| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
105351 |
CVE-2003-1082 |
|
|
Overflow +Priv |
2003-12-31 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068. |
|
105352 |
CVE-2003-1081 |
264 |
|
|
2003-09-09 |
2018-10-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file. |
|
105353 |
CVE-2003-1079 |
|
|
DoS |
2003-02-18 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated. |
|
105354 |
CVE-2003-1078 |
|
|
|
2003-02-28 |
2018-10-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login. |
|
105355 |
CVE-2003-1076 |
|
|
DoS +Priv |
2003-12-31 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file. |
|
105356 |
CVE-2003-1075 |
|
|
DoS |
2003-01-27 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients. |
|
105357 |
CVE-2003-1074 |
|
|
+Priv |
2003-03-28 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges. |
|
105358 |
CVE-2003-1070 |
|
|
DoS |
2003-04-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash). |
|
105359 |
CVE-2003-1069 |
|
|
DoS |
2003-06-03 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop). |
|
105360 |
CVE-2003-1068 |
|
|
Overflow +Priv |
2003-06-06 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082. |
|
105361 |
CVE-2003-1067 |
|
|
Overflow +Priv |
2003-06-19 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions. |
|
105362 |
CVE-2003-1066 |
|
|
DoS Exec Code Overflow |
2003-12-31 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets. |
|
105363 |
CVE-2003-1064 |
|
|
DoS |
2003-07-23 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet. |
|
105364 |
CVE-2003-1063 |
|
|
Bypass |
2003-08-20 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy. |
|
105365 |
CVE-2003-1062 |
|
|
|
2003-10-15 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory. |
|
105366 |
CVE-2003-1060 |
|
|
DoS |
2003-10-27 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference. |
|
105367 |
CVE-2003-1059 |
|
|
|
2003-11-20 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access. |
|
105368 |
CVE-2003-1057 |
|
|
Exec Code |
2003-12-08 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code. |
|
105369 |
CVE-2003-1056 |
|
|
|
2003-12-11 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
|
105370 |
CVE-2003-1055 |
|
|
Overflow |
2003-07-03 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup. |
|
105371 |
CVE-2003-1054 |
|
|
DoS |
2003-04-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference. |
|
105372 |
CVE-2003-1053 |
|
|
Exec Code Overflow |
2003-10-03 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable. |
|
105373 |
CVE-2003-1052 |
|
|
+Priv |
2004-09-28 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. |
|
105374 |
CVE-2003-1051 |
|
|
Exec Code |
2004-09-28 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. |
|
105375 |
CVE-2003-1050 |
|
|
Exec Code Overflow |
2004-09-28 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. |
|
105376 |
CVE-2003-1049 |
|
|
|
2004-09-28 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. |
|
105377 |
CVE-2003-1048 |
119 |
|
DoS Overflow |
2004-07-27 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. |
|
105378 |
CVE-2003-1046 |
|
|
|
2004-08-18 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products. |
|
105379 |
CVE-2003-1045 |
|
|
|
2004-08-18 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter. |
|
105380 |
CVE-2003-1044 |
|
|
|
2004-08-18 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID. |
|
105381 |
CVE-2003-1043 |
|
|
Sql |
2004-08-18 |
2017-07-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi. |
|
105382 |
CVE-2003-1042 |
|
|
Sql |
2004-08-18 |
2017-07-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name. |
|
105383 |
CVE-2003-1041 |
|
|
Dir. Trav. |
2004-06-14 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. |
|
105384 |
CVE-2003-1039 |
|
|
Exec Code Overflow |
2004-04-15 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server. |
|
105385 |
CVE-2003-1038 |
|
|
+Info |
2004-04-15 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. |
|
105386 |
CVE-2003-1037 |
|
|
Exec Code |
2004-04-15 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level." |
|
105387 |
CVE-2003-1036 |
|
|
Exec Code Overflow |
2004-04-15 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header. |
|
105388 |
CVE-2003-1035 |
|
|
Bypass |
2004-04-15 |
2018-10-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. |
|
105389 |
CVE-2003-1034 |
|
|
+Priv |
2004-04-15 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. |
|
105390 |
CVE-2003-1033 |
|
|
+Priv |
2004-04-15 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program. |
|
105391 |
CVE-2003-1032 |
|
|
DoS Overflow |
2004-02-17 |
2016-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow. |
|
105392 |
CVE-2003-1031 |
|
|
XSS |
2004-02-17 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." |
|
105393 |
CVE-2003-1030 |
|
|
Exec Code Overflow |
2004-02-17 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. |
|
105394 |
CVE-2003-1029 |
|
|
DoS |
2004-02-17 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. |
|
105395 |
CVE-2003-1028 |
|
|
Bypass |
2004-01-20 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. |
|
105396 |
CVE-2003-1027 |
|
|
|
2004-01-20 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." |
|
105397 |
CVE-2003-1026 |
264 |
|
Bypass |
2004-01-20 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." |
|
105398 |
CVE-2003-1025 |
20 |
|
|
2004-01-20 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the [email protected] portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." |
|
105399 |
CVE-2003-1024 |
|
|
+Priv |
2004-01-20 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges. |
|
105400 |
CVE-2003-1023 |
|
|
Exec Code Overflow |
2004-01-20 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion. |
