CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2003-0605 DoS +Priv 2003-08-27 2019-04-30
7.5
User Remote Low Not required Partial Partial Partial
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
52 CVE-2003-0604 Bypass 2003-08-27 2018-08-13
7.5
User Remote Low Not required Partial Partial Partial
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
53 CVE-2003-0603 2003-08-27 2008-09-05
2.1
None Local Low Not required None Partial None
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
54 CVE-2003-0602 XSS 2003-08-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
55 CVE-2003-0599 2003-08-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
56 CVE-2003-0597 +Priv 2003-08-27 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.
57 CVE-2003-0596 2003-08-27 2016-12-07
3.6
None Local Low Not required Partial Partial None
FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time.
58 CVE-2003-0595 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
59 CVE-2003-0590 XSS 2003-08-18 2016-10-17
7.1
None Remote Medium Not required None Complete None
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
60 CVE-2003-0589 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
61 CVE-2003-0588 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
62 CVE-2003-0587 XSS 2003-08-18 2016-10-17
6.9
Admin Local Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
63 CVE-2003-0586 +Info 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php.
64 CVE-2003-0585 Exec Code Sql Bypass 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
65 CVE-2003-0584 Exec Code 2003-08-18 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.
66 CVE-2003-0583 Exec Code Overflow 2003-08-18 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument.
67 CVE-2003-0581 DoS Exec Code 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access.
68 CVE-2003-0580 Exec Code Overflow 2003-08-18 2016-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument.
69 CVE-2003-0579 Exec Code +Priv 2003-08-18 2016-10-17
4.6
User Local Low Not required Partial Partial Partial
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.
70 CVE-2003-0578 +Priv 2003-08-18 2016-10-17
4.6
User Local Low Not required Partial Partial Partial
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
71 CVE-2003-0577 DoS Exec Code 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
72 CVE-2003-0576 DoS 2003-08-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619.
73 CVE-2003-0575 Overflow +Priv 2003-08-27 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.
74 CVE-2003-0574 +Priv 2003-08-18 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028.
75 CVE-2003-0573 2003-08-18 2008-09-05
5.0
None Remote Low Not required None None Partial
The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact.
76 CVE-2003-0572 DoS 2003-08-18 2017-07-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption).
77 CVE-2003-0567 20 DoS 2003-08-18 2018-10-30
7.8
None Remote Low Not required None None Complete
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
78 CVE-2003-0562 DoS Overflow 2003-08-27 2016-10-17
5.0
None Remote Low Not required None None Partial
Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.
79 CVE-2003-0561 Exec Code Overflow 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands.
80 CVE-2003-0560 +Priv Sql 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
81 CVE-2003-0559 Exec Code 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code.
82 CVE-2003-0558 Exec Code Overflow 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.
83 CVE-2003-0557 Sql +Info 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
84 CVE-2003-0556 DoS 2003-08-18 2016-10-17
5.0
None Remote Low Not required None None Partial
Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
85 CVE-2003-0555 DoS Exec Code 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
86 CVE-2003-0554 DoS 2003-08-18 2016-10-17
5.0
None Remote Low Not required None None Partial
NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports.
87 CVE-2003-0553 Exec Code Overflow 2003-08-18 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
88 CVE-2003-0552 2003-08-27 2017-10-10
5.0
None Remote Low Not required None Partial None
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
89 CVE-2003-0551 DoS 2003-08-27 2017-10-10
5.0
None Remote Low Not required None None Partial
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
90 CVE-2003-0550 2003-08-27 2017-10-10
5.0
None Remote Low Not required None Partial None
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
91 CVE-2003-0549 DoS 2003-08-27 2017-10-10
5.0
None Remote Low Not required None None Partial
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
92 CVE-2003-0548 DoS 2003-08-27 2017-10-10
5.0
None Remote Low Not required None None Partial
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
93 CVE-2003-0547 2003-08-27 2017-10-10
2.1
None Local Low Not required Partial None None
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
94 CVE-2003-0546 2003-08-27 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
95 CVE-2003-0540 DoS 2003-08-27 2017-10-10
5.0
None Remote Low Not required None None Partial
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
96 CVE-2003-0539 2003-08-18 2017-10-10
4.6
User Local Low Not required Partial Partial Partial
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.
97 CVE-2003-0538 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.
98 CVE-2003-0537 2003-08-18 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.
99 CVE-2003-0536 DoS Dir. Trav. 2003-08-18 2016-10-17
3.6
None Local Low Not required Partial None Partial
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
100 CVE-2003-0535 Overflow +Priv 2003-08-18 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option.
Total number of vulnerabilities : 205   Page : 1 2 (This Page)3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.