Total
274673 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2003-0639 | 1 Novell | 1 Ichain | 2024-11-20 | N/A |
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication. | ||||
CVE-2003-0638 | 1 Novell | 1 Ichain | 2024-11-20 | N/A |
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login." | ||||
CVE-2003-0637 | 1 Novell | 1 Ichain | 2024-11-20 | N/A |
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing. | ||||
CVE-2003-0636 | 1 Novell | 1 Ichain | 2024-11-20 | N/A |
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. | ||||
CVE-2003-0635 | 1 Novell | 1 Ichain | 2024-11-20 | N/A |
Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM. | ||||
CVE-2003-0634 | 1 Oracle | 2 Oracle8i, Oracle9i | 2024-11-20 | N/A |
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | ||||
CVE-2003-0633 | 1 Oracle | 2 Applications, E-business Suite | 2024-11-20 | N/A |
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. | ||||
CVE-2003-0632 | 1 Oracle | 2 Applications, E-business Suite | 2024-11-20 | N/A |
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | ||||
CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2024-11-20 | N/A |
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | ||||
CVE-2003-0630 | 1 Atari800 | 1 Atari800 | 2024-11-20 | N/A |
Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument. | ||||
CVE-2003-0629 | 1 Peoplesoft | 1 Peopletools | 2024-11-20 | N/A |
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. | ||||
CVE-2003-0628 | 1 Peoplesoft | 1 Peopletools | 2024-11-20 | N/A |
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. | ||||
CVE-2003-0627 | 1 Peoplesoft | 1 Peopletools | 2024-11-20 | N/A |
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments. | ||||
CVE-2003-0626 | 1 Peoplesoft | 1 Peopletools | 2024-11-20 | N/A |
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments. | ||||
CVE-2003-0625 | 1 Hadrons | 1 Xfstt | 2024-11-20 | 7.5 High |
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | ||||
CVE-2003-0624 | 1 Bea | 1 Weblogic Server | 2024-11-20 | N/A |
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | ||||
CVE-2003-0623 | 1 Bea | 2 Tuxedo, Weblogic Server | 2024-11-20 | N/A |
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. | ||||
CVE-2003-0622 | 1 Bea | 2 Tuxedo, Weblogic Server | 2024-11-20 | N/A |
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. | ||||
CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2024-11-20 | N/A |
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | ||||
CVE-2003-0620 | 1 Andries Brouwer | 1 Man | 2024-11-20 | N/A |
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable. |