CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2002-1512 +Priv 2003-04-02 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file.
52 CVE-2002-1507 DoS 2003-04-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777.
53 CVE-2002-1506 Exec Code Overflow 2003-04-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.
54 CVE-2002-1505 +Priv Sql 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
55 CVE-2002-1504 Dir. Trav. 2003-04-02 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL.
56 CVE-2002-1503 Overflow +Priv 2003-04-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.
57 CVE-2002-1502 2003-04-02 2008-09-05
2.1
None Local Low Not required None Partial None
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.
58 CVE-2002-1501 DoS 2003-04-02 2008-09-05
5.0
None Remote Low Not required None None Partial
The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.
59 CVE-2002-1500 Overflow +Priv 2003-04-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().
60 CVE-2002-1499 Sql 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
61 CVE-2002-1498 Dir. Trav. 2003-04-02 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters.
62 CVE-2002-1497 XSS 2003-04-02 2018-05-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.
63 CVE-2002-1496 Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
64 CVE-2002-1495 XSS 2003-04-02 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
65 CVE-2002-1494 XSS 2003-04-02 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.
66 CVE-2002-1493 XSS 2003-04-02 2017-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
67 CVE-2002-1492 Overflow +Priv 2003-04-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
68 CVE-2002-1491 +Priv 2003-04-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
69 CVE-2002-1490 DoS Overflow 2003-04-02 2008-09-05
2.1
None Local Low Not required None None Partial
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
70 CVE-2002-1489 Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.
71 CVE-2002-1488 DoS 2003-04-02 2008-09-05
5.0
None Remote Low Not required None None Partial
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
72 CVE-2002-1487 DoS 2003-04-02 2008-09-05
5.0
None Remote Low Not required None None Partial
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
73 CVE-2002-1486 DoS Exec Code Overflow 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
74 CVE-2002-1485 DoS 2003-04-02 2008-09-05
5.0
None Remote Low Not required None None Partial
The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".
75 CVE-2002-1484 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
76 CVE-2002-1483 2003-04-22 2008-09-05
5.0
None Remote Low Not required Partial None None
db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot).
77 CVE-2002-1482 +Priv Sql 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
78 CVE-2002-1481 DoS Exec Code 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
79 CVE-2002-1480 XSS 2003-04-22 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
80 CVE-2002-1479 +Priv 2003-04-22 2017-07-18
4.6
User Local Low Not required Partial Partial Partial
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.
81 CVE-2002-1478 Exec Code 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
82 CVE-2002-1477 Exec Code 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
83 CVE-2002-1476 Exec Code Overflow 2003-04-22 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
84 CVE-2002-1475 DoS 2003-04-22 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.
85 CVE-2002-1474 DoS 2003-04-22 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.
86 CVE-2002-1473 DoS Exec Code Overflow 2003-04-22 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
87 CVE-2002-1471 2003-04-22 2008-09-05
5.0
None Remote Low Not required None Partial None
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
88 CVE-2002-1470 2003-04-22 2008-09-05
2.1
None Local Low Not required Partial None None
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
89 CVE-2002-1469 Bypass 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
90 CVE-2002-1468 Exec Code Overflow 2003-04-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
91 CVE-2002-1467 Bypass 2003-04-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
92 CVE-2002-1466 Exec Code 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
93 CVE-2002-1465 Exec Code Sql 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
94 CVE-2002-1464 XSS 2003-04-22 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.
95 CVE-2002-1443 2003-04-11 2017-10-09
5.0
None Remote Low Not required Partial None None
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
96 CVE-2002-1442 Bypass 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
97 CVE-2002-1441 Exec Code Overflow 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request.
98 CVE-2002-1440 +Priv 2003-04-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
99 CVE-2002-1439 2003-04-11 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
100 CVE-2002-1438 +Info 2003-04-11 2008-09-05
5.0
None Remote Low Not required Partial None None
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
Total number of vulnerabilities : 135   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.