CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2003-1309 +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
802 CVE-2003-1322 Exec Code Overflow 2003-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
803 CVE-2003-1333 2003-12-31 2010-06-23
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
804 CVE-2003-1339 119 DoS Exec Code Overflow 2003-12-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.
805 CVE-2003-1346 264 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
806 CVE-2003-1357 16 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
807 CVE-2003-1361 +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
808 CVE-2003-1422 16 +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
809 CVE-2003-1425 20 Exec Code 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
810 CVE-2003-1432 94 DoS Exec Code 2003-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
811 CVE-2003-1487 20 Exec Code 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
812 CVE-2003-1495 264 DoS +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
813 CVE-2003-1496 119 Overflow +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
814 CVE-2003-1503 119 Exec Code Overflow 2003-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
815 CVE-2003-1507 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
816 CVE-2003-1509 2003-12-31 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
817 CVE-2003-1525 2003-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
818 CVE-2003-1551 2003-12-31 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
819 CVE-2003-1573 89 DoS Sql +Info 2009-06-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
820 CVE-2003-1576 119 Exec Code Overflow 2010-01-28 2010-01-31
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
821 CVE-2003-1595 264 2010-04-05 2010-04-06
10.0
None Remote Low Not required Complete Complete Complete
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.
822 CVE-2003-1603 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
823 CVE-2004-0002 DoS 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.
824 CVE-2004-0039 Exec Code 2004-03-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
825 CVE-2004-0040 Exec Code Overflow 2004-03-03 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
826 CVE-2004-0083 Exec Code Overflow 2004-03-03 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
827 CVE-2004-0084 Exec Code Overflow 2004-03-03 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
828 CVE-2004-0090 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
829 CVE-2004-0092 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
830 CVE-2004-0097 DoS Exec Code 2004-03-03 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
831 CVE-2004-0139 2005-01-10 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors.
832 CVE-2004-0168 2004-03-15 2018-09-26
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
833 CVE-2004-0185 DoS Exec Code Overflow 2004-03-15 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
834 CVE-2004-0201 Exec Code Overflow 2004-08-06 2019-04-30
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
835 CVE-2004-0209 Exec Code 2004-11-03 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
836 CVE-2004-0212 Exec Code Overflow 2004-08-06 2019-04-30
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
837 CVE-2004-0214 DoS Exec Code Overflow 2004-11-03 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
838 CVE-2004-0216 Exec Code Overflow 2004-11-03 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
839 CVE-2004-0220 119 DoS Overflow 2004-05-04 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
840 CVE-2004-0226 DoS Exec Code Overflow 2004-08-18 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
841 CVE-2004-0234 119 Exec Code Overflow 2004-08-18 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
842 CVE-2004-0236 Sql 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.
843 CVE-2004-0239 Sql 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
844 CVE-2004-0241 Exec Code 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
845 CVE-2004-0246 Exec Code File Inclusion 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter.
846 CVE-2004-0249 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
847 CVE-2004-0250 +Priv Sql 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.
848 CVE-2004-0253 DoS Exec Code Sql 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.
849 CVE-2004-0261 Bypass 2004-11-23 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.
850 CVE-2004-0262 Exec Code Overflow 2004-11-23 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.