National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,446 matching records.
Displaying matches 129321 through 129340.
Vuln ID Summary CVSS Severity
CVE-2003-0192

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2003-0252

Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2003-0253

The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-0254

Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-0345

Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2003-0350

The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2003-0352

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2003-0440

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2003-0456

VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-0458

Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2003-0465

The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-0496

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2003-0515

SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2003-0516

cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2003-0517

faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2003-0518

The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2003-0519

Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-0520

Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-0521

Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 6.8 MEDIUM
CVE-2003-0522

Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.

Published: August 18, 2003; 12:00:00 AM -04:00
    V2: 10.0 HIGH