Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
Max CVSS
10.0
EPSS Score
91.78%
Published
2003-04-02
Updated
2017-07-11
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Max CVSS
10.0
EPSS Score
17.22%
Published
2003-04-02
Updated
2018-10-30
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
Max CVSS
10.0
EPSS Score
1.14%
Published
2003-04-02
Updated
2008-09-05
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
Max CVSS
10.0
EPSS Score
3.26%
Published
2003-04-02
Updated
2008-09-05
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
Max CVSS
9.8
EPSS Score
1.16%
Published
2003-04-22
Updated
2024-02-08
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
Max CVSS
10.0
EPSS Score
0.20%
Published
2003-04-22
Updated
2008-09-05
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
Max CVSS
10.0
EPSS Score
1.64%
Published
2003-04-22
Updated
2008-09-05
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
Max CVSS
10.0
EPSS Score
0.44%
Published
2003-04-22
Updated
2008-09-05
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
Max CVSS
10.0
EPSS Score
0.31%
Published
2003-04-22
Updated
2008-09-05
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
0.49%
Published
2003-04-11
Updated
2008-09-05
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
Max CVSS
10.0
EPSS Score
2.78%
Published
2003-04-11
Updated
2008-09-05
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
Max CVSS
10.0
EPSS Score
6.10%
Published
2003-04-11
Updated
2018-10-19
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!