Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-06-16
Updated
2018-10-30
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.
Max CVSS
5.0
EPSS Score
0.60%
Published
2003-06-09
Updated
2016-10-18
Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.
Max CVSS
4.3
EPSS Score
0.53%
Published
2003-06-09
Updated
2008-09-05
Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.
Max CVSS
7.5
EPSS Score
16.92%
Published
2003-06-09
Updated
2017-07-11
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
Max CVSS
7.5
EPSS Score
0.20%
Published
2003-06-09
Updated
2008-09-05
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.
Max CVSS
7.5
EPSS Score
0.62%
Published
2003-06-09
Updated
2008-09-05
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject.
Max CVSS
7.5
EPSS Score
0.95%
Published
2003-06-09
Updated
2008-09-05
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.
Max CVSS
5.0
EPSS Score
0.46%
Published
2003-06-09
Updated
2008-09-05
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.
Max CVSS
7.5
EPSS Score
3.75%
Published
2003-06-09
Updated
2008-09-05
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
Max CVSS
5.0
EPSS Score
0.36%
Published
2003-06-09
Updated
2008-09-05
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
Max CVSS
7.5
EPSS Score
0.29%
Published
2003-06-09
Updated
2017-10-10
Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability.
Max CVSS
5.0
EPSS Score
4.91%
Published
2003-06-09
Updated
2021-07-23
Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.
Max CVSS
7.5
EPSS Score
0.82%
Published
2003-06-16
Updated
2017-07-11
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-06-09
Updated
2017-10-11
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
Max CVSS
5.0
EPSS Score
0.70%
Published
2003-06-09
Updated
2021-06-06
tcpdump does not properly drop privileges to the pcap user when starting up.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-06-09
Updated
2008-09-05
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
Max CVSS
5.0
EPSS Score
6.07%
Published
2003-06-16
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script.
Max CVSS
6.8
EPSS Score
0.32%
Published
2003-06-16
Updated
2016-10-18
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
Max CVSS
6.8
EPSS Score
3.91%
Published
2003-06-09
Updated
2020-11-23
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
Max CVSS
10.0
EPSS Score
0.41%
Published
2003-06-09
Updated
2018-10-30
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
Max CVSS
5.0
EPSS Score
9.27%
Published
2003-06-09
Updated
2018-10-30
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
Max CVSS
5.0
EPSS Score
5.93%
Published
2003-06-09
Updated
2020-11-23
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
Max CVSS
5.0
EPSS Score
95.93%
Published
2003-06-09
Updated
2020-11-13
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Max CVSS
10.0
EPSS Score
2.35%
Published
2003-06-09
Updated
2017-07-11
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
Max CVSS
7.5
EPSS Score
0.48%
Published
2003-06-09
Updated
2008-09-05
129 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!