Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
Max CVSS
6.8
EPSS Score
0.33%
Published
2003-05-11
Updated
2008-09-05
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
Max CVSS
4.6
EPSS Score
0.20%
Published
2003-05-21
Updated
2016-10-18
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-05-20
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.
Max CVSS
6.8
EPSS Score
0.43%
Published
2003-05-21
Updated
2016-10-18
Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.
Max CVSS
7.5
EPSS Score
0.19%
Published
2003-05-21
Updated
2008-09-05
Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests.
Max CVSS
7.5
EPSS Score
7.90%
Published
2003-05-22
Updated
2016-10-18
Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.
Max CVSS
5.0
EPSS Score
13.06%
Published
2003-05-21
Updated
2016-10-18
The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-05-22
Updated
2016-10-18
Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.
Max CVSS
5.0
EPSS Score
1.33%
Published
2003-05-22
Updated
2016-10-18
rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.
Max CVSS
7.5
EPSS Score
0.31%
Published
2003-05-22
Updated
2016-10-18
BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-05-10
Updated
2017-07-11
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.
Max CVSS
7.2
EPSS Score
0.10%
Published
2003-05-19
Updated
2017-07-11
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-05-15
Updated
2008-11-11
Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value.
Max CVSS
10.0
EPSS Score
1.28%
Published
2003-05-27
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.
Max CVSS
6.8
EPSS Score
0.37%
Published
2003-05-27
Updated
2016-10-18
admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.
Max CVSS
10.0
EPSS Score
0.88%
Published
2003-05-27
Updated
2016-10-18
Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.
Max CVSS
7.5
EPSS Score
3.12%
Published
2003-05-27
Updated
2016-10-18
Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-05-27
Updated
2017-07-11
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.
Max CVSS
5.0
EPSS Score
0.51%
Published
2003-05-27
Updated
2016-10-18
ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.
Max CVSS
5.0
EPSS Score
1.12%
Published
2003-05-27
Updated
2016-10-18
Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.
Max CVSS
7.5
EPSS Score
8.11%
Published
2003-05-27
Updated
2016-10-18
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
Max CVSS
6.2
EPSS Score
0.04%
Published
2003-05-27
Updated
2016-10-18

CVE-2003-0264

Public exploit
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.
Max CVSS
7.5
EPSS Score
24.22%
Published
2003-05-27
Updated
2021-02-24
Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
Max CVSS
7.5
EPSS Score
51.62%
Published
2003-05-27
Updated
2017-07-11
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-05-27
Updated
2017-07-11
80 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!