Lista CVE - 2003 / Aprile
Visualizzazione 301 - 397 di 397 CVE per Aprile 2003 (Pagina 4 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2002-0897 | 2003-04-02 | LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory. |
| CVE-2002-0898 | 2003-04-02 | Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a... |
| CVE-2002-0900 | 2003-04-02 | Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search... |
| CVE-2002-0904 | 2003-04-02 | SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument. |
| CVE-2002-0906 | 2003-04-02 | Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute... |
| CVE-2002-0911 | 2003-04-02 | Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges. |
| CVE-2002-0914 | 2003-04-02 | Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which... |
| CVE-2002-0916 | 2003-04-02 | Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings... |
| CVE-2002-0935 | 2003-04-02 | Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server... |
| CVE-2002-0938 | 2003-04-02 | Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. |
| CVE-2002-0941 | 2003-04-02 | The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application... |
| CVE-2002-0945 | 2003-04-02 | Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. |
| CVE-2002-0946 | 2003-04-02 | Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request. |
| CVE-2002-0947 | 2003-04-02 | Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long... |
| CVE-2002-0952 | 2003-04-02 | Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS)... |
| CVE-2002-0953 | 2003-04-02 | globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the... |
| CVE-2002-0958 | 2003-04-02 | Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section. |
| CVE-2002-0964 | 2003-04-02 | Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the... |
| CVE-2002-0965 | 2003-04-02 | Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter,... |
| CVE-2002-0967 | 2003-04-02 | Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL. |
| CVE-2002-0968 | 2003-04-02 | Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name. |
| CVE-2002-0981 | 2003-04-02 | Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. |
| CVE-2002-0984 | 2003-04-02 | The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic... |
| CVE-2002-0987 | 2003-04-02 | X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. |
| CVE-2002-0988 | 2003-04-02 | Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities. |
| CVE-2002-0989 | 2003-04-02 | The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. |
| CVE-2002-0995 | 2003-04-02 | login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers... |
| CVE-2002-1000 | 2003-04-02 | Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. |
| CVE-2002-1002 | 2003-04-02 | Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. |
| CVE-2002-1004 | 2003-04-02 | Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a... |
| CVE-2002-1006 | 2003-04-02 | Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. |
| CVE-2002-1013 | 2003-04-02 | Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path... |
| CVE-2002-1014 | 2003-04-02 | Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long... |
| CVE-2002-1015 | 2003-04-02 | RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file... |
| CVE-2002-1024 | 2003-04-02 | Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH... |
| CVE-2002-1025 | 2003-04-02 | JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP... |
| CVE-2002-1030 | 2003-04-02 | Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of... |
| CVE-2002-1031 | 2003-04-02 | KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character. |
| CVE-2002-1035 | 2003-04-02 | Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number. |
| CVE-2002-1039 | 2003-04-02 | Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature. |
| CVE-2002-1046 | 2003-04-02 | Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP... |
| CVE-2002-1049 | 2003-04-02 | Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element. |
| CVE-2002-1050 | 2003-04-02 | Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data. |
| CVE-2002-1051 | 2003-04-02 | Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument. |
| CVE-2002-1053 | 2003-04-02 | Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed... |
| CVE-2002-1054 | 2003-04-02 | Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command." |
| CVE-2002-1057 | 2003-04-02 | Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command. |
| CVE-2002-1059 | 2003-04-02 | Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version... |
| CVE-2002-1060 | 2003-04-02 | Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script... |
| CVE-2002-1076 | 2003-04-02 | Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. |
| CVE-2002-1079 | 2003-04-02 | Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. |
| CVE-2002-1081 | 2003-04-02 | The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a... |
| CVE-2002-1088 | 2003-04-02 | Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command. |
| CVE-2002-0367 | 2003-04-02 | smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by... |
| CVE-2002-1143 | 2003-04-03 | Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in... |
| CVE-2003-0132 | 2003-04-03 | A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate... |
| CVE-2003-0134 | 2003-04-03 | Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. |
| CVE-2003-0135 | 2003-04-03 | vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as... |
| CVE-2003-0197 | 2003-04-08 | Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK). |
| CVE-2003-0203 | 2003-04-08 | Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner. |
| CVE-2003-0110 | 2003-04-15 | The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of... |
| CVE-2003-0111 | 2003-04-15 | The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary... |
| CVE-2003-0133 | 2003-04-15 | GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. |
| CVE-2003-0136 | 2003-04-15 | psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file. |
| CVE-2003-0163 | 2003-04-15 | decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a... |
| CVE-2003-0171 | 2003-04-15 | DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point... |
| CVE-2003-0173 | 2003-04-15 | xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges. |
| CVE-2003-0196 | 2003-04-15 | Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different... |
| CVE-2003-0198 | 2003-04-15 | Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files. |
| CVE-2003-0201 | 2003-04-15 | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. |
| CVE-2003-0204 | 2003-04-15 | KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments... |
| CVE-2003-0208 | 2003-04-15 | Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. |
| CVE-2003-0207 | 2003-04-15 | ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. |
| CVE-2003-0209 | 2003-04-16 | Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a... |
| CVE-2003-0211 | 2003-04-16 | Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. |
| CVE-2002-1562 | 2003-04-26 | Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header. |
| CVE-2002-1563 | 2003-04-26 | stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. |
| CVE-2003-0112 | 2003-04-26 | Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. |
| CVE-2003-0113 | 2003-04-26 | Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and... |
| CVE-2003-0114 | 2003-04-26 | The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script... |
| CVE-2003-0116 | 2003-04-26 | Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local... |
| CVE-2003-0205 | 2003-04-26 | gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI. |
| CVE-2003-0206 | 2003-04-26 | gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. |
| CVE-2003-0210 | 2003-04-26 | Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long... |
| CVE-2003-0212 | 2003-04-26 | handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial... |
| CVE-2003-0213 | 2003-04-26 | ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to... |
| CVE-2003-0215 | 2003-04-26 | SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields. |
| CVE-2003-0216 | 2003-04-26 | Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. |
| CVE-2003-0214 | 2003-04-26 | run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| CVE-2003-0084 | 2003-04-29 | mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell... |
| CVE-2003-0174 | 2003-04-29 | The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to... |
| CVE-2003-0218 | 2003-04-29 | Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. |
| CVE-2003-0219 | 2003-04-29 | Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server. |
| CVE-2003-0220 | 2003-04-29 | Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. |
| CVE-2003-0221 | 2003-04-29 | The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack. |
| CVE-2003-0222 | 2003-04-30 | Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a... |
| CVE-2003-0190 | 2003-05-02 | OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a... |
| CVE-2003-0115 | 2003-05-02 | Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka... |
| CVE-2003-0117 | 2003-05-02 | Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. |
| CVE-2003-0118 | 2003-05-02 | SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to... |