Security Vulnerabilities, CVEs, Published In April 2003 CVSS score >= 8
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
Max CVSS
10.0
EPSS Score
91.78%
Published
2003-04-02
Updated
2017-07-11
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Max CVSS
10.0
EPSS Score
17.22%
Published
2003-04-02
Updated
2018-10-30
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
Max CVSS
10.0
EPSS Score
1.14%
Published
2003-04-02
Updated
2008-09-05
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
Max CVSS
10.0
EPSS Score
3.26%
Published
2003-04-02
Updated
2008-09-05
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
Max CVSS
9.8
EPSS Score
1.16%
Published
2003-04-22
Updated
2024-02-08
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
Max CVSS
10.0
EPSS Score
0.20%
Published
2003-04-22
Updated
2008-09-05
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
Max CVSS
10.0
EPSS Score
1.64%
Published
2003-04-22
Updated
2008-09-05
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
Max CVSS
10.0
EPSS Score
0.44%
Published
2003-04-22
Updated
2008-09-05
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
Max CVSS
10.0
EPSS Score
0.31%
Published
2003-04-22
Updated
2008-09-05
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
0.49%
Published
2003-04-11
Updated
2008-09-05
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
Max CVSS
10.0
EPSS Score
2.78%
Published
2003-04-11
Updated
2008-09-05
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
Max CVSS
10.0
EPSS Score
6.10%
Published
2003-04-11
Updated
2018-10-19
12 vulnerabilities found