CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2003-1364 20 DoS 2003-12-31 2017-07-29
8.5
None Remote Low Not required None Partial Complete
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
202 CVE-2003-1363 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
203 CVE-2003-1362 16 2003-12-31 2017-07-29
7.8
None Remote Low Not required Complete None None
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
204 CVE-2003-1361 +Priv 2003-12-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
205 CVE-2003-1360 119 Exec Code Overflow 2003-12-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
206 CVE-2003-1359 119 Overflow +Priv 2003-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
207 CVE-2003-1358 264 +Priv 2003-12-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.
208 CVE-2003-1357 16 2003-12-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
209 CVE-2003-1356 264 DoS 2003-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.
210 CVE-2003-1355 119 DoS Exec Code Overflow 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password.
211 CVE-2003-1354 119 Overflow 2003-12-31 2017-07-29
5.0
None Remote Low Not required None None Partial
Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.
212 CVE-2003-1353 79 XSS 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field.
213 CVE-2003-1352 16 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing.
214 CVE-2003-1351 22 Dir. Trav. 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
215 CVE-2003-1350 20 2003-12-31 2017-07-29
4.3
None Remote Medium Not required Partial None None
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
216 CVE-2003-1349 22 Dir. Trav. 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
217 CVE-2003-1348 79 XSS 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.
218 CVE-2003-1347 79 XSS 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
219 CVE-2003-1346 264 2003-12-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
220 CVE-2003-1345 22 Dir. Trav. 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.
221 CVE-2003-1344 310 +Info 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files.
222 CVE-2003-1343 287 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".
223 CVE-2003-1342 399 DoS 2003-12-31 2020-11-23
5.0
None Remote Low Not required None None Partial
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe.
224 CVE-2003-1341 16 Bypass 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
225 CVE-2003-1340 89 Exec Code Sql 2003-12-31 2018-10-19
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
226 CVE-2003-1339 119 DoS Exec Code Overflow 2003-12-31 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.
227 CVE-2003-1338 Http R.Spl. 2003-12-31 2010-06-23
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.
228 CVE-2003-1337 119 Exec Code Overflow 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
229 CVE-2003-1336 119 Exec Code Overflow 2003-12-31 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
230 CVE-2003-1335 22 Dir. Trav. 2003-12-31 2010-06-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
231 CVE-2003-1334 79 XSS 2003-12-31 2010-06-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
232 CVE-2003-1333 2003-12-31 2010-06-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
233 CVE-2003-1332 Exec Code Overflow 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
234 CVE-2003-1331 Exec Code Overflow 2003-12-31 2019-10-07
4.0
None Remote High Not required None Partial Partial
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
235 CVE-2003-1330 Bypass 2003-12-31 2017-07-29
5.0
None Remote Low Not required None Partial None
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
236 CVE-2003-1329 DoS 2003-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
237 CVE-2003-1327 Exec Code Overflow 2003-12-31 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
238 CVE-2003-1325 1 DoS 2003-12-31 2008-09-05
5.2
None Local Network Medium ??? None None Complete
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.
239 CVE-2003-1324 2003-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group.
240 CVE-2003-1323 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
241 CVE-2003-1322 Exec Code Overflow 2003-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
242 CVE-2003-1321 DoS Exec Code Overflow 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
243 CVE-2003-1320 399 DoS Exec Code 2003-12-31 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.
244 CVE-2003-1319 Exec Code Overflow 2003-12-31 2017-07-29
7.6
None Remote High Not required Complete Complete Complete
Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.
245 CVE-2003-1318 DoS 2003-12-31 2016-10-18
7.8
None Remote Low Not required None None Complete
Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.
246 CVE-2003-1317 XSS 2003-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
247 CVE-2003-1316 +Info 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
248 CVE-2003-1315 Exec Code Sql 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.
249 CVE-2003-1314 Exec Code File Inclusion 2003-12-31 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.
250 CVE-2003-1313 Exec Code File Inclusion 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php.
Total number of vulnerabilities : 507   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.