U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 165,159 matching records.
Displaying matches 157,781 through 157,800.
Vuln ID Summary CVSS Severity
CVE-2003-0683

NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0789

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2003-0855

Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2003-0871

Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0876

Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2003-0877

Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-0878

slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2003-0880

Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-0881

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0882

Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-0883

The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-0895

Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2003-0899

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-0901

Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1142

Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2003-1145

Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2003-1182

Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2003-1184

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2003-1185

Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1190

Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM