVE-2003-1060 |
|
|
DoS |
2003-10-27 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference. |
|
74686 |
CVE-2003-1058 |
|
|
DoS |
2003-12-03 |
2018-10-30 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files. |
|
74687 |
CVE-2003-1054 |
|
|
DoS |
2003-04-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference. |
|
74688 |
CVE-2003-1053 |
|
|
Exec Code Overflow |
2003-10-03 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable. |
|
74689 |
CVE-2003-1049 |
|
|
|
2004-09-28 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. |
|
74690 |
CVE-2003-1045 |
|
|
|
2004-08-18 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter. |
|
74691 |
CVE-2003-1040 |
|
|
DoS |
2004-04-15 |
2018-08-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod. |
|
74692 |
CVE-2003-1038 |
|
|
+Info |
2004-04-15 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. |
|
74693 |
CVE-2003-1034 |
|
|
+Priv |
2004-04-15 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. |
|
74694 |
CVE-2003-1032 |
|
|
DoS Overflow |
2004-02-17 |
2016-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow. |
|
74695 |
CVE-2003-1031 |
|
|
XSS |
2004-02-17 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." |
|
74696 |
CVE-2003-1029 |
|
|
DoS |
2004-02-17 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. |
|
74697 |
CVE-2003-1028 |
|
|
Bypass |
2004-01-20 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. |
|
74698 |
CVE-2003-1025 |
20 |
|
|
2004-01-20 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the [email protected] portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." |
|
74699 |
CVE-2003-1020 |
|
|
DoS |
2004-01-05 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash). |
|
74700 |
CVE-2003-1017 |
|
|
|
2004-01-05 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names. |
