CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2003 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1216 +Priv Sql 2003-11-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
2 CVE-2003-1196 Exec Code Sql 2003-11-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
3 CVE-2003-1195 Exec Code Sql 2003-11-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable.
4 CVE-2003-1193 Exec Code Sql 2003-11-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
5 CVE-2003-1192 Exec Code Overflow 2003-11-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
6 CVE-2003-1188 DoS 2003-11-02 2017-07-11
5.0
None Remote Low Not required None None Partial
Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit.
7 CVE-2003-1187 XSS 2003-11-02 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.
8 CVE-2003-1185 Sql 2003-11-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
9 CVE-2003-1182 XSS 2003-11-03 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
10 CVE-2003-1145 XSS 2003-11-03 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
11 CVE-2003-1144 Exec Code Overflow 2003-11-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
12 CVE-2003-1142 +Priv 2003-11-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
13 CVE-2003-1141 Exec Code Overflow 2003-11-04 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515.
14 CVE-2003-1084 DoS 2003-11-24 2017-07-11
5.0
None Remote Low Not required None None Partial
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
15 CVE-2003-1059 2003-11-20 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
16 CVE-2003-0901 Exec Code Overflow 2003-11-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.
17 CVE-2003-0899 119 Exec Code Overflow 2003-11-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.
18 CVE-2003-0896 Exec Code Bypass 2003-11-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.
19 CVE-2003-0882 2003-11-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
20 CVE-2003-0881 +Priv 2003-11-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.
21 CVE-2003-0874 Sql 2003-11-17 2017-07-11
5.0
None Remote Low Not required None Partial None
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.
22 CVE-2003-0871 2003-11-03 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
23 CVE-2003-0870 787 Exec Code Overflow 2003-11-17 2022-03-01
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
24 CVE-2003-0866 DoS 2003-11-17 2019-03-25
5.0
None Remote Low Not required None None Partial
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
25 CVE-2003-0865 Exec Code Overflow 2003-11-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
26 CVE-2003-0864 DoS Overflow 2003-11-17 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.
27 CVE-2003-0863 2003-11-17 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
28 CVE-2003-0861 Overflow 2003-11-17 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
29 CVE-2003-0860 Overflow 2003-11-17 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
30 CVE-2003-0855 DoS 2003-11-03 2008-09-05
7.8
None Remote Low Not required None None Complete
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.
31 CVE-2003-0853 DoS Exec Code Overflow 2003-11-17 2008-09-10
5.0
None Remote Low Not required None None Partial
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
32 CVE-2003-0852 DoS 2003-11-17 2017-07-11
5.0
None Remote Low Not required None None Partial
Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.
33 CVE-2003-0850 Exec Code Mem. Corr. 2003-11-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
34 CVE-2003-0849 Exec Code Overflow 2003-11-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
35 CVE-2003-0845 89 Exec Code Sql 2003-11-17 2020-03-24
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
36 CVE-2003-0843 Exec Code 2003-11-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
37 CVE-2003-0842 Exec Code Overflow 2003-11-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header.
38 CVE-2003-0841 2003-11-17 2019-08-19
5.0
None Remote Low Not required Partial None None
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
39 CVE-2003-0840 Overflow +Priv 2003-11-17 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.
40 CVE-2003-0839 Dir. Trav. 2003-11-17 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
41 CVE-2003-0838 Exec Code Bypass 2003-11-17 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
42 CVE-2003-0837 Exec Code Overflow 2003-11-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
43 CVE-2003-0836 Exec Code Overflow 2003-11-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.
44 CVE-2003-0835 Exec Code Overflow 2003-11-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.
45 CVE-2003-0833 Exec Code Overflow 2003-11-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
46 CVE-2003-0832 Dir. Trav. 2003-11-17 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
47 CVE-2003-0831 119 Exec Code Overflow 2003-11-17 2017-10-05
9.0
None Remote Low ??? Complete Complete Complete
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
48 CVE-2003-0813 DoS 2003-11-17 2019-04-30
5.1
None Remote High Not required Partial Partial Partial
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
49 CVE-2003-0809 Exec Code 2003-11-17 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
50 CVE-2003-0804 DoS 2003-11-17 2008-09-10
5.0
None Remote Low Not required None None Partial
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
Total number of vulnerabilities : 70   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.