Security Vulnerabilities, CVEs, Published In 2003 (Overflow) CVSS score >= 8

Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.

Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.

Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.

Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.

Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.

Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.

Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.

Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.

Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.

Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.

Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.

Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.

Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.

Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.

Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.