CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15001 CVE-2004-0040 Exec Code Overflow 2004-03-03 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
15002 CVE-2004-0039 Exec Code 2004-03-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
15003 CVE-2004-0002 DoS 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.
15004 CVE-2003-1603 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
15005 CVE-2003-1595 264 2010-04-05 2010-04-06
10.0
None Remote Low Not required Complete Complete Complete
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.
15006 CVE-2003-1576 119 Exec Code Overflow 2010-01-28 2010-01-31
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
15007 CVE-2003-1573 89 DoS Sql +Info 2009-06-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
15008 CVE-2003-1572 DoS 2009-06-01 2009-06-02
9.3
None Remote Medium Not required Complete Complete Complete
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
15009 CVE-2003-1564 189 DoS 2003-12-31 2008-10-24
9.3
Admin Remote Medium Not required Complete Complete Complete
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
15010 CVE-2003-1551 2003-12-31 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
15011 CVE-2003-1525 2003-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
15012 CVE-2003-1509 2003-12-31 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
15013 CVE-2003-1507 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
15014 CVE-2003-1503 119 Exec Code Overflow 2003-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
15015 CVE-2003-1496 119 Overflow +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
15016 CVE-2003-1495 264 DoS +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
15017 CVE-2003-1487 20 Exec Code 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
15018 CVE-2003-1470 119 DoS Exec Code Overflow 2003-12-31 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
15019 CVE-2003-1432 94 DoS Exec Code 2003-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
15020 CVE-2003-1425 20 Exec Code 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
15021 CVE-2003-1422 16 +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
15022 CVE-2003-1398 200 DoS +Info 2003-12-31 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
15023 CVE-2003-1395 119 DoS Exec Code Overflow 2003-12-31 2017-07-28
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
15024 CVE-2003-1388 119 Overflow 2003-12-31 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
15025 CVE-2003-1361 +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
15026 CVE-2003-1357 16 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
15027 CVE-2003-1346 264 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
15028 CVE-2003-1339 119 DoS Exec Code Overflow 2003-12-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.
15029 CVE-2003-1336 119 Exec Code Overflow 2003-12-31 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
15030 CVE-2003-1333 2003-12-31 2010-06-23
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
15031 CVE-2003-1327 Exec Code Overflow 2003-12-31 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
15032 CVE-2003-1322 Exec Code Overflow 2003-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
15033 CVE-2003-1309 +Priv 2003-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
15034 CVE-2003-1272 DoS Exec Code Overflow 2003-12-31 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
15035 CVE-2003-1245 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
15036 CVE-2003-1236 Exec Code 2003-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
15037 CVE-2003-1208 Exec Code Overflow 2004-12-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
15038 CVE-2003-1202 Exec Code 2003-08-19 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
15039 CVE-2003-1192 Exec Code Overflow 2003-11-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
15040 CVE-2003-1160 +Priv Bypass 2003-10-30 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
15041 CVE-2003-1144 Exec Code Overflow 2003-11-04 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
15042 CVE-2003-1142 +Priv 2003-11-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
15043 CVE-2003-1140 Exec Code Overflow 2003-10-27 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
15044 CVE-2003-1121 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
15045 CVE-2003-1104 Exec Code Overflow 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
15046 CVE-2003-1096 +Priv 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
15047 CVE-2003-1090 Exec Code Overflow 2003-02-06 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.
15048 CVE-2003-1083 Exec Code Overflow 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
15049 CVE-2003-1081 264 2003-09-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
15050 CVE-2003-1048 119 DoS Overflow 2004-07-27 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.