CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15451 CVE-2003-0222 119 Exec Code Overflow 2003-05-12 2017-07-10
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
15452 CVE-2003-0216 287 Bypass 2003-05-12 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
15453 CVE-2003-0209 Exec Code Overflow 2003-05-05 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
15454 CVE-2003-0201 Exec Code Overflow 2003-05-05 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
15455 CVE-2003-0196 DoS Exec Code Overflow 2003-05-05 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
15456 CVE-2003-0178 DoS Exec Code Overflow 2003-04-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
15457 CVE-2003-0170 +Priv 2004-03-29 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
15458 CVE-2003-0161 DoS Exec Code Overflow 2003-04-02 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
15459 CVE-2003-0150 +Priv 2003-03-24 2019-10-07
9.0
Admin Remote Low Single system Complete Complete Complete
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
15460 CVE-2003-0143 Exec Code Overflow 2003-03-18 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.
15461 CVE-2003-0101 +Priv 2003-03-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
15462 CVE-2003-0098 +Priv 2003-03-03 2018-09-26
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
15463 CVE-2003-0096 119 Exec Code Overflow 2003-03-03 2016-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
15464 CVE-2003-0095 119 Exec Code Overflow 2003-03-03 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
15465 CVE-2003-0085 Exec Code Overflow 2003-03-31 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
15466 CVE-2003-0041 Exec Code 2003-02-19 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
15467 CVE-2003-0033 Exec Code Overflow 2003-03-07 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.
15468 CVE-2003-0030 Exec Code Overflow 2003-03-18 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.
15469 CVE-2002-2446 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.
15470 CVE-2002-2445 2015-08-04 2015-09-03
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors.
15471 CVE-2002-2425 264 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
15472 CVE-2002-2417 287 +Priv 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
15473 CVE-2002-2411 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.
15474 CVE-2002-2402 2002-12-31 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.
15475 CVE-2002-2400 119 DoS Exec Code Overflow 2002-12-31 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
15476 CVE-2002-2397 287 Bypass 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
15477 CVE-2002-2390 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
15478 CVE-2002-2374 59 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
15479 CVE-2002-2368 119 DoS Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
15480 CVE-2002-2365 20 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.
15481 CVE-2002-2360 264 Exec Code 2002-12-31 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
15482 CVE-2002-2290 255 +Priv 2002-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
15483 CVE-2002-2281 Exec Code 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler.
15484 CVE-2002-2279 287 2002-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions.
15485 CVE-2002-2269 22 Dir. Trav. 2002-12-31 2017-07-28
9.4
None Remote Low Not required Complete Complete None
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
15486 CVE-2002-2268 119 Exec Code Overflow 2002-12-31 2017-07-28
9.4
None Remote Low Not required Complete Complete None
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
15487 CVE-2002-2264 DoS 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain.
15488 CVE-2002-2257 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.
15489 CVE-2002-2253 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string.
15490 CVE-2002-2251 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the changevalue function in libcgi.h for Marcos Luiz Onisto Lib CGI 0.1 allows remote attackers to execute arbitrary code via a long argument.
15491 CVE-2002-2250 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allow remote attackers to execute arbitrary code via (1) a long parameter to the xp_freedll extended stored procedure or (2) a long database name argument to the DBCC CHECKVERIFY function.
15492 CVE-2002-2248 119 Exec Code Overflow 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
15493 CVE-2002-2236 20 Exec Code 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.
15494 CVE-2002-2227 119 DoS Overflow Mem. Corr. 2002-12-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
15495 CVE-2002-2218 +Priv 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value.
15496 CVE-2002-2209 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors.
15497 CVE-2002-2207 Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.
15498 CVE-2002-2201 Exec Code 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
15499 CVE-2002-2198 Exec Code Overflow 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname.
15500 CVE-2002-2176 Sql 2002-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.