Total
5231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1386 | 1 Axis | 2 2400 Video Server, 2401 Video Server | 2024-11-20 | 6.4 MEDIUM | N/A |
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. | |||||
CVE-2003-1383 | 1 Logicworks | 1 Web Erp | 2024-11-20 | 7.5 HIGH | N/A |
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | |||||
CVE-2003-1378 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-11-20 | 8.8 HIGH | N/A |
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | |||||
CVE-2003-1358 | 1 Hp | 1 Hp-ux | 2024-11-20 | 7.2 HIGH | N/A |
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program. | |||||
CVE-2003-1356 | 1 Hp | 1 Hp-ux | 2024-11-20 | 7.2 HIGH | N/A |
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. | |||||
CVE-2003-1346 | 1 D-link | 1 Dwl-900ap\+ | 2024-11-20 | 10.0 HIGH | N/A |
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | |||||
CVE-2003-1081 | 1 Sun | 2 Solaris, Sunos | 2024-11-20 | 10.0 HIGH | N/A |
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file. | |||||
CVE-2003-1026 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | 9.3 HIGH | N/A |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | |||||
CVE-2003-0857 | 1 Redhat | 1 Enterprise Linux | 2024-11-20 | 4.6 MEDIUM | N/A |
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
CVE-2003-0497 | 1 Intersystems | 1 Cache Database | 2024-11-20 | 7.2 HIGH | N/A |
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. | |||||
CVE-2003-0230 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-11-20 | 7.2 HIGH | N/A |
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | |||||
CVE-2002-2437 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-11-20 | 5.0 MEDIUM | N/A |
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | |||||
CVE-2002-2425 | 1 Sun | 1 Solaris Answerbook2 | 2024-11-20 | 10.0 HIGH | N/A |
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request. | |||||
CVE-2002-2407 | 1 Qnx | 1 Rtos | 2024-11-20 | 6.9 MEDIUM | N/A |
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed. | |||||
CVE-2002-2405 | 1 Checkpoint | 1 Firewall-1 | 2024-11-20 | 4.9 MEDIUM | N/A |
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. | |||||
CVE-2002-2401 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-11-20 | 3.6 LOW | N/A |
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. | |||||
CVE-2002-2395 | 1 Trend Micro | 1 Interscan Viruswall | 2024-11-20 | 5.0 MEDIUM | N/A |
InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. | |||||
CVE-2002-2394 | 1 Trend Micro | 1 Interscan Viruswall | 2024-11-20 | 5.0 MEDIUM | N/A |
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. | |||||
CVE-2002-2363 | 1 Hp | 1 Hp-ux | 2024-11-20 | 7.2 HIGH | N/A |
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges. | |||||
CVE-2002-2361 | 1 Yahoo | 1 Messenger | 2024-11-20 | 5.8 MEDIUM | N/A |
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. |