| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2003-1558 |
119 |
|
DoS Exec Code Overflow |
2003-12-31 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function. |
|
2 |
CVE-2003-1557 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2018-10-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters. |
|
3 |
CVE-2003-1552 |
264 |
|
Exec Code |
2003-12-31 |
2018-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/. |
|
4 |
CVE-2003-1538 |
20 |
|
Exec Code |
2003-12-31 |
2008-09-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries. |
|
5 |
CVE-2003-1533 |
89 |
|
Exec Code Sql |
2003-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. |
|
6 |
CVE-2003-1532 |
89 |
|
Exec Code Sql |
2003-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters. |
|
7 |
CVE-2003-1530 |
89 |
|
Exec Code Sql |
2003-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter. |
|
8 |
CVE-2003-1523 |
89 |
|
Exec Code Sql |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors. |
|
9 |
CVE-2003-1520 |
89 |
|
Exec Code Sql |
2003-12-31 |
2008-09-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter. |
|
10 |
CVE-2003-1504 |
89 |
|
Exec Code Sql |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. |
|
11 |
CVE-2003-1503 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. |
|
12 |
CVE-2003-1500 |
94 |
|
Exec Code File Inclusion |
2003-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. |
|
13 |
CVE-2003-1487 |
20 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. |
|
14 |
CVE-2003-1474 |
264 |
|
Exec Code |
2003-12-31 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris. |
|
15 |
CVE-2003-1473 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable. |
|
16 |
CVE-2003-1472 |
119 |
|
DoS Exec Code Overflow |
2003-12-31 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner. |
|
17 |
CVE-2003-1470 |
119 |
|
DoS Exec Code Overflow |
2003-12-31 |
2017-07-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name. |
|
18 |
CVE-2003-1461 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473). |
|
19 |
CVE-2003-1459 |
94 |
|
Exec Code File Inclusion |
2003-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. |
|
20 |
CVE-2003-1458 |
89 |
|
Exec Code Sql |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name. |
|
21 |
CVE-2003-1456 |
20 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. |
|
22 |
CVE-2003-1455 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code. |
|
23 |
CVE-2003-1452 |
16 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. |
|
24 |
CVE-2003-1451 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename. |
|
25 |
CVE-2003-1446 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde). |
|
26 |
CVE-2003-1445 |
119 |
|
DoS Exec Code Overflow |
2003-12-31 |
2017-07-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname. |
|
27 |
CVE-2003-1436 |
94 |
|
Exec Code File Inclusion |
2003-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter. |
|
28 |
CVE-2003-1435 |
89 |
|
Exec Code Sql |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. |
|
29 |
CVE-2003-1432 |
94 |
|
DoS Exec Code |
2003-12-31 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. |
|
30 |
CVE-2003-1429 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request. |
|
31 |
CVE-2003-1426 |
16 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable. |
|
32 |
CVE-2003-1425 |
20 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter. |
|
33 |
CVE-2003-1412 |
94 |
|
Exec Code File Inclusion |
2003-12-31 |
2018-10-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php. |
|
34 |
CVE-2003-1411 |
94 |
|
Exec Code File Inclusion |
2003-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. |
|
35 |
CVE-2003-1410 |
94 |
|
Exec Code File Inclusion |
2003-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. |
|
36 |
CVE-2003-1407 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. |
|
37 |
CVE-2003-1406 |
94 |
|
Exec Code File Inclusion |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. |
|
38 |
CVE-2003-1405 |
20 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. |
|
39 |
CVE-2003-1402 |
20 |
|
Exec Code File Inclusion |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. |
|
40 |
CVE-2003-1396 |
787 |
|
DoS Exec Code Overflow |
2003-12-31 |
2022-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. |
|
41 |
CVE-2003-1395 |
119 |
|
DoS Exec Code Overflow |
2003-12-31 |
2017-07-29 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
|
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server. |
|
42 |
CVE-2003-1393 |
119 |
|
DoS Exec Code Overflow |
2003-12-31 |
2017-07-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command. |
|
43 |
CVE-2003-1387 |
120 |
|
Exec Code Overflow |
2003-12-31 |
2022-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username. |
|
44 |
CVE-2003-1385 |
94 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. |
|
45 |
CVE-2003-1382 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields. |
|
46 |
CVE-2003-1381 |
134 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command. |
|
47 |
CVE-2003-1378 |
264 |
|
Exec Code |
2003-12-31 |
2017-07-29 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
|
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. |
|
48 |
CVE-2003-1377 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
|
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname. |
|
49 |
CVE-2003-1375 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument. |
|
50 |
CVE-2003-1374 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options. |
