CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15251 CVE-2003-1160 +Priv Bypass 2003-10-30 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
15252 CVE-2003-1144 Exec Code Overflow 2003-11-04 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
15253 CVE-2003-1142 +Priv 2003-11-03 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
15254 CVE-2003-1140 Exec Code Overflow 2003-10-27 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
15255 CVE-2003-1121 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
15256 CVE-2003-1104 Exec Code Overflow 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
15257 CVE-2003-1096 +Priv 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
15258 CVE-2003-1090 Exec Code Overflow 2003-02-06 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.
15259 CVE-2003-1083 Exec Code Overflow 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
15260 CVE-2003-1081 264 2003-09-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
15261 CVE-2003-1048 119 DoS Overflow 2004-07-27 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
15262 CVE-2003-1043 Sql 2004-08-18 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
15263 CVE-2003-1042 Sql 2004-08-18 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
15264 CVE-2003-1027 2004-01-20 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
15265 CVE-2003-1026 264 Bypass 2004-01-20 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
15266 CVE-2003-1009 +Priv 2004-03-29 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
15267 CVE-2003-0972 Exec Code Overflow 2003-12-15 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
15268 CVE-2003-0968 Exec Code Overflow 2003-12-15 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
15269 CVE-2003-0959 DoS Overflow +Priv 2003-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.
15270 CVE-2003-0903 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
15271 CVE-2003-0886 Exec Code 2003-12-01 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.
15272 CVE-2003-0861 Overflow 2003-11-17 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
15273 CVE-2003-0860 Overflow 2003-11-17 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
15274 CVE-2003-0831 119 Exec Code Overflow 2003-11-17 2017-10-04
9.0
Admin Remote Low Single system Complete Complete Complete
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
15275 CVE-2003-0825 20 DoS Exec Code 2004-03-03 2019-04-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
15276 CVE-2003-0819 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
15277 CVE-2003-0789 2003-11-03 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
15278 CVE-2003-0786 +Priv 2003-11-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
15279 CVE-2003-0784 +Priv 2003-10-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
15280 CVE-2003-0782 DoS Exec Code Overflow 2004-05-04 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
15281 CVE-2003-0781 2004-05-04 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
15282 CVE-2003-0780 Exec Code Overflow 2003-09-22 2016-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
15283 CVE-2003-0755 Exec Code Overflow 2003-10-20 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.
15284 CVE-2003-0745 +Priv 2003-10-20 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server.
15285 CVE-2003-0734 Bypass 2003-10-20 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
15286 CVE-2003-0732 +Priv +Info 2003-10-20 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
15287 CVE-2003-0731 +Priv 2003-10-20 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
15288 CVE-2003-0722 +Priv 2003-09-22 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
15289 CVE-2003-0715 Exec Code Overflow 2003-09-17 2019-04-30
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
15290 CVE-2003-0694 Exec Code Overflow 2003-10-06 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
15291 CVE-2003-0693 Exec Code 2003-09-22 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
15292 CVE-2003-0690 +Priv 2003-10-06 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
15293 CVE-2003-0662 119 Exec Code Overflow 2003-11-17 2019-04-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
15294 CVE-2003-0648 Exec Code Overflow 2004-05-04 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
15295 CVE-2003-0640 +Priv 2003-08-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
15296 CVE-2003-0599 2003-08-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
15297 CVE-2003-0589 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
15298 CVE-2003-0588 Bypass 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
15299 CVE-2003-0575 Overflow +Priv 2003-08-27 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.
15300 CVE-2003-0560 +Priv Sql 2003-08-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.