Filtered by vendor Microsoft Subscriptions
Filtered by product All Windows Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2003-1423 4 Linux, Microsoft, Petitforum and 1 more 4 Linux Kernel, All Windows, Petitforum and 1 more 2024-08-08 N/A
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVE-2003-1456 4 Linux, Microsoft, Mike Bobbitt and 1 more 4 Linux Kernel, All Windows, Album.pl and 1 more 2024-08-08 N/A
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
CVE-2003-1472 2 3d-ftp, Microsoft 2 3d-ftp, All Windows 2024-08-08 N/A
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.
CVE-2003-1392 2 Microsoft, Research Triangle Software 2 All Windows, Cryptobuddy 2024-08-08 N/A
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
CVE-2003-1477 2 Clearswift, Microsoft 2 Mailsweeper For Smtp, All Windows 2024-08-08 N/A
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."
CVE-2003-1430 3 Epic Games, Linux, Microsoft 3 Unreal Engine, Linux Kernel, All Windows 2024-08-08 N/A
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
CVE-2003-1454 4 Invision Power Services, Linux, Microsoft and 1 more 4 Invision Board, Linux Kernel, All Windows and 1 more 2024-08-08 N/A
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
CVE-2003-1467 4 Linux, Microsoft, Phorum and 1 more 4 Linux Kernel, All Windows, Phorum and 1 more 2024-08-08 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2003-1463 2 Alt-n, Microsoft 2 Webadmin, All Windows 2024-08-08 N/A
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
CVE-2003-1372 4 Linux, Microsoft, Myphpnuke and 1 more 4 Linux Kernel, All Windows, Myphpnuke and 1 more 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
CVE-2003-1330 2 Clearswift Limited, Microsoft 2 Mailsweeper, All Windows 2024-08-08 N/A
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
CVE-2007-3956 2 Microsoft, Teamspeak 2 All Windows, Web Server 2024-08-07 N/A
TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.
CVE-2007-3615 2 Microsoft, Sap 3 All Windows, Internet Communication Manager, Sap Web Application Server 2024-08-07 N/A
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
CVE-2007-3334 3 Ca, Ingres, Microsoft 3 Etrust Secure Content Manager, Database Server, All Windows 2024-08-07 N/A
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-3341 1 Microsoft 2 All Windows, Internet Explorer 2024-08-07 N/A
Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.
CVE-2007-2927 2 Atheros, Microsoft 2 Wireless Adapter Drivers, All Windows 2024-08-07 N/A
Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame.
CVE-2007-2896 2 Microsoft, Symantec 2 All Windows, Enterprise Security Manager 2024-08-07 N/A
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
CVE-2007-2414 2 Microsoft, Myserver 2 All Windows, Myserver 2024-08-07 N/A
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2007-2388 2 Apple, Microsoft 3 Mac Os X, Quicktime, All Windows 2024-08-07 N/A
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
CVE-2007-2389 2 Apple, Microsoft 3 Mac Os X, Quicktime, All Windows 2024-08-07 N/A
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.