CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2003(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1558 119 DoS Exec Code Overflow 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.
2 CVE-2003-1557 119 Exec Code Overflow 2003-12-31 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
3 CVE-2003-1552 264 Exec Code 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
4 CVE-2003-1538 20 Exec Code 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.
5 CVE-2003-1533 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
6 CVE-2003-1532 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
7 CVE-2003-1530 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
8 CVE-2003-1523 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
9 CVE-2003-1520 89 Exec Code Sql 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
10 CVE-2003-1504 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
11 CVE-2003-1503 119 Exec Code Overflow 2003-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
12 CVE-2003-1500 94 Exec Code File Inclusion 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.
13 CVE-2003-1487 20 Exec Code 2003-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
14 CVE-2003-1474 264 Exec Code 2003-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
15 CVE-2003-1473 119 Exec Code Overflow 2003-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable.
16 CVE-2003-1472 119 DoS Exec Code Overflow 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.
17 CVE-2003-1470 119 DoS Exec Code Overflow 2003-12-31 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
18 CVE-2003-1461 119 Exec Code Overflow 2003-12-31 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
19 CVE-2003-1459 94 Exec Code File Inclusion 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
20 CVE-2003-1458 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
21 CVE-2003-1456 20 Exec Code 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
22 CVE-2003-1455 119 Exec Code Overflow 2003-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.
23 CVE-2003-1452 16 Exec Code 2003-12-31 2008-09-05
3.6
None Local Low Not required Partial Partial None
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
24 CVE-2003-1451 119 Exec Code Overflow 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
25 CVE-2003-1446 119 Exec Code Overflow 2003-12-31 2008-09-05
4.9
None Local Low Not required None Complete None
Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde).
26 CVE-2003-1445 119 DoS Exec Code Overflow 2003-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.
27 CVE-2003-1436 94 Exec Code File Inclusion 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
28 CVE-2003-1435 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
29 CVE-2003-1432 189 DoS Exec Code 2003-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
30 CVE-2003-1429 119 Exec Code Overflow 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request.
31 CVE-2003-1426 16 Exec Code 2003-12-31 2008-09-05
3.3
None Local Medium Not required Partial Partial None
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
32 CVE-2003-1425 20 Exec Code 2003-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
33 CVE-2003-1412 94 Exec Code File Inclusion 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
34 CVE-2003-1411 94 Exec Code File Inclusion 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
35 CVE-2003-1410 94 Exec Code File Inclusion 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
36 CVE-2003-1407 119 Exec Code Overflow 2003-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
37 CVE-2003-1406 94 Exec Code File Inclusion 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
38 CVE-2003-1405 20 Exec Code 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
39 CVE-2003-1402 20 Exec Code File Inclusion 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.
40 CVE-2003-1396 119 DoS Exec Code Overflow 2003-12-31 2008-09-05
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
41 CVE-2003-1395 119 DoS Exec Code Overflow 2003-12-31 2008-09-05
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
42 CVE-2003-1393 119 DoS Exec Code Overflow 2003-12-31 2008-09-05
8.5
None Remote Medium Single system Complete Complete Complete
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.
43 CVE-2003-1387 119 Exec Code Overflow 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
44 CVE-2003-1385 94 Exec Code 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
45 CVE-2003-1382 119 Exec Code Overflow 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
46 CVE-2003-1381 134 Exec Code 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
47 CVE-2003-1378 264 Exec Code 2003-12-31 2008-09-05
8.8
None Remote Medium Not required Complete Complete None
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
48 CVE-2003-1377 119 Exec Code Overflow 2003-12-31 2008-09-05
8.3
None Remote Medium Not required Partial Partial Complete
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
49 CVE-2003-1375 119 Exec Code Overflow 2003-12-31 2009-03-04
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
50 CVE-2003-1374 119 Exec Code Overflow 2003-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
Total number of vulnerabilities : 476   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.