Search Results (Refine Search)

Search Parameters:
There are 153,553 matching records.
Displaying matches 145,241 through 145,260.
Vuln ID Summary CVSS Severity
CVE-2003-0202

The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-0257

Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2003-0513

Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0514

Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0592

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0593

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0594

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0905

Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-1033

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2003-1034

The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-1035

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1036

Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1037

Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1038

The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-1039

Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1040

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2004-0107

The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2004-0108

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2004-0111

gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Published: April 15, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH