Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1018 | 1 Ibm | 1 Aix | 2025-04-03 | N/A |
| Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors. | ||||
| CVE-2003-1020 | 2 Irssi, Mandrakesoft | 2 Irssi, Mandrake Linux | 2025-04-03 | N/A |
| The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash). | ||||
| CVE-2003-1044 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID. | ||||
| CVE-2003-1046 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products. | ||||
| CVE-2005-2847 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-03 | N/A |
| img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | ||||
| CVE-2003-1049 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | N/A |
| IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | ||||
| CVE-2005-3214 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | N/A |
| Multiple interpretation error in unspecified versions of Avast Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | ||||
| CVE-2003-1088 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | ||||
| CVE-2003-1089 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | N/A |
| index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message. | ||||
| CVE-2003-1111 | 1 Dynamicsoft | 1 Appengine | 2025-04-03 | N/A |
| The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | ||||
| CVE-2003-1113 | 1 Iptel | 1 Sip Express Router | 2025-04-03 | N/A |
| The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | ||||
| CVE-2003-1115 | 1 Nortel | 1 Succession Communication Server 2000 | 2025-04-03 | N/A |
| The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | ||||
| CVE-2003-1116 | 1 Oracle | 1 E-business Suite | 2025-04-03 | N/A |
| The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. | ||||
| CVE-2003-1171 | 1 Mod Security | 1 Mod Security | 2025-04-03 | N/A |
| Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data. | ||||
| CVE-2003-1172 | 1 Apache | 1 Cocoon | 2025-04-03 | N/A |
| Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2003-1175 | 1 Synthetic Reality | 1 Sympoll | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter. | ||||
| CVE-2003-1176 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2025-04-03 | N/A |
| post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter. | ||||
| CVE-2003-1205 | 1 Crob | 1 Crob Ftp Server | 2025-04-03 | N/A |
| Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name. | ||||
| CVE-2003-1223 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. | ||||
| CVE-2003-1225 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. | ||||