Total
29750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1167 | 1 Gernot Stocker | 1 Kpopup | 2025-04-03 | N/A |
| misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program. | ||||
| CVE-2003-1168 | 1 Http Commander | 1 Http Commander | 2025-04-03 | N/A |
| HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message. | ||||
| CVE-2003-1196 | 1 Vienuke | 1 Vieboard | 2025-04-03 | N/A |
| SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | ||||
| CVE-2003-1189 | 1 Nokia | 1 Ipso | 2025-04-03 | N/A |
| Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors. | ||||
| CVE-2003-1190 | 1 Phprecipebook | 1 Phprecipebook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe. | ||||
| CVE-2003-1191 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded. | ||||
| CVE-2003-1194 | 1 Booby | 1 Booby | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message. | ||||
| CVE-2003-1195 | 1 Vienuke | 1 Vieboard | 2025-04-03 | N/A |
| SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable. | ||||
| CVE-2003-1197 | 1 Ledscripts.com | 1 Ledforums | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread. | ||||
| CVE-2003-1231 | 1 Ecw-shop | 1 Ecw-shop | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2003-1232 | 1 Gnu | 1 Emacs | 2025-04-03 | N/A |
| Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | ||||
| CVE-2003-1234 | 1 Freebsd | 1 Freebsd | 2025-04-03 | N/A |
| Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop. | ||||
| CVE-2003-1235 | 1 Brs | 1 Webweaver | 2025-04-03 | N/A |
| BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | ||||
| CVE-2003-1236 | 1 Tanne | 1 Tanne | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog. | ||||
| CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | N/A |
| Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | ||||
| CVE-2003-1263 | 1 Brown Bear Software | 1 Ical | 2025-04-03 | N/A |
| ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name. | ||||
| CVE-2003-1286 | 1 Sambar | 1 Sambar Server | 2025-04-03 | N/A |
| HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. | ||||
| CVE-2003-1288 | 1 Vserver | 1 Linux-vserver | 2025-04-03 | N/A |
| Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions. | ||||
| CVE-2003-1289 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-03 | N/A |
| The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory. | ||||
| CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | ||||