Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
Max CVSS
5.0
EPSS Score
8.35%
Published
2003-02-19
Updated
2020-01-21
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
Max CVSS
5.0
EPSS Score
0.12%
Published
2003-02-19
Updated
2008-09-05
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-02-19
Updated
2016-10-18
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
Max CVSS
5.0
EPSS Score
0.41%
Published
2003-02-07
Updated
2008-09-10
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
Max CVSS
5.0
EPSS Score
0.64%
Published
2003-02-19
Updated
2016-10-18
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
Max CVSS
5.0
EPSS Score
4.27%
Published
2003-02-19
Updated
2016-10-18
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
Max CVSS
1.2
EPSS Score
0.04%
Published
2003-02-19
Updated
2008-09-10
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
Max CVSS
6.8
EPSS Score
1.37%
Published
2003-02-07
Updated
2018-10-12
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
Max CVSS
7.5
EPSS Score
2.09%
Published
2003-02-07
Updated
2019-04-30
Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
Max CVSS
7.2
EPSS Score
0.05%
Published
2003-02-19
Updated
2018-10-12
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
Max CVSS
5.0
EPSS Score
0.31%
Published
2003-02-07
Updated
2018-10-12
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Max CVSS
7.5
EPSS Score
29.55%
Published
2003-02-07
Updated
2018-05-03
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
Max CVSS
7.5
EPSS Score
5.86%
Published
2003-02-07
Updated
2021-06-06
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
Max CVSS
5.0
EPSS Score
0.10%
Published
2003-02-07
Updated
2021-06-06
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
Max CVSS
3.6
EPSS Score
0.04%
Published
2003-02-19
Updated
2008-09-11
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-02-19
Updated
2008-09-11

CVE-2003-0027

Public exploit
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
Max CVSS
5.0
EPSS Score
52.35%
Published
2003-02-07
Updated
2018-10-30
Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-02-07
Updated
2008-09-11
Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-02-07
Updated
2018-10-19
ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".
Max CVSS
6.2
EPSS Score
0.04%
Published
2003-02-07
Updated
2018-10-19
Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
5.05%
Published
2003-02-07
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
Max CVSS
4.3
EPSS Score
0.39%
Published
2003-02-07
Updated
2017-07-11
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
Max CVSS
5.0
EPSS Score
4.43%
Published
2003-02-07
Updated
2017-10-10
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
Max CVSS
7.5
EPSS Score
0.26%
Published
2003-02-19
Updated
2017-10-10
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
Max CVSS
10.0
EPSS Score
0.85%
Published
2003-02-19
Updated
2024-02-02
48 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!